252 PT Telkom Indonesia Persero Tbk controls in the context of inancial reporting in accordance with Internal Control over Financial Reporting ICOFR standards. In order to support the implementation of the audit and develop awareness towards the importance of internal control for the business units, each quarter, the business unit perform Control Self Assessment CSA to the internal controls for which it is responsible. Periodically, IA evaluates the CSA results to measure their adequacy and make recommendations for improvement both for design and implementation. The next stage is to participate in the activities of internal consulting services. Internal consulting services is focused on, among others, Company operations that can be grouped into infrastructure management production equipment, products and services as well as supporting operations, including the identiication of Group Financial Reporting RiskGFRR, the preparation of business processes of subsidiaries and HR management. This internal consulting activity is more of a preventive solution to anticipate that business operations continue in the right direction and heed applicable regulations. As part of the Company with a high commitment to the success of GCG, IA has an important role in the whistleblower mechanism which is the purview of the Audit Committee and the Executive Investigative Committee EIC, where the head of IA is appointed as secretary of the EIC. The whistleblower mechanism functions to accommodate every ‘complaints’ by employees to be forwarded to the management. In turn, if the Audit Committee and EIC deem that the complaint needs to be investigated further, IA will take the role to follow-up as part of the duties of audit. The results of such activities are reported to the President Director with copies forwarded to the Audit Committee and then the results will be communicated to the audit object to be followed up and rectiied. To ensure that the object of the audit has provided a suicient response on the results of the audit and internal consultation, it is necessary to conduct further monitoring. Follow-ups on the ground are conducted by the audit object which is then monitored by the IA. In this regard, a follow-up is limited to areas of signiicant business processes with a mutually-agreed settlement time. inDepenDenCe internal aUDit Unit As set forth in the applicable capital market regulations, namely Bapepam-LK regulation No. XI.2.7, the Internal Audit is an independent unit from other work units and is directly responsible to the President Director. Telkom’s head of Internal Audit is appointed and dismissed by the President Director with the approval of the Board of Commissioners. One of the implementation of the independence of the Internal Audit Unit in Telkom is the Internal Audit Report sent to the President Director and copied to the Audit Committee Board of Commissioners. tHe appointMent proCeDUre anD naMe of tHe CHairMan of tHe internal aUDit The Internal Audit IA Unit plays a role in exercising control over the Company’s business activities. The IA is headed by a Senior Vice President of Internal Audit SVP Internal Audit, who is appointed and dismissed by the President Director with the approval of the Board of Commissioners. As of December 31, 2015, the Internal Audit SVP is held by Harry Suseno Hadisoebroto. brief profile of tHe HeaD of internal aUDit Unit Harry Suseno Hadisoebroto served as Internal Audit SVP since July 1, 2015 and was appointed by a Resolution signed by the President Director. Since 1992 has worked at Telkom and its subsidiaries and has 11 years of professional experience in various positions at management level. He previously served as Internal Audit Telkomsel VP since May 1, 2014 until June 30, 2015. He has been Internal Audit VP at Telkom from April 1, 2011 until April 30, 2014. nUMber of perSonnel of internal aUDit Unit At the end of 2015, the number of personnel in the IA unit numbered 49 people. Based education, the personnel of the Internal Audit are as follows: Education Number High School 1 2.0 D2 3 6.2 D3 1 2.0 S1 Undergraduate 30 61.2 S2 Graduate 14 28.6 Total 49 100 QUalifiCationprofeSSional CertifiCation To maintain and improve auditors who have suicient competence both in quality and quantity to be able to act in accordance with the scope of activities of IA in guarding the business development of the Company, IA continues to strive in: 1. involve the IA auditor in training, seminars and workshops of a technical nature; and 253 PT Telkom Indonesia Persero Tbk 2. engage the IA auditor in both local and international certiied sustainable learning. Currently, the number of auditors who already have national certiication is eight people with Qualiied Internal Auditor “QIA” certiicates and six people with international certiicates, one person with a Certiied Fraud Examiner “CFE” certiicate, two people with Certiied Information Systems Audit “CISA” certiicates, one person with a Certiied Risk Management Audit “CRMA” certiicate, one person with a Certiied Management Audit “CMA” certiicate, and one person a Certiied Behavior Consultant “CBC” certiicate. Currently the number of auditors who have been certiied auditor both nationally and internationally, with details as follows : Type Certiicate Amount Qualiied Internal Auditor QIA 8 Certiied Fraud Examiner CFE 1 Certiied Information System Audit CISA 2 Certiied Management Accountant CMA 2 Certiied Behavior Consultant CBC 1 ISO 27001 Lead Auditor 5 Enterprises, universities and private companies. FKSPI routinely organizes seminars and workshops to improve the competence of its members. As many as nine 9 Telkom Internal Audit personnel became members of the Institute of Internal Auditors IIA. This membership, as part of the Telkom Internal Audit, is always updated with scientiic developments in the ield of auditing and assurance. aUDit anD ConSUlting aCtivity in 2015 In accordance with the Internal Audit Annual Work Plan, in the period 2015, the IA Unit implemented 45 audit objects and consultations. During 2015, the internal audit unit actively participate its auditor in the preparation of international certiication such as Certiied Information System Audit “CISA” and Certiied Internal Auditor “CIA”. telKoM internal aUDit aCtive in profeSSional organiZationS Telkom Internal Audit is actively involved in the activities of the Communication Forum of Internal Control Unit “FKSPI” Indonesia. This forum was formed to be the vehicle for improving the quality of supervision and establish professional auditors with international standards. FKSPI members consist of State-Owned Enterprises Internal Audit Unit, Regionally-Owned Sub Unit Q-I Q-II Q-III Q-IV year 2015 Enterprise Management Audit 4 6 3 7 20 Infrastructure Operation Audit 5 4 2 2 13 Support Subsidiary Audit 5 3 2 2 12 Total IA 14 13 7 11 45 Until December 31, 2015, Internal Audit has completed 45 Auditconsultations and produced 481 recommendations, with details as follows: Sub Unit Number of Recommendations Follow-up Status Closed Open Enterprise Management Audit 140 72 68 Infrastructure Operation Audit 252 207 45 Support Subsidiary Audit 89 74 15 Total IA 481 353 128 254 PT Telkom Indonesia Persero Tbk internal aUDit training The training followed by Internal Audit in 2015 is as follows: Program Number of Participant Number of Day Sertiication Training 2 12 Operational Training 52 19 Competency Enhancement Training 42 31 eXternal aUDit In line with existing procedures and taking into consideration the independence and qualiications of independent auditors, at our AGMS on April 17, 2015 we appointed KAP Purwantono, Suherman Surja a member irm of Ernst young Global Limited a registered KAP with OJK, to perform the audit on our Consolidated Financial Statements for the iscal year ended December 31, 2015 and on the efectiveness of internal control on Financial Reporting as of December 31, 2015. The fee for the audit on the Consolidated Financial Statements for iscal year 2015 was agreed at Rp34.4 billion excluding VAT. Based on Bapepam-LK No.VIII. A. 2. on the Independence of Accountant Providing Audit Services in Capital Markets noted that the provision of services of general audit of the client’s inancial statements can only be done by a public accounting irm for as long as 6 six inancial years in a row and by an accountant no later than 3 three iscal years in a row. KAP Purwantono, Suherman Surja is a public accountant irm since 2012. In 2015, company’s public accountant irm is Purwantono, Sungkoro Surja previously Purwantono, Suherman Surja. Accountant who signed the Independent Auditors’ Report for Fiscal year 2015 was Hari Purwantono. KAP Purwantono, Sungkoro Surja was also appointed to audit the Efectiveness of Internal Control over Financial Reporting inancial year of 2015 and audit the use of funds of the Partnership and Community Development “PKBL” in iscal year 2015. Public accounting irm that has audited Financial Statement of the Company for the last 5 years, are as follows: years Public Accounting Firm Public Accountant Fee Rp million 2015 Purwantono, Sungkoro Surja Drs.Hari Purwantono 34,400 2014 Purwantono, Suherman Surja Drs.Hari Purwantono 31,500 2013 Purwantono, Suherman Surja Drs.Hari Purwantono 28,240 2012 Purwantono, Suherman Surja Drs.Hari Purwantono 26,619 2011 Tanudiredja, Wibisana Rekan Chrisna A.Wardhana, CPA 40,503 fees and Services of the external auditor The following table summarizes the fees for audit service in 2013, 2014 and 2015: For years Ended on Desember 31, 2013 2014 2015 Rp million Audit Fee 28,240 31,500 39,943 All Other Fees 340 370 400 aUDit by otHerS eXternal aUDit inStitUtionS In 2015, in addition to the audit by the Public Accounting Firm KAP, Auditors from the Audit Board of the Republic of Indonesia BPK audited Telkom’s Income and Expenses. This audit further increased the “control awareness” of Telkom’s management in the procurement process of goods and services. 255 PT Telkom Indonesia Persero Tbk riSK ManageMent iMpleMentation of riSK ManageMent Risk management is important in the communication business because it has a wide scope that requires a large investment with a high degree of competition. Implementation of the risk management system is further strengthened by the Regulation of the Minister of State- Owned Enterprises No. 1 of 2011 which requires Telkom to conduct risk management. In its implementation, risk management is done in a systematic, structured and applied in all parts of the Company. Risk management is applied to minimize all possible risks that could negatively impact on the achievement of Company targets. risk Management Development Milestone Since 2006, we have applied a risk management framework that refers to the COSO Enterprise Risk Management ERM as stipulated in Decision of the Board of Directors Number. 16 of 2006 on Corporate Risk Management Telkom Risk Management. The policy was amended by the Board of Directors’ Regulation No.PD.614.00r.00 HK.200COP-D00300002015 of September 30, 2015 on Company Risk Management Telkom Enterprise Risk Management. The implementation of risk management at Telkom in 2006 started with the establishment of the Legal Unit of Risk Management Compliance RMLC under the coordination of the Executive Vice President EVP. Furthermore, the Directorate of Compliance Risk Management CRM, under the control of the Director of the CRM, was created in 2007. With an improved level of awareness of risk management and greater business challenges in 2013, the function of risk management was formed by the Department of Compliance, Risk Management and General Affairs CRMGA, under the responsibility of the Head of CRMGA, to manage governance. Since January 28, 2015, the sub directorate of Risk Process Management belonged in the Finance Directorate. The history of Risk Management in Telkom in 2006 to 2015 has led the company to a level in which risk has been taken into consideration in making strategic decisions, in the implementation of operations, to oversee compliance as well as in safeguarding the inancial reporting process through the Internal Control Processes and Disclosure Control Procedures. Looking ahead, we continue to strive to maintain and improve the maturity of risk management implementation with some emphasis as follows: 2015 : Improved implementation of Business Continuity Management System BCMS 2016 : Improved implementation of Revenue Assurance Fraud Management System risk Management organizations at the corporate level Regulation of the Board of Directors No. 202.11r.01 HK200COP-J40000002015 dated January 28, 2015 on the TELKOM Group Office Organization, the organizational structure of Sub Directorate of Risk Process Management in the Finance Directorate are as follows: Vp Risk process Management AVp process strategy AVp process strategy AVp process strategy risk Management policy and framework Risk Management policy in Telkom refers to Regulation of the Board of Directors Number: PD.614.00r.00HK.200 COP-D00300002015 of September 30, 2015 on Company Risk Management Telkom Enterprise Risk Management which replaces the Board of Directors’ Decision No. KD.16PW000PRO-IIC2006 of February 3, 2006 on Company Risk Management Telkom Risk Management. As the transition period the Decision of the Board of Directors No.KD.16PW 000PRO-IIC2006 is still valid in the period of 6 six months from the Board of Directors Regulations No.PD.614.00r.00HK.200COP-D00300002015 apply. 256 PT Telkom Indonesia Persero Tbk purpose: 1. Ensure all risks that could interfere with the achievement of company objectives can be anticipated in advance as well as obtain new opportunities that can support the achievement of Company objectives. 2. Creating a standard framework for Company Risk Management for a more coordinated and integrated management. Scope: 1. Enterprise Risk Management implemented at all levels of the organization covers: 2. Corporation Level. 3. The unit of work at the Company Oice 4. Business Unit DivisionCenter 5. Subsidiary. The main framework used in risk management at Telkom COSO ERM Framework includes three major components: 1. Company risk management must be able to support the company’s goals from the following aspects: strategic, operational, Reporting and compliance. 2. Enterprise risk management applied at all levels of the organization within the company includes: Enterprise- level, Division, Business unit and Subsidiary. 3. The implementation of enterprise risk management consists of eight components which are: a. Developing the internal environment process b. Objective setting process c. Event identiication process d. Risk assessment process e. Risk response process f. Control activities process g. Information Communication Process h. Monitoring process However, in its implementation, Telkom also pays attention and integrates the framework with references and other relevant guidelines, among others: 1. ISO 31000 - Enterprise Risk Management as a comparison and complementary implementation. 2. ISO 27001 - Information Security Management System ISMS as a reference in the development of risk management to ensure information security in terms of Conidentiality, Integrity and Availability. 3. ISO 22301 - Business Continuity Management System BCMS as a reference in ensuring business continuityISO 20000 - Information Technology Service Management ITSM as a reference in ensuring IT services. 4. ISO 20000 - Information Technology Service Management ITSM as a reference in ensuring IT services. 5. Safety and Health Management System SMK3 based on Government Regulation No. 50 of 2012 on the application of SMK3. 6. ISO 18001 - Occupational Health and Safety Assessment System OHSAS as a reference to support the implementation SMK3. iMpleMentation of riSK ManageMent poliCy anD fraMeWorK

1. eforts to add value to the management of the company

Internal Environment Object Setting Event Identiication Risk Assessment Risk Response Control Activities Information Communication monitoring STRA TEGIC opERA TIon S REpoR TInG Compl IAnCE ENTITY -LEVEL DIVISION BUSInESS UnIT SUBSIDIAR Y In line with the basic frameworks COSO ERM Framework, risk management at Telkom is expected to provide added value in achieving the objectives of the company, especially in the aspects of: Strategic, Operation, Reporting and Compliance. 257 PT Telkom Indonesia Persero Tbk Strategic aspect: Risk management attempts to provide added value through the implementation of risk management in the company’s planning process, for example during the preparation of the Corporate Strategic Scenario CSS, as well as in the strategic decision-making process. operational aspect: • Implementation of Risk Management to protect the Company’s assets will include: • Physical Security Management for infrastructures security • IT Security Management System including Conidentiality, Integrity and Availibility • Management of Work Health and Safety Management System • Management of Business Continuity Management, Disaster Recovery Plan and Crisis Management Team • Management of Revenue Assurance and Anti Fraud Program Compliance aspect: • Risk management is strived to provide some added values through: • Management of compliance of the External Regulations and Internal Rules • Management of compliance of SOX Provisions through the design and implementation of adequate Internal Control • Reporting Aspect: • Risk management strives to provide added value to the process of setting inancial reporting disclosure controls through Disclosure Control Procedure DCP.

2. enterprise risk Management erM governance

Telkom realizes that risk management is an integral part of Good Corporate Governance GCG to ensure business continuity. Governance of risk management referring to the Company Risk Management Policy includes: • Board of Directors: In the implementation of risk management policies, acting and responsible for establishing policies related to the management risk and ensures that company risk management is efectively implemented through all the company’s management processes. • Risk Committee: Acting and responsible for setting Policies, reviews and recommendations on company risks and provide feedback or guidance for every person in charge of company risk. • Corporate Risk Management Unit: Acting and responsible for coordinating the implementation of the company’s risk management policy. • Internal Audit Unit: Internal Audit function plays acts and is responsible for providing independent opinion to the Board of Directors, Risk Committee and Risk Management unit of the company. • Head of Unit: Unit leadersSenior Leaders have the duty and responsibility to implement and supervise the whole process of company risk management in the unit he leads. • All Employees: Have the task and responsibility of effectively and efficiently implementing company risk management policy according to their roles and positions. • Subsidiary: Has the task and responsibility of implementing risk management with a framework referring to the framework used by PT. Telkom

3. the process of building and maintaining enterprise risk Management erM

In order to be able to properly run eight components in the COSO Framework process, we built and maintained Corporate Risk Management through: a. Structural aspects to build a supportive internal environment through: • Building Commitment and Tone at the Top. • Laying the foundation of risk management within the framework of GCG. • Establish a Risk Management Unit Organization. • Development of Policies, Guidelines for Risk Acceptance Criteria RAC, Guidelines for Risk Assessment Risk Control Self AssessmentRCSA and Governance. • Development of Competence in the Field of Risk Management. • Provision of adequate Tools and Systems. b. Operational aspects are focused on: • Guarding the implementation of risk assessment at the Corporate, Business Unit and Subsidiary as well as preparation of adequate mitigation plans. • Development of risk assessment methodologies for speciic functions by combining the implementation of the COSO ERM Framework with reference to standards or other guidelines • Aspects of maintenance that focuses on the process of information, communication, review and continuous improvement including: • Guarding the implementation of the review, monitoring and risk reporting system. • Coordination of the Audit Implementation Enterprise Risk Management. 258 PT Telkom Indonesia Persero Tbk

6. assessment of the efectiveness of the Implementation of Risk management

Assessing the efectiveness of risk management implementation is done through the evaluation process, including: • Through Evaluationone-on-one discussion with business units as needed. • Through Workshop-sharing implementation and development of ERM with subsidiaries as needed • Through the Implementation of Risk Management Audit program as needed • Through Evaluation with the Risk Committee, Compliance and Revenue Assurance at BoD level as needed • Through Evaluation with the Planning and Risk Evaluation Monitoring Committee PREMC as needed

7. Sharing Session and Recognition of External parties

In 2015, Telkom received a visit from external parties for an implementation of Risk Management, Internal Control, Process Management, Good Corporate Governance and Management of Insurance sharing session, among others, from: PT Semen Indonesia : January 11, 2015 PT Perkebunan Nusantara IX : February 15, 2015 Perum BULOG : March 11, 2015 Pembangkit Jawa Bali : May 19, 2015 PERTAMINA Patra Niaga : August 04, 2015 PT PLN : September 11, 2015 Other than the implementation of Risk Management in 2015, Telkom received recognition or awards from external parties, namely: No External institution Type of Award 1 PT SGS Indonesia Integrated Management System for Infrastructure management including: •ISO 9001:2008 Certiicate - Quality Management System •ISO 27001:2013 Certiicate - Information Security Management System •ISO 22301:2012 Certiicate - Business Continuity Management System • Maintain Continuity Competency Development. • Maintain consistency of communication and socialization. • Developing a mechanism for assessing the effectiveness of the implementation of Risk Management.

4. development of Risk management Competence

In 2015, we have carried out the development of risk management competencies, including: No. Type of Training Date 1 Internal Control over Financial Reporting ICFR June 2015 2 Certiied Lead Auditor ISO 22301 Business Continuity Management System September 2015 3 Hedging September 2015 4 Emergency Flood Evacuation Response Simulation October 2015 5 Internal Auditor Business Continuity Management October 2015 6 Certiied Risk Associate December 2015 Besides through Classical Training, competence development is also done through socialization as well as related Workshops on Risk Management in the Oice Division environment and its subsidiaries.

5. Tools usageInformation System

To perform the function of Risk Management, Telkom has provided the supporting infrastructure using applications tools information systems, among others: a. Generic Tools Enterprise Risk Management Online ERM Online that is used by the entire unit for management of Risk Assessment b. Speciic Tools for speciic risk management objectives, for example: • Fraud Management System FRAMES Application that is used for an early detection system of potential Customer Fraud • i-Library application which is managed by the Division Network of Broadband and is used for the management of the documentation system, namely the Integrated Management System • SMK 3 Online application managed by the Security and Safety Unit for the Health and Safety documentation management. • Security Safety Application managed by the Security Safety Unit to monitor the management of Physical Security • Telkomcare application for coordinating the Crisis Management Team