10 Consolidated Financial Statements 09 Cross Reference of Annual Report Award 2016 Criteria 08 Corporate Social Responsibility 07 Integrated Corporate Governance 06 Corporate Governance Information: 1. Results of Enterprise Risk Assessment ERA in 2016-2015 for forward looking. 2. Loss Events: Data eventsignificant losses over the last three years. 3. Internal and External Findings 2015: internal and external significant audit findings in the previous year. 4. Bank Mandiri Corporate Plan 2020: alignment with long-term plans which are Corporate Plan 2020. 5. Concern Management and the Audit Committee of the Board of Directors, Audit Committee dan Management of Bank Mandiri. 6. Regulation and Compliance: Compliance with internal and external regulation RegulationCompliance. 7. Risk Profile Bank Mandiri and Subsidiaries 8. Work up Business Risk Control, Internal Audit of subsidiaries, and the External Auditor 9. Best Practices: Emerging topics in todays banking world according to best practices Internal Audit continues to innovate in the use of audit methodologies and tools so that the implementation of more effective and efficient audit. In 2015, the Internal Audit has set up Long Term Plan RJP Internal Audit 2015 to 2020 with the theme Creating Value Through Sustained long term Assurance to be The Best in Class IA Function with 14 strategic initiatives which will be implemented 2015-2020 Internal Audit to escort reorganization implementation in Bank Mandiri towards Corporate Plan 2020. In 2016, the internal audit has been completed five initiatives are:

1. IA Audit Rating Methodology

2016 audit rating of Internal Audit methodology to develop a more implemented expected to be more powerful in decision- making by management primarily related to the prioritization of internal control improvements. The rating structured audit approach which has been aligned with the Banks Operational Risk Management so that output can also support the implementation of a combined assurance at Bank Mandiri

2. Tools integrated IA

Since 2015 internal audit have developed the Internal Audit Tools consisting of Access Management Information Systems Audit- TR SIMA-TR via the Internet, the implementation of resource management, the data analytic software tools and dashboards. SIMA 2016, improvements TR and data analytics tools that the implementation of more effective and efficient tools to support audit activities. In addition, trainingknowledge transfer to all auditors related to the use of tools is also being conducted to ensure that all auditors can operate tools-tools in each audit assignment.

3. IA Training Plan dan IA Competency Framework

Internal Audit has had an internal auditor competency framework for each position level consisting of Independent Behavior Competency, IA Behavior Competency, General Technical Competency, Specific Technical Competency. 2016, Internal Audit has conducted assessments to all auditors and have acquired competence profile of each auditor for the next training program drawn up in accordance with the competency gap.

4. Risk, Compliance, and Audit Alliance Framework

Internal Audit in collaboration with the Group Operational Risk and Compliance Group compiled a Risk Register which is group wide. The purpose of the strategic initiative is that all units of both the Bank and its subsidiaries have the same risk language. 2016 development focus on the preparation of Integrated Risk Register Level 4, IRR database mapping with Subsidiary risk event and make the results of re-cleansing dissemination of IRR Level I to subsidiaries. 03 Company at a Glance 04 Management Discussion and Analysis on Companys Performance 05 Review of Business Support Function 01 Main Highlights 02 Management Report In addition to audit and CPR, Internal audits are also constantly monitoring plan follow-up on audit findings. The following tables follow-up status Internal Audit: Internal Findings that Monitored its Follow Up 2013 2014 2016 2015 806 329 557 7 5 415 Outstanding Done 291 Internal Audit also conducted external coaching and monitoring, along with following up monitoring in internal findings. Table of status on external auditor follow up as follows Auditor 2013 2014 2015 2016 Finished Process Finished Process Finished Process Finished Process Bank Indonesia 187 45 OJK 87 2 9 68 12 BPK 763 2 146 195 8 KAP 29 48 2 8 3 Bank compliance to the rules and regulations and a commitment to the competent authorities Internal Audit as a contribution in realizing the corporate governance practices in Bank Mandiri is to ensure banks have and comply with all applicable laws as well as the commitment by the relevant authorities. In preparing the audit plan at the end of 2015, an internal audit has been analyzing all the external conditions that require a specific activity to be carried out an audit each year. 2016, Internal Audit implement mandatory audits including audits of SKNBI, RTGS, SSSS, eMas Loan, eMas Remittance, Risk Management, Peoples Business Credit. In addition, Internal audit also make adherence to regulation as one focus of the audit in every assignment. Internal audit has ensured internal regulations based on bank activities in the scope of the audit in 2016 refers to the external conditions. Meanwhile, the internal audit concern towards the fulfillment of commitments by followed up by the competent authorities have reflected throughout recommendations for improvement on the results of external audit procedures in accordance commitments agreed upon. Internal audit has a special unit that is equipped with monitoring tools to monitor the completion of that commitment. In addition, to be more convincing in terms of implementation of recommendations of Internal Audit to check on the field when the audit assignment. Effectiveness of Internal Audit In an effort to improve the effectiveness and efficiency of the audit, the Internal Audit has implemented a Management Information System SIMA. The audit by SIMA, enabling tiered review done remotely so that the audit process can be done more quickly and surely audit quality is maintained. Attention to quality is also supported by the Quality Assurance which ensures compliance and quality audits in accordance with the standards. 10 Consolidated Financial Statements 09 Cross Reference of Annual Report Award 2016 Criteria 08 Corporate Social Responsibility 07 Integrated Corporate Governance 06 Corporate Governance Following the realization of the audit year 2014-2016: Tasks 2014 2015 2016 Target Realization Achievement Target Realization Achievement Target Realization Achievement Rutin 12 60 126 20 20 117 28 28 157 Mandatory 22 22 12 12 7 7 Tematik 157 158 110 110 49 49 Consulting 8 8 8 8 Adhoc 25 52 The use of SIMA is also one form of responsibility of Internal Audit to secure information assets from the banks risk of information leakage given the role of Internal Audit is very close to the Bank of confidential information. In addition, SIMA also be part of the competence development process for its benefits as a knowledge center for all auditors. Implementation of Anti-Fraud Strategy Bank Mandiri has implemented an AFS set out in each Policies, Standard Operating Procedures, Technical Instructions Operating and other settings. AFS Bank Mandiri Bank Indonesia Circular reference No. 1328 DPNP regarding Anti Fraud Strategy Implementation for Commercial Banks. Implementation of AFS in each Policies, Standard Operating Procedures and Technical Instructions Operating become one of the refinement of the Internal Control System Policy Bank. The formulation of the AFS is as follows:

1. Prevention Function