10 Consolidated Financial Statements 09 Cross Reference of Annual Report Award 2016 Criteria 08 Corporate Social Responsibility 07 Integrated Corporate Governance 06 Corporate Governance Following the realization of the audit year 2014-2016: Tasks 2014 2015 2016 Target Realization Achievement Target Realization Achievement Target Realization Achievement Rutin 12 60 126 20 20 117 28 28 157 Mandatory 22 22 12 12 7 7 Tematik 157 158 110 110 49 49 Consulting 8 8 8 8 Adhoc 25 52 The use of SIMA is also one form of responsibility of Internal Audit to secure information assets from the banks risk of information leakage given the role of Internal Audit is very close to the Bank of confidential information. In addition, SIMA also be part of the competence development process for its benefits as a knowledge center for all auditors. Implementation of Anti-Fraud Strategy Bank Mandiri has implemented an AFS set out in each Policies, Standard Operating Procedures, Technical Instructions Operating and other settings. AFS Bank Mandiri Bank Indonesia Circular reference No. 1328 DPNP regarding Anti Fraud Strategy Implementation for Commercial Banks. Implementation of AFS in each Policies, Standard Operating Procedures and Technical Instructions Operating become one of the refinement of the Internal Control System Policy Bank. The formulation of the AFS is as follows:

1. Prevention Function

Is the responsibility of all employees of Bank work unit and is part of the Fraud Control System in order to reduce the potential for fraud.

2. Detection Function

Is the responsibility of the entire unit, both 1 st line of defense, 2 nd and 3 rd line of defense line of defense and is part of the Fraud Control System in order to identify and locate fraud in banking operations.

3. Functions of Investigation, Reporting, Sanctions

It is the responsibility of the Directorate of Internal Audit and Fraud sections of the Control System in the handling of fraud that occurred through the investigation and the results are reported to the President Director, BOC and Bank Indonesia, including the proposed imposition of sanctions for the perpetrators of fraud.

4. Function Monitoring, Evaluation, and Follow-Up

It is the responsibility of the Directorate of Internal Audit and Control System is part of the monitoring of fraud in order to follow up the results of the investigation and evaluation of the incidence of fraud to correct weaknesses and strengthen the Internal Control System in order to prevent the reoccurrence of similar fraud in weakness. Repair programs SAF both Pillar I Prevention, Pillar II Detection, Pillar III Investigating, Reporting and Sanctions and Pillar IV Monitoring, Evaluation and Follow-up continues to anticipate potential future risks in line with business development bank. One improvement that is done is to implement the Memorandum of Procedure Delegation of Authority and sanctions. Through the implementation of the MP, the handling of cases of fraud including loss recovery process becomes faster, expand the range of event detection and follow-up monitoring of the repair fraud incident evaluation conducted by the Internal Audit Regional Business Center RBC in the region. Here is the number of internal fraud in 2016: Internal Fraud in a year Total Fraud Conducted by: BOC and BOD members Permanent Employees Contract Employee Previous Year Current Year Previous Year Current Year Previous Year Current Year Total Fraud - - 22 22 13 22 Settled - - 22 21 13 21 Internal Process - - - 1 - 1 Unprocessed - - - - - - Legally Processed - - 6 1 4 1 Legally process fraud is part of settled fraud 03 Company at a Glance 04 Management Discussion and Analysis on Companys Performance 05 Review of Business Support Function 01 Main Highlights 02 Management Report Implementation of the External Auditor Function External Auditor has audit function of the Financial Statements of the Bank, to form and express an opinion on the fairness of financial statements of the Bank and testing of internal control Internal Control Review, including re-testing of items that have been tested by the Internal Audit and observation of procedures performed by the Internal Audit. Appointment of Public Accountant Public Accounting Firm KAP Purwantono, Sungkoro and Surja determined as External Auditor who audited Consolidated Financial Statements and the Annual Report on the Implementation of the Partnership Program and Community Development for the fiscal year ended December 31, 2016 Financial Statements for FY 2016 at the Annual General Meeting dated March 21, 2016 based on the provisions of Bank Indonesia, the Financial Services Authority and other relevant provisions. The fiscal year 2016 was second audit year period for KAP Purwantono, Sungkoro Surja. Chronological process in establishing the External Auditor Financial Statements for Fiscal Year 2016 are as follows: 1 The Board of Commissioners of Bank Mandiri submit a request to the Board of Directors of the Bank to perform pitching KAP financial reports audited 2016 financial year. 2 The Board of Directors of Bank Mandiri procurement process KAP election request the Board of Commissioners of Bank Mandiri, which began with the formation stages Procurement Team up with the stage of evaluating the technical aspects and financial aspects of the proposals KAP bidder. External Auditor 3 Annual Shareholders Meeting on March 21, 2016, decided: Establish Purwantono, Sungkoro Surja as a public accounting firm to audit the Consolidated Financial Statements and the Annual Report on the Implementation of the Partnership Program and Community Development for the year will end on December 31, 2016, including giving authority to the Board of Commissioners to determine the honorarium and other requirements for KAP, as well as set KAP analogs in KAP Purwantono, Sungkoro Surja, for whatever reason cannot complete the audit of Consolidated Financial Statements and the Annual Report on the Implementation of the Partnership Program and Community Development for the year will end on December 31 2016. 4 Bank Mandiri convey the determination AGM by mail to KAP bidder on the results of the procurement process of the Consolidated Financial Services PT Bank Mandiri Persero Tbk and Subsidiaries and Financial Report of Partnership and Community Development PT Bank Mandiri Persero Tbk. the date and for the Year ended December 31, 2016. Bank Mandiri apply these principles in making the determination of Professional Ethics of External Auditors Independent Auditor, namely: 1. The responsibility of the profession; 2. The public interest public; 3. Integrity; 4. Objectivity; 5. Competence and professional prudence; 6. Confidentiality; 7. Professional Conduct; 8. The technical standards. Total Period Public Accounting Firm KAP and the Public Accountant AP The following chronological assignment of KAP and the AP have audited financial statements of Bank Mandiri 2010-2016 fiscal year as follows: Fiscal Year Name of KAP KAP Period Name of AP AP Period 2016 Purwantono, Sungkoro Surja EY 2 Danil Setiadi Handaja, CPA 2 2015 Purwantono, Sungkoro Surja EY Danil Setiadi Handaja, CPA 2014 Tanudiredja, Wibisana Rekan PwC 5 Drs. Haryanto Sahari, CPA 2 2013 Tanudiredja, Wibisana Rekan PwC Drs. Haryanto Sahari, CPA 2012 Tanudiredja, Wibisana Rekan PwC Lucy Luciana Suhenda, SE, AK,CPA 1 2011 Tanudiredja, Wibisana Rekan PwC Drs. Haryanto Sahari, CPA 2 2010 Tanudiredja, Wibisana Rekan PwC Drs. Haryanto Sahari, CPA Review Result Opinion of review on Financial Report Audited for years of 2010-2016 are as follows: 10 Consolidated Financial Statements 09 Cross Reference of Annual Report Award 2016 Criteria 08 Corporate Social Responsibility 07 Integrated Corporate Governance 06 Corporate Governance Year Financial Report Opinion 2016 Unqualified consolidated Financial Report, comply with Indonesia Financial Accounting Standard 2015 Unqualified consolidated Financial Report, comply with Indonesia Financial Accounting Standard 2014 Unqualified consolidated Financial Report, comply with Indonesia Financial Accounting Standard 2013 Unqualified consolidated Financial Report, comply with Indonesia Financial Accounting Standard 2012 Unqualified consolidated Financial Report, comply with Indonesia Financial Accounting Standard 2011 Unqualified consolidated Financial Report, comply with Indonesia Financial Accounting Standard 2010 Unqualified consolidated Financial Report, comply with Indonesia Financial Accounting Standard Compensation of Audit Service Compensation on audit services for year of 2016 was Rp7,850 million, comprises of audit services fee amounted Rp6,096 million and other attestation service fee amounted Rp1,754 million. Following chart is reference for audit fee services for fiscal year 2010 to 2016: Year Audit Service Fee in million rupiah 2016 7,850 2015 7,330 2014 8,300 2013 9,975 2012 9,500 2011 11,800 2010 11,495 Charges included OPE VAT and included other attestation services. Other Provided Attestation Services Other attestation services provided by the KAP External Auditor is a top audit services Compliance with Laws and Regulations and Application Procedures Agreed Agreed Upon Procedures on the reporting system of PT Bank Mandiri Persero Tbk to Bank Indonesia, Depository Services, Security Systems Recording scripless securities S4, Bank Performance Evaluation and Performance Evaluation Partnership Program and Community Development. Effectiveness on implementation of external audit and the Bank compliancy to the regulation To meet the principles of Good Corporate Governance and the rules and legislation applicable, the necessary result of financial statement audit performed by an independent party, the Public Accounting Firm, the audit report was further submitted to Financial Services Authority. Basic implementation of the transparency of the financial statements are based on the provisions of Bank Indonesia and the Financial Services Authority are as follows: 1. POJK No. 55POJK.03 2016 on Good Corporate Commercial Banks Implementation. 2. POJK No. 6POJK.032015 on Transparency and Publication Bank Reports. 3. POJK No. 32POJK.032016 on Amendments to POJK No. 6 POJK.032015 on Transparency and Publication Bank Reports. Relationship Between Bank, Public Accountant and Regulator In performing audit, aside from complying with prevailing rules and regulations, Bank Mandiri constantly improves communication with Public Accountant Firm KAP. Accounting Unit is responsible for coordinating KAP activities with Internal Audit. Moreover, the Audit Committee along with Internal Audit always watch over the audit process performed by KAP. The chosen KAP will communicate the plan of audit implementation on Bank Mandiri Financial Report to Audit Committee and propose the audit plan coupled with audit methodology and sample audit which will be used to Internal Audit. During implementation, discussion on audit progress and audit findings as well as other important issues are discussed periodically by both parties including audit findings related to internal control. Periodically, Audit Committee has monitored KAP performance through Audit Committee meetings in which Internal Audit and related Board of Directors participated. At the meeting, follow up on audit findings by KAP are also discussed. Through such coordination, it is expected to achieve comprehensive and optimal audit result. 03 Company at a Glance 04 Management Discussion and Analysis on Companys Performance 05 Review of Business Support Function 01 Main Highlights 02 Management Report The principle of the Banks risk management is to proactively support the Bank in achieving healthy and sustainable growth as well as maintaining the level of risk- adjusted return that is optimized in accordance with the desired risk appetite. Risk Management Risk management is the Banks mission is to create and implement a comprehensive approach to identify, quantify, prioritize, manage and monitor the risks affecting the business, operations and organization, and seek business opportunities to optimize the risk-adjusted return and shareholder value. Bank Mandiri formulate policies, processes, competence, accountability, reporting and technology in order to support the implementation of risk management is effective and efficient. Implementation of the Banks risk management refers to the FSA Regulation No. 18POJK.032016 and the FSA Circular Letter No. 34SEOJK.032016 concerning Application of Risk Management for Commercial Banks. With the development of risk management for financial institutions in Indonesia, FSA FSA has issued Regulation No. 17POJK.032014 and the FSA Circular Letter No. 14SEOJK.032015 on Integrated Risk Management Application for Financial conglomerate. Bank Mandiri approach Enterprise Risk Management ERM, which is a risk management framework in an integrated manner to maximize shareholder value, which was built by the four building blocks, namely the Organization and Human Resources, Policies Procedures, Systems Data and MethodologyModel Analytics. Bank Mandiri Risk Management System Risk management plays an important role for the Bank in risk management in order to support the Banks business activities in a sustainable manner. With good risk management, the Bank seeks to minimize potential losses that will occur. Through risk management is appropriate and effective, the Bank get the latest information about the potential risks to be faced so that it can quickly take steps to mitigate those risks. In the end, the Bank can provide added value value added for the shareholder. The application of the precautionary principle and risk management not only done within the Bank but also performed in subsidiaries. This is because the continuity of the Banks business is affected by exposure to risks arising, directly from business activities or indirectly from the business activities of subsidiaries. Framework and governance of risk management at the Bank consists of the Board of Commissioners that exercises risk oversight by the Audit Committee, Risk Monitoring Committee, Remuneration Nomination Committee, Corporate Governance Committee Integrated, as well as the Board of Directors that perform the function of risk policy through the Executive Committee related to risk management is the risk management Committee, Asset Liability Committee, Capital Subsidiaries Committee, and Integrated risk Committee. At the operational level, the Risk Management Unit together Business Unit and the Compliance Unit perform the functions of risk identification, risk assessment, risk mitigation and risk control. Bank Mandiri Risk Management Framework developed by factors internal and external factors which include but are not limited to provisions Regulator, development methodologies and best practices, Business Bank, Data risk loss data. Bank Mandiri has a policy of Enterprise Risk Management ERM, which is used as a guideline in the implementation of integrated risk management, linking strategic planning, risk appetite, business execution, risk assessment and performance evaluation. ERM implementation as well as a vehicle for the implementation of Basel II and III in Bank Mandiri gradually in accordance with the regulations of Bank Indonesia. Enterprise Risk Management ERM Bank Mandiri Through the implementation of ERM, Bank Mandiri was able to determine capital needed to cover the Banks risks, to allocate capital to all business lines and to identify the opportunity to diversified and optimized its portfolios. The application of risk management at Bank Mandiri through ERM framework uses a two-prong approach, namely risk management through capital and risk management through operational activities, which is expected to achieve hierarchical risk management in the overall management of the business. 10 Consolidated Financial Statements 09 Cross Reference of Annual Report Award 2016 Criteria 08 Corporate Social Responsibility 07 Integrated Corporate Governance 06 Corporate Governance The four principal components supporting the application of this approach are :

1. Organization and Human Resources