Laporan Tahunan 2016 576 Semakin Berkembang Bersama peluang Baru yang Membentang PEDOMAN AUDIT INTERNAL PIAGAM AUDIT INTERNAL Piagam Audit Internal ditetapkan berdasarkan Surat Keputusan Direksi Nomor 729SKDIR-AI2014 tanggal 20 November 2014 tentang Piagam Audit Internal Internal Audit Charter. Pelaksanaan fungsi audit internal bank yang efektif wajib memastikan pemeriksaan dan penilaian atas kecukupan dan efektivitas struktur pengendalian internal serta kualitas kinerja Bank dalam rangka menjaga dan mengamankan kegiatan usaha Bank dengan ruang lingkup tugas antara lain sebagai berikut: a. Mengkaji efisiensi dan efektivitas sistem pengendalian internal dan manajemen risiko yang berlaku melalui kegiatan audit internal berdasarkan penerapan GCG dan prinsip kehati-hatian. b. Menciptakan dan mengembangkan struktur pengendalian internal Bank serta menetapkan kebijakan dan prosedur pelaksanaan audit internal yang sesuai dengan perkembangan usaha bank. c. Mengkaji ketaatan pelaksanaan sistem pengendalian internal dan manajemen risiko yang berlaku melalui kegiatan audit internal. d. Merencanakan, melaksanakan, dan melaporkan hasil pemeriksaan kepada Direktur Utama dan Dewan Komisaris serta memantau tindak lanjut hasil audit. e. Counterpart di bidang pengawasan dengan unit organisasi internal dan eksternal. f. Pemeriksaan dan penilaian terhadap keandalan sistem pengendalian internal pada Teknologi Sistem Informasi TSI yang berjalan maupun yang sedang dikembangkan. g. Mengkaji setiap usulan atau proposal, kebijakan atau sistem dan prosedur dan memberi tanggapan atas kecukupan sistem pengendalian internal dan risiko dalam kebijakan atau sistem prosedur tersebut berdasarkan penerapan GCG dan prinsip kehati-hatian. STRUKTUR ORGANISASI DAN KETUA DIVISI AUDIT INTERNAL Struktur organisasi DAI dirancang berdasarkan analisis pada faktor-faktor strategi organisasi, teknologi yang digunakan, sumber daya manusia, strategi kedudukan, dan ukuran organisasi. DAI merupakan bagian dari struktur pengendalian internal yang memiliki tugas untuk mengevaluasi dan berperan aktif dalam peningkatan efektivitas Sistem Pengendalian Internal secara berkesinambungan berkaitan dengan pelaksanaan operasional Bank yang berpotensi menimbulkan kerugian dalam pencapaian sasaran yang telah ditetapkan oleh manajemen Bank. GUIDELINES OF INTERNAL AUDIT INTERNAL AUDIT CHARTER The Internal Audit Charter was stipulated with the Directors’ Decree No. 729SKDIR-AI2014 dated 20 November 2014 regarding Internal Audit Charter. An implementation of effective Internal Audit Function must ensure auditing and assessment on adequacy and effectiveness of internal control structure and quality of the Bank’s performance in order to maintain and secure the Bank business activities, with the scope of duties as follows: a. To assess the efficiency and effectiveness of applicable internal control and risk management system through internal audit activities based on GCG implementation and prudential principles. b. To create and develop internal audit structure and establish policies and procedures of internal audit implementation in accordance with the corporate business development. c. To assess the adherence of the implementation of applicable internal control system and risk management through internal audit activities. d. To plan, implement, and report audit findings to the President Director and Board of Commissioners, and to monitor the follow-up of audit findings. e. To act as a counterpart in the field of supervision with internal and external organizational unit. f. To conduct auditing and assessment against the reliability of the internal control system on Information System Technology IST that is currently running or being developed. g. To review any suggestions or proposals, policies or systems and procedures, and to provide feedback on the adequacy of internal control system and the risk within policies or procedure system based on GCG implementation and prudential principle. ORGANIZATIONAL STRUCTURE AND HEAD OF IINTERNAL AUDIT DIVISION The IAD organizational structure is designed based on an analysis on various factors, such as organizational strategy, currently-used technology, human resources, strategic position, and the size of organization. Internal Audit Division IAD is a part of internal control structure and carries duties to evaluate and take an active role in improving the effectiveness of Internal Control System on an ongoing basis, with regards to Bank’s operations that could potentially cause loss against target achievement set by the Bank management. UNIT AUDIT INTERNAL inTeRnal auDiT uniT annual report 2016 577 Growing Together with new expanding opportunities DEWAN KOMISARIS Board of Commissioners DIREKTUR UTAMA President Director PEMIMPIN DIVISI AUDIT INTERNAL Head of Internal Audit Division Komite Audit Audit Committee Grup audit Umum General audit Group Grup audit Teknologi informasi information Technology audit Group Grup audit anti fraud anti-fraud audit Group Grup service Development Quality assurance service Development Quality assurance Group KEDUDUKAN DIVISI AUDIT INTERNAL DALAM STRUKTUR ORGANISASI Berdasarkan Struktur Organisasi yang berlaku dan telah disahkan oleh Direksi melalui Surat Keputusan Direksi nomor 621SKDIR-PS2015 tanggal1 Juli 2015 perihal Struktur Organisasi PT Bank Pembangunan Daerah Jawa Barat dan Banten, Tbk. Divisi Audit Internal berada dalam garis komando Direktur Utama dan garis koordinasi Komite Audit. PIHAK YANG MENGANGKAT DAN MEMBERHENTIKAN KETUA DIVISI AUDIT INTERNAL Pengangkatan dan pemberhentian Pemimpin Divisi Audit Internal merupakan wewenang Direktur Utama atas persetujuan Dewan Komisaris. Selain itu, pengangkatan dan pemberhentian jabatan Pemimpin Divisi Audit Internal wajib dilaporkan kepada Otoritas Jasa Keuangan. INTERNAL AUDIT DIVISION POSITION WITHIN THE ORGANIZATIONAL STRUCTURE Based on the applicable Organizational Structure, which was approved by Directors’ Decree No. 621SKDIR-PS 2015 dated 1 July 2015 regarding Organizational Structure of PT Bank Pembangunan Daerah Jawa Barat dan Banten, Tbk. The Internal Audit Division is under the authority of the President Director, and in coordination line with Audit Committee. AUTHORIZED PARTY WHO APPOINTS AND DISMISSES THE HEAD OF INTERNAL AUDIT UNIT The authorization to appoint and dismiss the Head of Internal Audit Division lies on the President Director with the approval from the Board of Commissioners. The appointment and dismissal of the Head of Internal Audit Division shall be reported to Financial Services Authority. UNIT AUDIT INTERNAL inTeRnal auDiT uniT Laporan Tahunan 2016 578 Semakin Berkembang Bersama peluang Baru yang Membentang PROFIL PEMIMPIN DAN KOMPOSISI PERSONIL DIVISI AUDIT INTERNAL Profil dan komposisi personil Divisi Audit Internal akan diuraikan sebagai berikut. PROFIL PEMIMPIN DIVISI AUDIT INTERNAL KOMPOSISI PERSONIL DIVISI AUDIT INTERNAL Komposisi pegawai DAI disajikan sebagai berikut: Diagram Komposisi Personil DAI PROFILE OF HEAD AND PERSONNEL COMPOSITION OF INTERNAL AUDIT DIVISION Profile and personnel composition of Internal Audit Division are as follow: PROFILE OF HEAD OF INTERNAL AUDIT DIVISION COMPOSITION OF INTERNAL AUDIT DIVISION PERSONNEL Composition of IAD employees is shown as follows: Diagram of IAD Personnel UNIT AUDIT INTERNAL inTeRnal auDiT uniT Warga Negara Indonesia, usia 47 Tahun. Sejak Juni 2015, Beliau memimpin DAI sesuai dengan Surat Keputusan Direksi Nomor 532SKDIR-SDM2015. Pendidikan dan sertifikasi yang pernah ditempuhnya antara lain adalah Akuntan dari Universitas Diponegoro, Master dari Universitas Trisakti, International Advanced Certified in Compliance Financial Crime dari Manchester Business School, BSMR level 5, Qualified Internal Auditor dan Leadership Program dari Monash Business School. Sebelum bergabung dengan bank bjb, beliau mulai berkarier di Arthur Andersen CO, Vice President di Bank Mandiri dan Senior Vice President di PT Penjaminan Infrastruktur Indonesia Persero. Gegeg Mintorogo Divisi audit Internal Division of Internal audit Indonesian citizen, currently 47 years old. Since June 2015, He has led IAD based on Directors’ Decree Number 532SKDIR- SDM2015. Education and certification achieved, among others, are Accounting from Diponegoro University, Master from Trisakti University, International Advanced Certified in Compliance Financial Crime from Manchester Business School, BSMR level 5, Qualified Internal Auditor and Leadership Program from Monash Business School. Prior to joining bank bjb, He started her career at Arthur Andersen CO, then Vice President at Bank Mandiri, and Senior Vice President at PT Penjaminan Infrastruktur Indonesia Persero. annual report 2016 579 Growing Together with new expanding opportunities PERSONNEL COMPOSITION BASED ON GROUPS IAD consists of General Audit Group, IT Audit Group, Anti Fraud Group, and Service Development Quality Assurance Group. IAD personnel composition is based on IAD organizational structure and illustrated as follows: Diagram of Personnel Composition of IAD based on Group 1 9 10 1 5 4 8 8 Pemimpin divisi head of division senior manager senior manager senior officer senior officer Pemimpin grup group Leader manager manager officer officer staf staff junior staf junior staff KOMPOSISI PERSONIL BERDASARKAN GRUP DAI terdiri atas Grup Audit Umum, Grup Audit Teknologi Informasi, Grup Anti Fraud, dan Grup Service Development Quality Assurance. Komposisi personil DAI berdasarkan struktur organisasi DAI disajikan sebagai berikut: Diagram Komposisi Personil DAI Berdasarkan Grup Audit Anti Fraud Audit Umum General Audit Audit SD QA Audit TI 8 5 6 26 UNIT AUDIT INTERNAL inTeRnal auDiT uniT Laporan Tahunan 2016 580 Semakin Berkembang Bersama peluang Baru yang Membentang KOMPOSISI PERSONIL BERDASARKAN LAMA BEKERJA DAN PENDIDIKAN Komposisi pegawai audit berdasarkan lama bekerja dan pendidikan disajikan sebagai berikut. Jumlah Auditor Internal Berdasarkan Pengalaman Bekerja Lebih dari 20 Tahun More than 20 years 10 - 20 Tahun 10 - 20 years 6 - 10 Tahun 6 - 10 years 2 - 5 Tahun 2 - 5 years 1 - 2 Tahun 1 - 2 years 1 Tahun Less than 1 year jumlah Pegawai Number of employee 6 3 15 18 2 2 Tabel Jumlah Auditor Internal Berdasarkan Strata Pendidikan S1 S2 34 12 strata Pendidikan Pegawai divisi audit internal education Level of internal audit division employee SERTIFIKASI PROFESI DIVISI AUDIT INTERNAL Auditor internal merupakan profesi yang membutuhkan kemampuan yang lebih dibandingkan dengan unit kerja lainnya. Salah satu parameter yang menjadi tolak ukur kemampuan PERSONNEL COMPOSITIONS BASED ON LENGTH OF WORK AND EDUCATION Audit personnel composition based on length of work and education is illustrated as follows: Number of Internal Auditor Based on Education Level PROFFESIONAL CERTIFICATION OF INTERNAL AUDIT DIVISION Internal Auditor is a profession requiring greater competence than that of other work units. One parameter that becomes a benchmark for Auditor competence and expertise is experience UNIT AUDIT INTERNAL inTeRnal auDiT uniT annual report 2016 581 Growing Together with new expanding opportunities dan keahlian auditor adalah pengalaman perbankan baik dari segi operasional, bisnis dan supporting. Selain pengalaman perbankan, strata pendidikan dan sertifikasi juga merupakan faktor penting. Hampir semua pegawai audit telah tersertifikasi. Komposisi sertifikasi pegawai disajikan dalam tabel berikut. Tabel Komposisi sertifikasi Pegawai audit Table of composition of certification audit Personnel no jenis sertifikasi | Type of certification jumlah | Total 1 BSMr1 12 2 BSMr2 7 3 BSMr3 7 4 BSMr4 1 5 BSMr5 1 6 QIa 1 7 erMCp 1 8 CISSp 1 9 Caak 6 10 CFe 1 11 Cfra 1 12 BreVeT aB 3 Total 42 KODE ETIK AUDITOR Untuk memastikan independensi, objektivitas dan profesionalisme dalam melaksanakan fungsinya, maka Auditor Internal wajib memiliki sikap mental dan etika serta tanggung jawab profesi yang tinggi, sehingga kualitas hasil kerjanya dapat dipertanggungjawabkan dan dapat digunakan untuk membantu terwujudnya perkembangan Bank yang wajar dan sehat. Attitude Auditor Internal memegang teguh dan menjabarkan prinsip- prinsip audit dalam seluruh proses audit internal. Sikap mental yang menjadi prinsip Auditor Internal adalah suatu pernyataan sikap fundamental atau kebenaran umum maupun individual yang dijadikan oleh Auditor Internal sebagai sebuah pedoman untuk berpikir atau bertindak, meliputi namun tidak terbatas pada hal-hal sebagai berikut. a. Kejujuran, Auditor Internal mampu mengemukakan pendapat secara jujur dan bijaksana, sesuai dengan hasil temuannya. b. Integritas, Auditor Internal bersikap dan bertindak sesuai norma yang berlaku umum. c. Objektif, Auditor Internal menunjukkan obyektivitas profesional dalam mengumpulkan, mengevaluasi dan within Banking industry, both in terms of operations, business, and supporting. Aside Banking experience, level of education and certification are also critical. Almost all Audit personnels have received their certifications. The composition of certified personnel is illustrated in the following. AUDITOR CODE OF CONDUCT To ensure the independency, objectivity, and professionalism in carrying out its functions, Internal Auditor shall have a great mental attitude, ethics, and professional responsibility, so that their performance can be accounted for and can be used to help the realization of natural and healthy development. attitude Internal Auditor shall uphold and lays out the basic auditing principles in all internal audit processes. The mental attitude that are Internal Auditor principles, is a fundamental statement or a general and individual truth that serves as a guideline to think or to act, including but not limited to the following matters: Honesty, Internal Auditor should be able to express opinions in honestly and wisely, based on the findings. a. Integrity, Internal Auditor shall behave and act in accordance with generally accepted norms. b. Integrity, the Internal Auditor behaves and acts in accordance with the generally accepted norms. c. Objective, Internal Auditor shall demonstrate professional objectivity in gathering, evaluating, and communicating UNIT AUDIT INTERNAL inTeRnal auDiT uniT Laporan Tahunan 2016 582 Semakin Berkembang Bersama peluang Baru yang Membentang mengkomunikasikan informasi mengenai Auditee yang diperoleh dari pelaksanaan penugasan auditkonsultasi yang dilakukannya, serta tidak terpengaruh oleh faktor subyektivitas maupun kepentingan pribadi. d. Kerahasiaan, Auditor Internal sangat menjunjung tinggi faktor kerahasiaan, sangat menjaga nilai dan kepemilikan informasi yang diperoleh, dan hanya dapat mengungkapkan kepada pihak yang berhak terkecuali ada kewajiban yang didukung dan dilandasi aspek legalitashukum. e. Kompetensi, Auditor Internal selalu berusaha meningkatkan kemampuannya dan menerapkan pengetahuan, keahlian dan pengalaman yang diperlukan dalam melaksanakan tugasnya. f. Ketekunan, Auditor Internal memiliki ketekunan dan keuletan dalam menelusuri masalahindikasi yang dihadapi guna memperoleh bukti-bukti yang akan mendukung temuannya. g. Loyalitas, Auditor Internal menunjukkan loyalitas kepada tanggung jawab profesinya. h. Role Model Budaya Perusahaan, Auditor Internal menjadi role model implementasi budaya perusahaan melalui pemahaman, penghayatan dan penerapan butir-butir perilaku Go SPIRIT dalam setiap aktivitas profesionalnya. Ethics Auditor Internal memiliki perilaku menjunjung tinggi nilai etika yang berlaku umum, antara lain: a. Auditor Internal Bank harus jujur, objektif dan selalu menjunjung tinggi kinerja audit yang dicerminkan dari tugas dan tanggung jawabnya. b. Auditor Internal Bank memiliki loyalitas terhadap Bank, dan tidak terlibat dalam keanggotaan organisasi maupun kegiatan lain yang dilarang oleh pemerintah. c. Auditor Internal Bank mengutamakan profesionalisme, yaitu menggunakan segala pengetahuan, keahlian dan pengalaman audit internal yang dimiliki dalam setiap penugasan yang dilaksanakannya. d. Auditor Internal Bank tidak diperbolehkan ikut terlibat dalam organisasi lain yang memiliki benturan kepentingan dengan Bank atau berkedudukan pada posisi yang membatasi independensi dan obyektivitasnya. e. Auditor Internal Bank tidak diperbolehkan menerima keuntungan dari obyek yang diperiksa atau menyalahgunakan jabatannya untuk memperoleh keuntungan. f. Auditor Internal Bank harus selalu mengacu pelaksanaan tugasnya kepada standar praktik profesi auditor internal yang berlaku. g. Auditor Internal Bank wajib memanfaatkan semua tambahan pengetahuan yang diperoleh semata-mata untuk information regarding the auditees, obtained from the execution of auditingconsulting assignment, and shall not be affected by any factors of subjectivity and personal interests. d. Confidentiality, Internal Auditor upholds the confidentiality, uphold highly the value and ownership of information obtained, and can only revealed such confidentiality to entitled parties, unless there is an obligation that is supported and based on legalitylaw. e. Competency, Internal Auditor shall always seek to improve their competency and apply the knowledge, skills, and experience necessary to perform hisher duties. f. Perseverance, Internal Auditor shall have the perseverance and tenacity in tracking encountered issuesindications in order to obtain evidence that could support findings. g. Loyalty, Internal Auditor shall be loyal to hisher professional responsibility. h. Corporate Culture Role Model, Internal Auditor shall be a role model of corporate culture implementation through understanding, appreciation, and application of Go SPIRIT behavior in every professional activity. ethics Internal auditor shall have the behavior that upholds generally accepted ethical values, among others: a. A Bank Internal Auditor shall be honest, objective, and always uphold the performance audit reflected on hisher duties and responsibilities. b. A Bank Internal Auditor has a loyalty to the Bank, and shall not be involved in any organization membership or other activities that are prohibited by the government. c. A Bank Internal Auditor shall prioritize professionalism; this means that one shall use all knowledge, expertise, and experience of internal auditing in every assignment. d. A Bank Internal Auditor is not allowed to participate in organizations that have a conflict of interest with the Bank or whose line of operation could restraint hisher independency and objectivity. e. A Bank Internal Auditor is not allowed to receive the benefits from the object being examined or abuse hisher position to gain an advantage. f. A Bank Internal Auditor should always refer the execution of hisher duty to standard professional practice of applicable internal auditors. g. A Bank Internal Auditor shall utilize all additional knowledge acquired solely to improve Bank supervision. UNIT AUDIT INTERNAL inTeRnal auDiT uniT annual report 2016 583 Growing Together with new expanding opportunities meningkatkan kemampuan pengawasan Bank. h. Dalam melaporkan hasil audit, Auditor Internal Bank harus selalu mendasarkan pada bukti-bukti tertulis yang dapat diandalkan. i. Auditor Internal Bank harus selalu berusaha meningkatkan keahliannya untuk menunjang pelaksanaan tugasnya. j. Auditor Internal Bank harus selalu menjaga sikap dan tingkah laku dihadapan Auditee yang diperiksa maupun manajemen dalam rangka menjaga citra profesionalnya. PENGEMBANGAN KOMPETENSI PERSONIL DIVISI AUDIT INTERNAL Dalam pengembangan karyawan DAI, selama tahun 2016 telah dilakukan peningkatan kualitas kerja tim audit dengan melaksanakan training dan pelatihan baik internal maupun eksternal. Training dan pelatihan internal tersebut dilakukan dengan cara diskusi diantara Kepala DAI, Direksi dan para auditor terhadap Kebijakan dan Prosedur Internal Bank. Sedangkan pelatihan secara eksternal dilakukan dengan cara mengikuti pelatihan yang diselenggarakan oleh pihak eksternal. Tanggal | Date Pelatihan | Training jumlah Peserta Participant 09 Januari 2016 January 9, 2016 Seminar Transaksi Forfaiting Forfaiting transaction seminar 1 11-15 Januari 2016 January 11-15, 2016 operasional Bank Dasar Basic Banking operational 3 18-19 Januari 2016 January 18-19, 2016 pelatihan analisa pemberian Kredit Kendaraan Bermotor KKB Training on auto Loan provision analysis 1 3-4 Februari 2016 February 3-4, 2016 Human Resources Audit human resources audit 3 3-5 Februari 2016 February 3-5, 2016 Training of Trainer Tunas Integritas program pengendalian Gratifikasi Training of trainer tunas integrits of gratification control program 1 4-5 Februari 2016 February 4-5, 2016 Achievement Orientation Program achievement orientation program 3 12-14 Februari 2016 February 12-14, 2016 Character Building Career Development Program Character Building Career Development program 13 18-20 Februari 2016 February 18-20, 2016 Visionary Leadership Visionary Leadership 3 10-11 Maret 2016 March 10-11, 2016 Change Leader Change Leader 1 14-15 Maret 2016 March 14-15, 2016 pengembangan Kompetensi eksekutif executive Competence Development 4 15-17 Maret 2016 March 15-17, 2016 audit Bank perkreditan rakyat rural banks Bpr audit 3 14-24 Maret 2016 March 14-24, 2016 Manajer Lini pertama First line manager 30 21-22 Maret 2016 March 21-22, 2016 Operational Risk Stress Test operational risk Stress Test 3 21-23 Maret 2016 March 21-23, 2016 Risk Management Bagi Officer risk Management for officer 5 7-8 april 2016 april 7-8, 2016 akuntansi Bank Dasar Basic Banking accounting 5 20-21 april 2016 april 20-21, 2016 High Impact Communication high Impact Communication 2 h. In reporting findings from the audit, a Bank Internal Auditor shall always base hisher work on reliable written evidence. i. A Bank Internal Auditor shall always strive to improve his her skills to support the execution of hisher duties. j. A Bank Internal Auditor shall always keep the attitude and behavior in the presence of auditees and under-audited management in order to maintain hisher professional reputation. COMPETENCY DEVELOPMENT OF INTERNAL AUDIT DIVISION PERSONNEL In developing IAD employees, throughout 2016 there had been internal and external training and education to increase the work quality of the audit team. The training and education is conducted by having a discussion among the Head of IAD, Directors, and the auditors concerning the Bank’s Internal Policies and Procedures. Whereas, external training is done by participating training and education held by UNIT AUDIT INTERNAL inTeRnal auDiT uniT Laporan Tahunan 2016 584 Semakin Berkembang Bersama peluang Baru yang Membentang Tanggal | Date Pelatihan | Training jumlah Peserta Participant 24 april – 1 Mei 2016 april 24 – Mei 1, 2016 Character Building untuk pemimpin Grup dan Assistant Vice President Character Building for Group Leader and assistant Vice president 4 25 april 2016 april 25, 2016 Refreshment Sertifikasi Manajemen risiko refreshment of risk management certificate 7 30 april 2016 april 30, 2016 ujian Sertifikasi Manajemen risiko Level 5 risk Management certification exam level 5 1 2-4 Mei 2016 May 2-4, 2016 Treasury Audit For Banking Treasury audit For Banking 3 9-10 Mei 2016 May 9-10, 2016 Professional Secretary professional Secretary 1 18 Mei 2016 May 18, 2016 Komunikasi publik Yang efektif effective public Communication 2 23-24 Mei 2016 May 23-24, 2016 Communication Skills How To Boost Youre Confidence Communication Skills how To Boost Youre Confidence 1 23-24 Mei 2016 May 23-24, 2016 program pengembangan Kompetensi Competence Development program 1 11 Juni 2016 June 11, 2016 Sertifikasi Manajemen risiko Level 3 risk management certification Level 3 1 15-17 Juni 2016 June 15-17, 2016 Training For Trainers Training For Trainers 1 18-22 Juli 2016 July 18-22, 2016 The Victoria Indonesia Leadership Program The Victoria Indonesia Leadership program 2 17-24 Juli 2016 July 18-22, 2016 Character Building Middle Management Character Building Middle Management 8 15 agustus 2016 august 15, 2016 Refreshment Sertifikasi Manajemen risiko Memahami analisa Kredit Komersial Secara Komprehensif Mitigasi risikonya refreshment of risk management certificate, understanding commercial credit analysis comprehensively and its risk mitigation 3 27 agustus 2016 agustus 27, 2016 ujian Sertifikasi Manajemen risiko Level 2 risk Management certification exam level 2 1 29-30 agustus 2016 agustus 29-30, 2016 Trade Finance Audit Trade Finance audit 1 5-9 September 2016 September 5-9, 2016 audit Forensik Sertifikasi Certified Forensic auditor 1 5-26 September 2016 September 5-26, 2016 Certified Internal Auditor CIA Certified Internal auditor CIa 3 13-14 September 2016 September 13-14, 2016 Corporate Culture Summit Corporate Culture Summit 1 20-21 September 2016 September 20-21, 2016 pengembangan Kompetensi Bagi Manager Manager’s Competence Development 2 13-14 oktober 2016 october 13-14, 2016 I-Transform I-Transform 1 24-28 oktober 2016 october 24-28, 2016 pelatihan dan Sertifikasi Certified Information Systems Security Professional CISSP Certified Information Systems Security professional CISSp Training and Certification 1 10-11 november 2016 november 10-11, 2016 Promoting Internal Audit Roles To Enhance Protect Organization Values promoting Internal audit roles To enhance protect organization Values 1 17 november 2016 november 17, 2016 Sertifikasi Certified Information Systems Security Professional CISSP Certified Information Systems Security professional CISSp Certification 1 10 Desember 2016 December 10, 2016 ujian Sertifikasi CISa Certified Inforamtion System auditor CISa Certified Inforamtion System auditor Certification exam 1 LAPORAN SINGKAT PELAKSANAAN KEGIATAN DIVISI AUDIT INTERNAL TAHUN 2016 Pelaksanaan pemeriksaan selama Tahun 2016 telah sesuai dengan rencana pemeriksaan DAI yang meliputi berbagai aspek pemeriksaan internal secara menyeluruh dengan ringkasan kegiatan sebagai berikut: BRIEF REPORT ON ACTIVITIES OF INTERNAL AUDIT DIVISION 2016 The implementation of auditing 2016 was in accordance with IAD audit plan that included various aspects of thorough internal audits generated a summary of activities as the following: UNIT AUDIT INTERNAL inTeRnal auDiT uniT annual report 2016 585 Growing Together with new expanding opportunities 1. Melakukan audit umum dan audit TI terhadap beberapa objek audit sesuai dengan Rencana Kerja DAI. 2. Temuan hasil pemeriksaan pada umumnya berupa adanya beberapa implementasi, pengendalian intern dan fungsi supervisor yang belum optimal. Atas temuan tersebut, telah diberikan rekomendasi yang bersifat korektif dan preventif serta dimonitor tindaklanjutnya. 3. Terhadap hasil audit khusus, Divisi Audit Internal telah menyampaikan rekomendasi strategis khususnya pada peningkatan fungsi pengendalian internal dan penerapan prinsip kehatian – hatian prudential banking. 4. Secara keseluruhan hasil review yang dilakukan oleh bagian Service Development Quality Assurance terhadap proses pemeriksaan selama tahun 2016 pada umumnya telah memadai. PrOGram Kerja DiVisi aUDiT inTernal Di samping program pemeriksaan, program kerjalainnya yang menjadi bagian tidak terpisahkan dari rangkaian aktivitas Divisi Audit Internal juga telah terlaksana dengan baik diantaranya yaitu: a. Implementasi Whistleblowing System; b. Forum Group Discussion FGD Kontrol Internal Cabang KIC; c. Sosialisasi Anti Fraud kepada seluruh insan bank bjb; d. Divisi Audit Internal Improvement Program Workshop; e. Pendampingan pemeriksaan regulator eksternal. meTODe aUDiT DAI menerapkan metode audit dengan pendekatan audit berbasis risiko. Metode ini berfokus pada proses bisnis business process- focused dalam penilaian risiko dan pelaksanaan auditnya, terutama pada area-area yang sangat menentukan kesuksesan bisnis auditee. Metode audit berbasis risiko ini bertujuan untuk: a. Memberikan nilai tambah bagi operasional Bank yang dilaksanakan oleh auditee; b. Meningkatkan efektivitas pelaksanaan audit pada area-area yang berisiko rendah; c. Memberikan penilaian serta penelaahan terhadap risiko yang ada secara lebih menyeluruh dalam menjaga serta mengurangi risiko Bank; d. Menyusun dan menyampaikan temuan serta rekomendasi yang selaras dengan tujuan utama objectives Bank corporate; e. Memposisikan DAI sebagai agen perubahan bagi Bank corporate change agent. 1. IAD has conducted a general audit and IT audit on multiple objects in accordance with the IAD Work Plan. 2. Findings of audit results are generally about some applications, internal control, and the supervisory function that were not yet optimal. And accordingly, the auditees have given corrective and preventive recommendations, and these recommendation shall be monitoredfollowed-up. 3. Based on findings of special audit, IAD has submitted strategic recommendations, in particular on improvement of internal control and principle application of prudential Banking. 4. Overall, the review results conducted by the Service Development and Quality Assurance on auditing process year 2016 have been generally adequate. WOrK PrOGram Of inTernal aUDiT DiVisiOn In addition to audit programs, other work programs that has been an integral part of a series of activities within the Internal Audit Division have also been well executed. Those are, among others: a. Implementation of Whistleblowing System; b. Forum Group Discussion FGD Branch Office Internal Control BOIC; c. Anti Fraud Dissemination to all bjb employees; d. Improvement Program Workshop from Internal Audit Division; e. Coaching on external regulator audit aUDiT meTHODOlOGY IAD uses risk based audit approach as its audit methodology. This said methodology focuses on business process in assessing the risk and executing the audit process, in particular on areas that are deemed critical towards business auditees. The objectives of risk-based audit methodology are: a. To give an added value for the Corporate operations executed by the auditees; b. To increase the effectiveness of audit execution on low risk areas; c. To provide assessment and review on the current risks more comprehensively in securing and reducing the Corporate risk; d. To prepare and submit findings and recommendations which are in line with the main Corporate objective; e. To position IAD as a corporate change agent. UNIT AUDIT INTERNAL inTeRnal auDiT uniT Laporan Tahunan 2016 586 Semakin Berkembang Bersama peluang Baru yang Membentang PelaKsanaan KeGiaTan DiVisi aUDiT inTernal TaHUn 2016 Selama tahun 2016, pelaksanaan kegiatan audit yang dilakukan oleh Divisi Audit Internal telah terealisasi seluruhnya bahkan dapat melebihi target, hal tersebut karena adanya tambahan pemeriksaan Kantor Cabang dan surprise audit. Tabel realisasi Kerja audit interrnal Table of Walk implementation of internal audit jenis Pemeriksaan | Type of inspection rencana | Plan realisasi | realization audit umum | General audit Divisi | Division 5 5 Kantor Cabang | regional office 30 33 audit Teknlogi Informasi | audit of Information Technology 5 5 audit KhususFraud 3 audit Surprise 12 Selain melakukan pemeriksaan, Divisi Audit Internal memiliki tugas untuk menyampaikan laporan pokok-pokok hasil audit dan sebagai fasilitator pemeriksaan eksternal. Pada tahun 2016, Divisi Audit Internal telah menyampaikan laporan audit fraud dan laporan pokok-pokok hasil audit kepada Otoritas Jasa Keuangan setiap semester serta menjadi fasilitator pemeriksa Otoritas Jasa keuangan dan BPK-RI Audit Internal membantu Direksi dan Dewan Komisaris dalam melaksanakan tata kelola bank, antara lain dengan: 1. Melakukan evaluasi yang obyektif atas risiko dan sistem pengendalian internal yang berjalan saat ini; 2. Melakukan analisis yang sistematis atas proses bisnis dan pengendaliannya; 3. Melakukan review untuk memastikan pengamanan Aset Bank; 4. Menyampaikan informasi atas terjadinya kecurangan Fraud; 5. Memastikan pelaksanaan kepatuhan terhadap berbagai peraturan yang berlaku; 6. Melakukan review atas kinerja operasional dan finansial; 7. Merekomendasikan penggunaan sumber daya agar lebih efektif dan efisien; 8. Melakukan penelaahan terhadap pencapaian tujuan dan obyektif; 9. Memberikan masukan mengenai ketaatan terhadap Budaya Perusahaan dan Intisari Butir-Butir Perilaku Budaya Perusahaan yang berlaku. acTiViTies Of DiVisiOn Of inTernal aUDiT 2016 In 2016, the Internal Audit Division managed to meet all of its audit program and they even exceeded the target. This is due to the additional inspection on branch offices and surprise audit. In addition to performing the inspection, the IAD has the duty to submit a report on the audit findings and act as external audit facilitators. In 2016, the IAD has submitted its audit reports on fraud and findings to the Financial Services Authority; the reports were submitted half annually and IAD also acted as an auditor facilitator of Financial Services Authority and BPK-RI. The Internal Audit helped the Board of Directors and Commissioners in implementing the Bank governance, among others by: 1. Conducting objective evaluation on the current risk and internal control system; 2. Conducting a systematic analysis of business processes and control; 3. Conducting a review to ensure the security of Bank assets; 4. Delivering information on fraud; 5. Ensuring implementation of compliance with various regulations; 6. Reviewing operational and financial performance; 7. Giving recommendation on the use of resources more effectively and efficiently; 8. Conducting a review of the goal and objective achievement; 9. Providing feedback on adherence to Corporate Culture and the Cores of Applicable Corporate Behavior and Culture. UNIT AUDIT INTERNAL inTeRnal auDiT uniT annual report 2016 587 Growing Together with new expanding opportunities EFEKTIVITAS DAN CAKUPAN PELAKSANAAN AUDIT INTERNAL Ruang lingkup audit internal meliputi pengujian dan evaluasi terhadap kecukupan, efektivitas sruktur pengendalian internal yang dimiliki, penilaian kualitas kinerja, dan penilaian Performance Objective. Tujuannya adalah untuk menilai sistem pengendalian internal telah berfungsi sebagaimana mestinya sehingga tujuan Bank akan tercapai secara efisien dan ekonomis. Penilaian KecUKUPan sTrUKTUr PenGenDalian inTernal Pemeriksaan dan penilaian atas kecukupan dari struktur pengendalian internal bertujuan untuk menentukan sampai seberapa jauh sistem yang telah ditetapkan dapat diandalkan kemampuannya untuk memberikan keyakinan yang memadai bahwa tujuan dan sasaran Bank dapat dicapai secara efisien dan ekonomis. Penilaian efeKTiViTas sTrUKTUr PenGenDalian inTernal Pemeriksaan dan penilaian atas efektivitas dari struktur pengendalian internal bertujuan untuk menentukan sejauh mana struktur tersebut sudah berfungsi dengan baik. Penilaian KUaliTas Kinerja Pemeriksaan dan penilaian atas kualitas kinerja dimaksudkan untuk menentukan sejauh mana tujuan dan sasaran Bank telah tercapai. Penilaian PERFORMANCE OBJECTIVES DAI melakukan pemeriksaan dan penilaian atas efektivitas dan efisiensi pelaksanaan kegiatan operasional dengan tujuan untuk menentukan sejauh mana perencanaan, organisasi, pelaksanaan, dan monitoring kegiatan telah dilaksanakan dengan baik sehingga mendukung pencapaian tujuan dan sasaran Bank. EFFECTIVENESS AND SCOPE OF INTERNAL AUDIT IMPLEMENTATION The scope of internal audit covers the examination and evaluation on adequacy, effectiveness of the current internal control structure, assessment of quality performance, and objective performance appraisal. The aim is to assess whether the internal control system functions properly so that the Bank objectives will be achieved efficiently and economically. aDeQUacY assessmenT Of inTernal cOnTrOl sTrUcTUre Audit and assessment on the adequacy of internal control structure aims to determine to what extent the established system is believed reliable to provide reasonable assurance that the goals and objectives of the Bank can be achieved efficiently and economically. effecTiVeness assessmenT Of inTernal cOnTrOl sTrUcTUre Audit and assessment on the effectiveness of internal control structure aims to determine to what extent the said structure functions properly. assessmenT Of PerfOrmance QUaliTY The audit and assessment on performance quality aims to determine to what extent the goals and objectives of the Bank have been achieved. assessmenT Of PerfOrmance ObjecTiVes IAD conducted audit and assessment on the effectiveness and efficiency of operational activities with the objective to determine to what extent planning, organization, implementation, and monitoring activities have been carried out properly, such that the activities have supported the achievement of goals and objectives. UNIT AUDIT INTERNAL inTeRnal auDiT uniT Laporan Tahunan 2016 588 Semakin Berkembang Bersama peluang Baru yang Membentang PuBlic accounTanT AKUNTAN PUBLIK Berdasarkan Peraturan Otoritas Jasa Keuangan No. 32 POJK.032016 tentang perubahan atas No. 6POJK.032015 tentang “Transparansi dan Publikasi Laporan Bank”, audit atas Laporan Keuangan bank bjb untuk tahun buku 2016 telah dilakukan oleh akuntan publik yang independen, kompeten, profesional dan obyektif sesuai dengan Standar Profesional Akuntan Publik, serta perjanjian kerja dan ruang lingkup audit yang telah ditetapkan. Agar proses audit sesuai dengan Standar Profesional Akuntan dan perjanjian kerja serta ruang lingkup audit yang telah ditetapkan serta selesai sesuai dengan target waktu yang telah ditetapkan, maka secara rutin dilakukan pertemuan-pertemuan yang membahas beberapa permasalahan penting yang signifikan. PENERAPAN FUNGSI AUDIT EKSTERNAL Fungsi pengawasan independen terhadap aspek keuangan Bank dilakukan dengan melaksanakan Audit Eksternal yang dilakukan oleh Kantor Akuntan Publik KAP. Auditor Eksternal yang memeriksa laporan keuangan bank bjb tahun buku 2016 ditetapkan melalui RUPS Tahunan berdasarkan rekomendasi dari Dewan Komisaris dan Komite Audit. Proses pemilihannya dilakukan sesuai dengan mekanisme pengadaan barang dan jasa yang berlaku. Untuk menjamin independensi dan kualitas hasil pemeriksaan, Auditor Eksternal yang ditunjuk tidak boleh memiliki benturan kepentingan dengan Bank. Dalam penggunaan Auditor Eksternal, bank bjb mengacu pada ketentuan dari Peraturan Menteri Keuangan No. 17PMK.012008 tanggal 5 Februari 2008 pasal 3 ayat 1 yang menyebutkan bahwa pemberian jasa audit umum atas laporan keuangan dari suatu entitas dilakukan oleh KAP paling lama untuk 6 enam tahun buku berturut-turut dan oleh seorang Akuntan Publik paling lama untuk 3 tiga tahun buku berturut-turut. bank bjb selalu berupaya meningkatkan komunikasi antara Kantor Akuntan Publik, Komite Audit dan Manajemen untuk dapat meminimalisir kendala-kendala yang terjadi selama proses audit berlangsung. Agar proses audit sesuai dengan Standar Profesional Akuntan serta perjanjian kerja dan ruang lingkup audit yang telah ditetapkan dan selesai sesuai dengan target waktu yang telah ditetapkan, secara rutin dilakukan pertemuan-pertemuan yang membahas beberapa permasalahan penting yang signifikan. Based on Financial Services Authority Regulation No. 32 POJK.032016 on the amendment of No. 6POJK.032015 concerning “Transparency and Publication of Bank Report”, the audit on bank bjb Financial Statements for 2016 fiscal year has been done by a public accountant that is independent, competent, professional, and objective in accordance with the Professional Standard of Public Accountant, as well as work agreement and audit scope that has been established. In order that the audit process is in accordance with Professional Standard of Public Accountant, work agreement, audit scope that has been established, and finishes on time as per the set target of time, routine meetings are conducted to discuss some of the significant matters. IMPLEMENTATION OF EXTERNAL AUDIT FUNCTION The independent monitoring function against the Bank’s financial aspect is done by conducting External Audit performed by a Public Accountant Office KAP. The External Auditor who examines bank bjb ’s financial statements for 2016 fiscal year is determined through Annual GMS based on recommendations from the Board of Commissioners and Audit Committee. The selection process is done in accordance with the applicable procurement mechanism of goods and services. To guarantee independence and quality of the assessment result, the appointed External Auditor must not have conflict of interest with the Bank. In using External Auditor, bank bjb refers to provision from Minister of Finance Regulation No. 17PMK.012008 dated 5 February 2008 Article 3 Paragraph 1 stating that appointment of general audit services for financial statements of an entity done by a KAP is for 6 six consecutive fiscal years the most, and by a Public Accountant is 3 three consecutive fiscal years the most. bank bjb always strives to improve communication among the Public Accountant Office, Audit Committee, and Management to minimize problems that happens during the audit process so that the audit process is in accordance with Professional Standard of Accountant, work agreement, audit scope that has been established, and finishes on time as per the set target of time, thus, routine meetings are conducted to discuss some of the significant matters. annual report 2016 589 Growing Together with new expanding opportunities PENUNJUKAN AKUNTAN PUBLIK Penunjukan Kantor Akuntan Publik dan biaya audit telah sesuai dengan keputusan RUPS Tahunan dan merupakan Kantor akuntan Publik dan Akuntan Publik partner in-charge yang terdaftar di Bank Indonesia. Audit Laporan Keuangan bank bjb yang berakhir 31 Desember 2016 dilaksanakan berdasarkan SPK Nomor 0277PSS102016 tanggal 21 Oktober 2016 kepada KAP Purwantono, Sungkoro, Surja dengan biaya audit sebesar Rp. 2.145.000.000,- dua milyar seratus empat puluh lima juta rupiah sudah termasuk Pajak Pertambahan Nilai 10 dan Out-of-Pocket OPE. Penugasan audit kepada Akuntan Publik dan KAP telah memenuhi aspek-aspek: 1. Kapasitas KAP; 2. Legalitas perjanjian kerja; 3. Ruang lingkup audit; 4. Standar Profesional Akuntan Publik; dan 5. Komunikasi antara KAP dengan pihak terkait. KANTOR AKUNTAN PUBLIK, NAMA AKUNTAN DAN FEE PERIODE 5 TAHUN TERAKHIR Tabel Kantor akuntan Publik, nama akuntan, fee dan izin KaP Periode 5 Tahun Terakhir Table of Public accountant Office, accountant name, fee, and KaP license for the last 5 Years Tahun Year Kantor akuntan Publik Public accounting firm nama akuntan Partner Penanggung jawab accountant name in-charge Partner Periode Period Fee fee izin KaP KaP license 2016 Kap ernst Young Sinarta 3 Tahun 2.145.000.000 no. 603KM.12015 Tanggal 14 Juli 2015 no. 603KM.12015 dated July 14, 2015 2015 Kap ernst Young Sinarta 1.950.000.000 no. 603KM.12015 Tanggal 14 Juli 2015 no. 603KM.12015 dated July 14, 2015 2014 Kap ernst Young Sinarta 1.675.000.000 Keputusan Menteri Keuangan no. 381KM.12010 Ministry of Finance Decree no. 381KM.12010 2013 Kap ernst Young Benyanto Suherman 2 Tahun 1.675.000.000 Keputusan Menteri Keuangan no. 381KM.12010 Ministry of Finance Decree no. 381KM.12010 2012 Kap ernst Young Benyanto Suherman 1.550.000.000 Keputusan Menteri Keuangan no. 381KM.12010 Ministry of Finance Decree no. 381KM.12010 JASA LAIN YANG DIBERIKAN AKUNTAN KAP Purwantono, Sungkoro, Surja tidak memberikan jasa lain kepada bank bjb pada tahun 2016 sehingga terhindar dari kemungkinan benturan kepentingan. APPOINTMENT OF PUBLIC ACCOUNTANT Appointment of Public Accountant Office and the audit fee has been in accordance with Annual GMS Resolution and is a Public Accountant Office and Public Accountant partner in charge who is registered in Bank Indonesia. Bank bjb’s audit of financial statements for period ended on 31 December 2015 is carried out based on SPK Number 0277PSS102016 dated 21 October 2016 to KAP Purwantono, Sungkoro, Surja with audit fee of IDR2,145,000,000.00 two billion one hundred fourty-five million rupiah inclusive of Value-Added Tax 10 and Out-of-Pocket OPE. The audit assignment to the Public Accountant and KAP has meet the following aspects: 1. KAP capacity; 2. Legality of the work agreement; 3. Scope of audit; 4. Professional Standard of Public Accountant; and 5. Communication between KAP and related party. PUBLIC ACCOUNTANT OFFICE, ACCOUNTANT NAME, AND FEE FOR THE LAST 5 YEARS OTHER SERVICES PROVIDED BY THE ACCOUNTANT KAP Purwantono, Sungkoro, Surja did not give other services to bank bjb in 2016 to avoid the possibility of conflict of interest. AKUNTAN PUBLIK PuBlic accounTanT Laporan Tahunan 2016 590 Semakin Berkembang Bersama peluang Baru yang Membentang RiSK ManageMenT MANAJEMEN RISIKO Sistem manajemen risiko yang efektif merupakan salah satu komponen yang penting dalam manajemen bank dan landasan untuk menjalankan organisasi bank dengan sehat, aman dan baik. Sistem manajemen risiko akan mengarahkan aktivitas pada misi dan tujuan bank yang sudah ditetapkan, yaitu untuk mencapai target laba jangka panjang yang terus meningkat dan berkesinambungan, serta meningkatkan alokasi permodalan secara optimal yang mendukung aktivitas operasional yang sehat. Sistem manajemen risiko akan membantu manajemen dalam melakukan pemantauan terhadap ketentuan dan hukum yang berlaku, kebijakan, rencana, ketentuan serta prosedur internal. Di samping itu, sistem manajemen risiko juga dapat mengurangi risiko sistemik systemic risk yang dapat merugikan bank baik secara material maupun immaterial. Dalam mewujudkan penerapan manajemen risiko yang efektif, Perseroan menerapkan pendekatan Three Lines of Defense sebagai mekanisme pertahanan secara berlapis untuk mengelola dan menerapkan kerangka kerja manajemen risiko, yakni: Pertahanan Tingkat Pertama Risk Taking Unit berperan sebagai pertahanan tingkat pertama dan bertanggung jawab untuk mengidentifikasi, mengevaluasi, mengendalikan dan memitigasi risiko dalam aktivitas operasional. Risk Taking Unit memiliki tanggung jawab yang utama atas pengelolaan eksposur risiko dalam aktivitas sehari- hari. Pertahanan Tingkat Kedua Satuan Kerja Manajemen Risiko SKMR berperan sebagai unit kunci dalam memberikan pertahahan tingkat kedua melalui fungsi pemantauan yang independen. SKMR telah melakukan review atas kelengkapan dan keakuratan identifikasi, pengukuran, pemantauan, pengendalian dan pelaporan risiko, serta atas kecukupan skenario mitigasi yang diusulkan oleh unit kerja operasional. Pertahanan Tingkat Ketiga Fungsi Internal Audit melakukan penilaian terhadap kecukupan kebijakan, strategi dan kerangka Manajemen Risiko serta efektivitas pengendalian internal dalam rangka memberikan assurance yang independen dan objektif. Effective risk management system is one of important components in Bank Management and serves as a foundation in managing a Bank Organization in a healthy, safe, and correct manner. A risk management system will direct activities at the Bank’s defined missions and goals, namely to achieve an increasing and continuous long-term target of profit and to increase an optimal capital allocation that supports healthy operational activities. The aforesaid system will assist management in monitoring the conditions and applicable laws, policies, plans, regulations, and internal procedures. Furthermore, a risk management system can also reduce systemic risk which could harm the Bank both financially and non-financially. In realizing the implementation of effective risk management, Company’s implements Three Lines of Defense as a defense mechanism in layers to manage and implement risk management framework, namely: First Level Defense Risk Taking Unit serves as the first line of defense and is responsible for identifying, evaluating, controlling, and mitigating risk in operational activities. Risk Taking Unit has primary responsibility for managing risk exposure in daily activities. Second Level Defense Risk Management Unit SKMR serves as the key unit in providing the second level defense through independent monitoring function. SKMR has reviewed the completeness and accuracy of identification, measurement, monitoring, control, and risk reporting, as well as on the adequacy of the mitigation scenario proposed by working units. Third Level Defense Internal Audit functions to evaluate the adequacy of policies, strategies, and Risk Management framework as well as the effectiveness of internal controls in order to provide independent and objective assurance. annual report 2016 591 Growing Together with new expanding opportunities RISK MANAGEMENT ORGANIZATIONAL STRUCTURE The organizational structure describes Bank’s business activities and has established clear reporting lines and functions of the operational units to working units performing internal control function.The scope of internal control which is not included in decision-making function is the Compliance Division, Internal Audit Division, and Risk Management Division whose duties and functions do not take any decision on Bank’s business activities. Direksi dan Dewan Komisaris Directors and the Board of Commissioners; • Pengambilan keputusan risiko sesuai dengan risk appetite risk tolerance yang telah ditetapkan • Menyampaikan usulan penetapan limit risiko melalui SKMR • Melakukan identifikasi risiko pada setiap produk dan aktivitas yang disertai dengan pengendalian risiko yang memadai • Melaporkan informasi mengenai eksposur risiko kepada SKMR • Menjalankan risk self assessment dengan akurat dan tepat waktu • Menerapkan budaya sadar risiko dan keputusan berbasis risiko yang berkelanjutan • Menyusun kerangka kerja penetapan risk appetite risk tolerance • Menyusun kebijakan Manajemen Risiko, metodologi, dan tools pengukuran risiko • Melakukan pengukuran eksposur risiko dan stress testing atas portofolio atau kinerja Bank secara keseluruhan • Memantau eksposur risiko secara keseluruhan, serta toleransi risiko dan limit risiko yang ditetapkan • Menyusun dan menyampaikan, laporan profil risiko • Melakukan review dan penilaian terhadap risk appetite dan risk tolerance • Melaksanakan kaji ulang terhadap keandaan kerangka Manajemen Risiko yang mencakup kebijakan, struktur organisasi, alokasi sumber daya, desain proses Manajemen Risiko, system informasi dan pelaporan risiko Bank • Melakukan pemantauan terhadap perbaikan atas hasil temuan audit intern terkait penerapan Manajemen Risiko • Risk decision making in accordance with the specified risk appetite and risk tolerance • Delivers the proposed risk limits through SKMR • Identifies the risks in each product and activity along with adequate risk control • First Level Defense • Report information about risk exposure to SKMR • Conduct risk self-assessment accurately and timely • Apply risk awareness culture and sustainable risk-based decisions • Develop a framework for the determination of risk appetite and risk tolerance • Develop Risk Management policies, methodologies, and risk measurement tools • Second Level Defense • Measure risk exposure and stress testing on Bank’s portfolios or performance as a whole • Monitor the overall risk exposure, as well as the specified risk tolerance and risk limits • Prepare and submit risk profile report • Review and assess risk appetite and risk tolerance • Carry out review on Risk Management framework condition that includes Bank’s policies, organizational structure, resource allocation, Risk Management process design, system information, and risk reporting • Monitors the improvements to internal audit findings related to the implementation of Risk Management Risk Taking Unit Risk Taking Unit Pertahanan Tingk at Pertama First Le vel Def ense Pertahanan Tingk at K edua Sec ond Le vel Def ense Pertahanan Tingk at K etiga Third Le vel Def ense Satuan Kerja Manajemen Risiko Risk Management Work Unit Internal Audit Internal Audit Penetapan dan Pengawasan Risiko Risk Determination and Control Validasi Validation Menerima Mengelola Risiko Receives Manages Risks STRUKTUR ORGANISASI MANAJEMEN RISIKO Struktur organisasi menjelaskan kegiatan usaha Bank dan telah menetapkan jalur pelaporan dan fungsi yang jelas dari satuan kerja operasional kepada satuan kerja yang melaksanakan fungsi pengendalian intern. Ruang lingkup pengendalian internal yang tidak termasuk dalam fungsi pengambil keputusan adalah Divisi Kepatuhan, Divisi Audit internal serta Divisi Manajemen Risiko dimana tugas dan fungsinya tidak mengambil keputusan pada kegiatan usaha Bank. MANAJEMEN RISIKO RiSK ManageMenT Laporan Tahunan 2016 592 Semakin Berkembang Bersama peluang Baru yang Membentang Risk management organizational structure chart is as follows: DUTIES AND RESPONSIBILITIES OF RISK MANAGEMENT DIVISION Risk Management Division has the following duties and responsibilities: 1. Monitoring the Risk Management strategy that has been approved by the Board of Directors; 2. Monitoring risk position overall composite, by risk type, and by functional activity type and performing stress testing; 3. Reviewing periodically the Risk Management process; 4. Assessing proposed activities and or new products; 5. Evaluating model accuracy and validity for data used to measure the use of risk models for internal purposes internal model; 6. Providing recommendations to operating units risk- taking units and or to the Risk Management committee, according to the authority possessed; and 7. Preparing and submitting Risk Profile report to the President Director or assigned Director and the Risk Management Committee on a regular basis. Adapun bagan struktur organisasi manajemen risiko yaitu : DEWAN KOMISARIS Board of Commissioners DIREKSI Board of Directors UNIT BISNIS KREDIT RISIKO KREDIT Bussiness Credit Unit Credit Risk » Divisi pada Kantor Pusat, Unit Grup pada Kantor Wilayah dan Kantor Cabang - Pemantauan Risiko Operasional » Setiap Divisi di Kantor PusatUnit Grup di Kantor Wilayah dan Cabang bertanggung jawab mengelola risiko di DivisiWilayahCabang masing-masing » Divisions at the Headquarters, Unit Group at Regional Offices and Branch Offices – Operational Risk Monitoring » Each division at the HeadquarterUnit Group in the Regional Offices and Branch Offices is responsible for managing risks in each DivisionRegionBranch UNIT BISNIS TRISURI LIKUIDITAS RISIKO PASAR DAN LIKUIDITAS Treasury Bussiness Unit Market Liqudity Risk and Liqudity Unit Bisnis mengelola risiko atas kegiatan harian Business unit manages risks on daily activities DIREKTUR KEPATUHAN MANAJEMEN RISIKO Director of Compliance Risk Management KOMITE MANAJEMEN RISIKO Risk Management Committee PENGAWASAN CONTROLLING OPERASIONAL OPERATIONS DIVISI MANAJEMEN RISIKO Division of Risk Management » Melaporkan risiko yang signifikan dan rencana kontijensi » Merekomendasikan batas dan kebijakan risiko » Report significant risks and contingency plans » Recommend risk policy and limits » Memantau bataskebijakan risiko » Mempersiapkan laporan kelebihan batas risiko » Monitors risk policy limit » Prepares report on risk excess limit TUGAS DAN TANGGUNG JAWAB DIVISI MANAJEMEN RISIKO Divisi Manajemen Risiko memiliki tugas dan tanggung jawab sebagai berikut: 1. Pemantauan pelaksanaan strategi Manajemen Risiko yang telah disetujui oleh Direksi; 2. Pemantauan posisi risiko secara keseluruhan composite, per jenis risiko, dan per jenis aktivitas fungsional serta melakukan stress testing; 3. Kaji ulang secara berkala terhadap proses Manajemen Risiko; 4. Pengkajian usulan aktivitas danatau produk baru; 5. Evaluasi terhadap akurasi model dan validitas data yang digunakan untuk mengukur risiko bagi Bank yang menggunakan model untuk keperluan internal internal model; 6. Memberikan rekomendasi kepada Satuan Kerja Operasional risk-taking unit danatau kepada Komite Manajemen Risiko, sesuai kewenangan yang dimiliki; dan 7. Menyusun dan menyampaikan laporan profil risiko kepada Direktur Utama atau Direktur yang ditugaskan secara khusus dan Komite Manajemen Risiko secara berkala. MANAJEMEN RISIKO RiSK ManageMenT annual report 2016 593 Growing Together with new expanding opportunities PROFILE OF HEAD OF RISK MANAGEMENT DIVISION RISK MANAGEMENT COMPETENCE DEVELOPMENT The Company has implemented a human resources development program covering education and training for risk management officials and involves all employees according to job specification included in the Risk Management Division, in the context of risk management certification. The Company periodically conducts education and training as well as the staff and officials actively participate in seminars related to risk management. The Company also included several employees and officials in a risk management work unit to follow a master program in risk management related to banking and finance. Competency development followed by Risk Management Division members during 2016 includes. PROFIL PEMIMPIN DIVISI MANAJEMEN RISIKO Warga negara Indonesia, berdomisili di Bandung. Lahir pada 7 Juni 1967 saat ini berusia 49 tahun. Meraih gelar Sarjana di bidang Studi Pembangunan dari Universitas Padjadjaran pada tahun 1990. Menjabat sebagai Pemimpin Divisi Manajemen Risiko sejak 2016 berdasarkan Surat Keputusan Direksi No 0361SKDIR-SDM2016. Indonesian citizen, domiciled in Bandung. Born on 7 June 1967, currently 49 years old. Obtained Bachelor degree in Development Study of Padjadjaran University in 1990. Has been the Head of Risk Management Division since 2016 based on Directors’ Decree No 0361SK DIR-SDM2016 Cecep Trisna PENGEMBANGAN KOMPETENSI BIDANG MANAJEMEN RISIKO Di bidang pengembangan sumber daya manusia, Perseroan telah melaksanakan program pengembangan SDM di bidang pendidikan dan pelatihan bagi pejabat manajemen risiko dan mengikutsertakan seluruh pegawai sesuai job specification termasuk di Divisi Manajemen Risiko, dalam rangka sertifikasi manajemen risiko. Perseroan secara berkala mengadakan pendidikan dan pelatihan serta aktif mengikutsertakan staf dan pejabatnya dalam seminar yang terkait dengan manajemen risiko. Perseroan juga mengikutsertakan beberapa pegawai dan pejabat di Divisi Manajemen Risiko untuk mengikuti program magister di bidang manajemen risiko serta perbankan dan keuangan. Pengembangan kompetensi yang diikuti anggota Divisi Manajemen Risiko selama 2016, sebagai berikut. Tabel Pengembangan Kompetensi Divisi manajemen risiko Table of competency Development Of risk management Division Tanggal Pelaksanaan implementation date Pelatihan Training jumlah Peserta number of participants 09 Januari 2016 January 9, 2016 Seminar Transaksi Forfaiting Forfaiting transaction seminar 1 13-14 Januari 2016 January 13-14, 2016 Seminar Executive Roundtable Konglomerasi Jasa Keuangan Di Indonesia Seminar executive roundtable Financial Services Conglomerates in Indonesia 3 14-15 Januari 2016 January 14-15, 2016 pelatihan Communication Skills Communication Skills Training 1 17-23 Januari 2016 January 17 to 23, 2016 Character Building Character Building 2 18-19 Januari 2016 January 18-19, 2016 pelatihan analisa pemberian Kredit Kendaraan Bermotor KKB Vehicle Lending analysis Training KKB 1 25 Januari 2016 – 7 Februari 2016 January 25, 2016 - February 7, 2016 pengenalan perbankan Bagi Calon pegawai bank bjb On Boarding Program Introduction to Banking for bjb bank officer Candidates on Boarding program 2 25 Januari 2016 – 7 Februari 2016 January 25, 2016 - February 7, 2016 pengenalan perbankan Bagi Calon pegawai bank bjb On Boarding Program Introduction to Banking for bjb bank officer Candidates on Boarding program 96 MANAJEMEN RISIKO RiSK ManageMenT Laporan Tahunan 2016 594 Semakin Berkembang Bersama peluang Baru yang Membentang Tabel Pengembangan Kompetensi Divisi manajemen risiko Table of competency Development Of risk management Division Tanggal Pelaksanaan implementation date Pelatihan Training jumlah Peserta number of participants 12-14 Februari 2016 February 12-14, 2016 Character Building Career Development Program Character Building Career Development program 3 22-24 Februari 2016 February 22-24, 2016 Change Agent Change agent 1 22-23 Februari 2016 February 22-23, 2016 program pengembangan Kompetensi eksekutif executive Competency Development program 1 3 Maret 2016 March 3, 2016 Reputation Risk How To Handle Media And Social Media reputation risk how To handle Media and Social Media 1 7-8 Maret 2016 March 7-8, 2016 analisa Manajemen risiko Kredit Problem Solving Credit analysis risk Management problem Solving 1 10-11 Maret 2016 March 10-11, 2016 Learn Best Practise Methods For Measuring And Managing Risk Learn Best practice Methods For Measuring and Managing risk 2 10-11 Maret 2016 March 10-11, 2016 Change Leader Change Leader 1 14 Maret 2016 March 14, 2016 Refreshment Sertifikasi Manajemen risiko risk Management Certification refresher 1 14-15 Maret 2016 March 14-15, 2016 pengembangan Kompetensi ekesekutif executive Competence Development 2 14-15 Maret 2016 March 14-15, 2016 Service Excellent For SBM Service excellent For SBM 1 14-24 Maret 2016 March 14 to 24, 2016 Manajer Lini pertama First Line Manager 1 14-15 Maret 2016 March 14-15, 2016 akuntansi Bank Dasar Bank accounting Basics 1 14-15 Maret 2016 March 14-15, 2016 Leadership Foundations Leadership Foundations 1 17-18 Maret 2016 March 17-18, 2016 Implementing An Integrated Governance, Risk Management And Compliance GRC Framework For Financial Services Industry Implementing an Integrated Governance, risk Management and Compliance GrC Framework For Financial Services Industry 1 21-22 Maret 2016 March 21-22, 2016 Operational Risk Stress Test operational risk Stress Test 3 4-8 april 2016 april 4-8, 2016 Certified Risk Management Professional CrMp umum General Certified risk Management professional CrMp 1 5-6 april 2016 april 5-6, 2016 akuntansi Bank Dasar Bank accounting Basics 2 6-7 april 2016 april 6-7, 2016 Risk Modelling In Financial Markets risk Modelling In Financial Markets 2 11-14 april 2016 april 11-14, 2016 aLMa aLMa 1 13-14 april 2016 april 13-14, 2016 pelatihan High Impact Communication high Impact Communication Training 2 18-22 april 2016 april 18-22, 2016 operasional Bank Dasar Bank operational Base 1 18-20 april 2016 april 18-20, 2016 administrasi Kredit Dan Bisnis Legal Credit administration and Business Legal 1 20-21 april 2016 april 20-21, 2016 akuntansi Bank Dasar Bank accounting Basics 1 21-22 april 2016 april 21-22, 2016 persiapan ujian Sertifikasi Manajemen risiko Level 1 preparation risk Management Certification Level 1 exam 2 24 april 2016 – 1 Mei 2016 april 24, 2016 - May 1, 2016 Character Building untuk pemimpin Grup dan Assistant Vice President Character Building For Group Leaders and assistant Vice president 3 28 – 29 april 2016 april 28 to 29, 2016 Operational Risk Advanced Measurement Approach In Practice operational risk advanced Measurement approach In practice 2 30 april 2016 april 30, 2016 ujian Sertifikasi Manajemen risiko Level 1 risk Management Certification Level 1 exam 1 8-15 Mei 2016 May 8-15, 2016 Character Building untuk pemimpin Grup dan Assistant Vice President bank bjb Character Building For bank bjb Group Leaders and assistant Vice president 1 MANAJEMEN RISIKO RiSK ManageMenT annual report 2016 595 Growing Together with new expanding opportunities Tabel Pengembangan Kompetensi Divisi manajemen risiko Table of competency Development Of risk management Division Tanggal Pelaksanaan implementation date Pelatihan Training jumlah Peserta number of participants 09-13 Mei 2016 May 09-13, 2016 operasional Bank Dasar operational Basis Bank 1 09-10 Mei 2016 May 09-10, 2016 Professional Secretary professional Secretary 1 11-12 Mei 2016 May 11-12, 2016 Business Continuity Management In Banking Business Continuity Management In Banking 2 17-19 Mei 2016 May 17-19, 2016 Trade Finance For Managers Trade Finance For Managers 1 18-19 Mei 2016 May 18-19, 2016 Fungsi Kepatuhan Dan Manajemen risiko optimalisasi peran, Fungsi, Tugas, dan Output Bagi Bank Compliance Function and risk Management optimizing the role, Functions, Duties, and output For Banks 3 19-20 Mei 2016 May 19-20, 2016 Credit Risk Stress Testing penyusunan Skenario, pengukuran Dan evaluasi Stress Test Model Credit risk Stress Testing Scenario preparation, Measurement and evaluation Stress Test Model 1 23-24 Mei 2016 May 23-24, 2016 program pengembangan Kompetensi Competence Development program 1 23-24 Mei 2016 May 23-24, 2016 Risk Liquidity Risk Stress Test Model-Reverse Stress Test risk Liquidity risk Stress Test Model-reverse Stress Test 2 2-3 Juni 2016 June 2-3, 2016 persiapan ujian Sertifikasi Manajemen risiko Level 1 exam preparation risk Management Certification Level 1 4 8-10 Juni 2016 June 8-10, 2016 Refreshment Kredit Korporasi Dan Komersial untuk Manajer Corporate and Commercial Loans refresher For Managers 1 1 11 Juni 2016 June 11, 2016 ujian Sertifikasi Manajemen risiko Level 1 risk Management Certification Level 1 exam 1 4 13-15 Juni 2016 June 13-15, 2016 Risk Management Bagi Officer risk Management For officer 1 1 15-17 Juni 2016 June 15-17, 2016 Training For Trainers Training For Trainers 2 2 20 Juni 2016 June 20, 2016 Workshop Kemahiran hukum Menelaah peraturan Mahkamah agung nomor 2 Tahun 2015 Tentang Tata Cara penyelesaian Gugatan Sederhana Sebagai Langkah penyelesaian permasalahan Kredit Workshop exploring Legal proficiency Supreme Court regulation no. 2 2015 on Lawsuit Settlement procedures Simple Steps For problem Loans Settlement 1 20 Juni 2016 June 20, 2016 Refreshment Sertifikasi Manajemen risiko Bank Treasury Financial Products Risk Management Development risk Management Certification refresher Bank Financial products Treasury risk Management Development 1 20-21 Juni 2016 June 20-21, 2016 pelatihan persiapan ujian Sertifikasi Manajemen risiko Level 2 Training Certification preparation risk Management Level 2 exam 1 25 Juni 2016 June 25, 2016 ujian Sertifikasi Manajemen risiko Level 2 risk Management Certification Level 2 exam 2 17 Juli 2016 July 17, 2016 Character Building Middle Management Character Building Middle Management 1 28-29 Juli 2016 July 28-29, 2016 persiapan ujian Sertifikasi Manajemen risiko Level 1 risk Management Certification preparation Level 1 exam 5 3-5 agustus 2016 august 3-5, 2016 analisis Lingkungan hidup TaL environmental analysis TaL 1 6 agustus 2016 august 6, 2016 ujian Sertifikasi Manajemen risiko Level 1 risk Management Certification Level 1 exam 5 8-9 agustus 2016 august 8-9, 2016 persiapan ujian Sertifikasi Manajemen risiko Level 2 risk Management Certification preparation Level 2 exam 2 11-12 agustus 2016 august 11-12, 2016 KrI, rCSa and Advanced Measurement Approach KrI, rCSa and the advanced Measurement approach 3 11-12 agustus 2016 august 11-12, 2016 akuntansi Bank Dasar Bank accounting Basics 1 13 agustus 2016 august 13, 2016 ujian Sertifikasi Manajemen risiko Level 2 risk Management Certification Level 2 exam 2 13 agustus 2016 august 13, 2016 pembekalan Motivasi pada pengukuhan pegawai Tetap Dan Acceleration Program permanent employee Motivation Briefing and acceleration program 2 MANAJEMEN RISIKO RiSK ManageMenT Laporan Tahunan 2016 596 Semakin Berkembang Bersama peluang Baru yang Membentang Tabel Pengembangan Kompetensi Divisi manajemen risiko Table of competency Development Of risk management Division Tanggal Pelaksanaan implementation date Pelatihan Training jumlah Peserta number of participants 15-16 agustus 2016 august 15-16, 2016 Training For Trainers Training For Trainers 2 18-19 agustus 2016 august 18- 19, 2016 Corporate Culture And Transformation Corporate Culture and Transformation 1 18-19 agustus 2016 august 18-19, 2016 Communication Skills Communication Skills 1 24-25 agustus 2016 august 24-25, 2016 Operational Risk penerapan Manajemen risiko operasional Menggunakan Strategi Yang efektif operational risk Management application using effective Strategies 2 24-26 agustus 2016 august 24-26, 2016 Konglomerasi Keuangan Manajemen risiko, Tata Kelola, permodalan Financial Conglomerate risk Management, Governance, Capital 3 3 5-6 September 2016 September 5-6, 2016 persiapan ujian Sertifikasi Manajemen risiko Level 2 risk Management Certification preparation Level 2 exam 1 5-6 September 2016 September 5-6, 2016 Cara Melakukan Assessment Dan Mengintegrasikan profil risiko 8 risiko Menuju peringkat Komposit 1 atau 2 how to Conduct risk profile 8 risk assessment and Integration Towards Composite rating 1 or 2 2 8-9 September 2016 September 8-9, 2016 persiapan ujian Sertifikasi Manajemen risiko Level 1 risk Management Certification preparation Level 1 exam 3 13-14 September 2016 September 13-14, 2016 Corporate Culture Summit Corporate Culture Summit 1 17 September 2016 September 17, 2016 ujian Sertifikasi Manajemen risiko Level 2 risk Management Certification Level 2 exam 1 17 September 2016 September 17 , 2016 ujian Sertifikasi Manajemen risiko Level 1 risk Management Certification Level 1 exam 3 20-21 September 2016 September 20-21, 2016 Cara Cepat Dan Tepat Menyusun Kebijakan Dan prosedur Yang efektif The Fast and The right Structure for effective policies and procedures 1 21-22 September 2016 September 21-22, 2016 3 Tiga Kesalahan Dalam Menghitung CKpn Implementasi IFrS 3 Three errors in Calculating CKpn IFrS 1 22-23 September 2016 September 22-23, 2016 Executive Corporate Law For Non Lawyer For non executive Corporate Lawyers 2 22 September 2016 September 22, 2016 Business Continuity Management From The Perspective Of Enterprise Risk Management Business Continuity Management From The perspective of enterprise risk Management 1 23 September 2016 September 23, 2016 Refreshment Sertifikasi Manajemen risiko risk Management Certification refresher 2 28-29 September 2016 September 28-29, 2016 Dampak penerapan Basel III Terhadap Kebutuhan permodalan Bank, ICaap, dan Strategi optimalisasi aTMr risiko Kredit Impact of Basel III Implementation of Bank Capital requirement, ICaap, and Strategy optimization of Credit risk Weighted assets 4 11-12 oktober 2016 october 11-12, 2016 pengembangan Kompetensi Bagi Manajer Manager Competency Development 1 20-21 oktober 2016 october 20-21, 2016 Best Practice Model Credit Risk Management Credit risk Management Best practice Model 3 20-21 oktober 2016 october 20-21, 2016 anti pencucian uang pencegahan pendanaan Terorisme anti-Money Laundering and Combating the Financing of Terrorism 1 24-25 oktober 2016 october 24-25, 2016 Implementation Of Risk Management Process For Market, Liquidity Implementation of risk Management process For Market Liquidity 3 25-28 oktober 2016 october 25-28, 2016 analisis Lingkungan hidup environmental analysis 1 1 3-4 november 2016 november 3-4, 2016 Advanced Measurement Approach Modeling, Measuring Backtesting advanced Measurement approach Modeling, Measuring Backtesting 4 3 november 2016 november 3, 2016 Seminar prospek perekonomian nasional 2017 peluang Dan Tantangan Industri perbankan national Seminar on economic prospects 2017 Banking Industry opportunities and Challenges 2 9-10 november 2016 november 9-10, 2016 Inside The Mind Of The Leader Inside The Mind of The Leader 1 14-15 november 2016 november 14-15, 2016 Understanding Asset Liabilities Management aLMa understanding asset Liability Management aLMa 3 MANAJEMEN RISIKO RiSK ManageMenT annual report 2016 597 Growing Together with new expanding opportunities SERTIFIKASI MANAJEMEN RISIKO Selama tahun 2016, sertifikasi yang telah diikuti oleh personil di lingkungan Perseroan, baik yang membidangi manajemen risiko maupun pejabat dirincikan sebagai berikut: Tabel sertifikasi manajemen risiko Table of risk management certification no. nama Pegawai employee name jabatan Position sertifikasi certification level sertifikasi certification level nama Penyelenggara Organizer Tahun Year 1 adhitya rachman Firdaus Junior Assistant Manajamen risiko risk Management 1 BSMr 2016 2 akhmad Taqwa praduga Junior Assistant Manajamen risiko risk Management 1 BSMr 2016 3 Dinan Sufendi rae Assistant Vice President Manajamen risiko risk Management 1 BSMr 2008 2 2012 3 LSpp 2013 4 2014 5 2015 Juru Sita Bailiff - Depkeu-Bppn 2000 Account Officer Komersial Commercial nitro 1991 Account Officer retail Konsumer retail Consumer BI-World Bank 1992 Credit Management Advance Bpp asia 1995 4 eksa Kencana putri p. Junior Assistant Manajamen risiko risk Management 1 BSMr 2016 5 evi Susilawati Senior Manager Manajamen risiko risk Management 1 BSMr 2010 2 LSpp 2013 3 BSMr 2016 CoBIT 5 Foundation Based apMG 2014 6 erwin Yulianto Officer Certified Ebusiness Professional - eC Council 2012 Microsoft Certified Professional - active Train 2012 7 Fahmy andriyan nugraha Junior Assistant Manajamen risiko risk Management 1 BSMr 2016 8 Fajar nin utami Junior Assistant Manajamen risiko risk Management 1 BSMr 2016 9 Galuh Muhamad aryadita Junior Assistant Manajamen risiko risk Management 1 BSMr 2016 10 hendra Gunawan Manager Manajamen risiko risk Management 1 LSpp 2014 2 BSMr 2016 Professional Financial Modeler PFM - IFMI 2015 Financial Risk Manager FRM - Garp 2016 RISK MANAGEMENT CERTIFICATION During 2016, certifications that were participated by personnel within the Company’s environment, whether in charge of risk management or officials are detailed as follows: MANAJEMEN RISIKO RiSK ManageMenT Laporan Tahunan 2016 598 Semakin Berkembang Bersama peluang Baru yang Membentang Tabel sertifikasi manajemen risiko Table of risk management certification no. nama Pegawai employee name jabatan Position sertifikasi certification level sertifikasi certification level nama Penyelenggara Organizer Tahun Year 11 hilman Sembada Manager Manajamen risiko risk Management 1 BSMr 2011 2 LSpp 2015 12 Lusiana oktavianti Junior Assistant Manajamen risiko risk Management 1 BSMr 2016 13 Mega Fitra nugraha Junior Assistant Manajamen risiko risk Management 1 BSMr 2016 14 Mohamad arif Senior Officer Manajamen risiko risk Management 1 LSpp 2014 2 BSMr 2016 15 Muhamad aditya Wiradharma Assistant Vice President Manajamen risiko risk Management 1 BSMr 2010 2 LSpp 2012 3 erMap rMCp 2014 16 Muhamad Ivan hadiana Junior Assistant Manajamen risiko risk Management 1 BSMr 2016 17 ofik Taufik robiyana Assistant Vice President Manajamen risiko risk Management 1 BSMr 2011 2 LSpp 2012 3 LSpp 2012 18 pandu pamungkas Manager Manajamen risiko risk Management 1 BSMr 2008 2 LSpp 2012 19 rani puspasari Officer Manajamen risiko risk Management 1 LSpp 2014 20 rio Borneo putranto Manager Manajamen risiko risk Management 1 BSMr 2010 2 LSpp 2013 Certified Risk Management Professional - erMa 2012 Professional Financial Modeler PFM - IFMI 2014 21 ririn ayurinda Officer Manajamen risiko risk Management 1 BSMr 2016 22 Samsudin Manager Manajamen risiko risk Management 1 BSMr 2010 2 2016 23 Sonda Faitri arsuty Manager Manajamen risiko risk Management 1 BSMr 2016 2 24 Sylvia ayu Lestari Junior Assistant Manajamen risiko risk Management 1 BSMr 2016 25 Synthiana rachmie Junior Assistant Manajamen risiko risk Management 1 BSMr 2016 26 Tri ramadhy Officer Manajamen risiko risk Management 1 BSMr 2016 MANAJEMEN RISIKO RiSK ManageMenT annual report 2016 599 Growing Together with new expanding opportunities PROSES MANAJEMEN RISIKO Proses Manajemen Risiko dilaksanakan secara lengkap yang meliputi tahapan identifikasi, pengukuran, pemantauan, dan pengendalian atau sesuai dengan ketentuan internal dan eksternal yang berlaku saat ini. Proses manajemen risiko tersebut dilakukan terhadap seluruh faktor-faktor risiko yang berpengaruh secara signifikan terhadap kondisi keuangan bank bjb. Faktor-faktor risiko adalah berbagai parameter yang mempengaruhi eksposur risiko. Proses tersebut dapat dilakukan secara kuantitatif maupun kualitatif terhadap faktor-faktor risiko yang ada. Berdasarkan ketentuan yang berlaku, jenis risiko yang wajib dikelola bank bjb dikelompokkan kedalam: a. Risiko Kredit, b. Risiko Pasar, c. Risiko Likuiditas, d. Risiko Operasional, e. Risiko Hukum, f. Risiko Stratejik, g. Risiko Reputasi, h. Risiko Kepatuhan. Adapun proses manajemen risiko di bank bjb meliputi: A. Identifikasi Risiko Proses identifikasi dilakukan secara berkala untuk seluruh jenis dan karakteristik risiko yang terdapat pada setiap kegiatan usaha bank bjb. Proses identifikasi risiko dilakukan dengan menganalisis seluruh sumber risiko yang ada, dimana sekurang-kurangnya dilakukan terhadap risiko dari produk dan aktivitas bisnis bank. Selain itu, bank bjb memastikan bahwa risiko dari produk dan aktivitas baru telah melalui proses pengendalian Manajemen Risiko dan disetujui oleh Direksi atau direkomendasikan oleh Komite Manajemen Risiko sebelum diperkenalkan atau dijalankan. Tahapan identifikasi risiko dalam proses Manajemen Risiko memiliki karakteristik sebagai berikut: a. Bersifat proaktif dalam melakukan identifikasi seluruh risiko secara berkala. b. Tersedianya metode atau sistem untuk melakukan identifikasi risiko pada seluruh produk dan aktivitas bisnis bank. c. Mencakup risiko inheren yang melekat pada seluruh produk dan aktivitas bank termasuk produk dan aktivitas baru telah melalui proses Manajemen Risiko yang layak sebelum diperkenalkan atau dijalankan. RISK MANAGEMENT PROCESS Risk Management processes implemented fully covering the steps of identifying, measuring, monitoring, and controlling or in accordance with current internal and external provisions. The risk management process is performed against all risk factors that significantly influence bank bjb financial condition. These risk factors are various parameters that affect risk exposure. The process can be carried out quantitatively and qualitatively on existing risk factors. Based on the applicable provisions, the type of risks that must be managed by bank bjb are grouped into: a. Credit Risk, b. Market Risk, c. Liquidity Risk, d. Operational Risk, e. Legal Risk, f. Strategic Risk, g. Reputation Risk, h. Compliance Risk. The process of risk management in bank bjb includes: A. Risk Identification The identification process is done periodically for all types and characteristics of risks found in any business activity of bank bjb. Risk identification process is done by analyzing all sources of risk that exist, of which at least is done to the risks of bank’s products and business activities. In addition, bank bjb ensures that the risks of new products and activities have passed Risk Management control process and approved by the Board of Directors or recommended by the Risk Management Committee before being introduced or executed. Risk identification stages in Risk Management process have the following characteristics: a. Be proactive in identifying all the risks regularly. b. Methods or systems to identify risks on all products and business activities of the bank are available. c. Includes the inherent risks in all bank’s products and activities, including new products and activities which have passed Risk Management process viable before being introduced or executed. MANAJEMEN RISIKO RiSK ManageMenT Laporan Tahunan 2016 600 Semakin Berkembang Bersama peluang Baru yang Membentang B. Pengukuran Risiko Pengukuran risiko bertujuan untuk memperkirakan eksposur risiko secara keseluruhan maupun per jenis risiko pada setiap produk dan aktivitas yang dimiliki bank bjb. Pendekatan pengukuran risiko digunakan untuk mengukur eksposur risiko bank bjb guna memperoleh gambaran efektifitas penerapan Manajemen Risiko. Pendekatan dan metodologi pengukuran dapat bersifat kuantitatif, kualitatif atau merupakan kombinasi antara keduanya serta disesuaikan dengan karakteristik dan kompleksitas bisnis bank. Pemilihan pendekatan dan metodologi pengukuran risiko diantaranya paling kurang harus dapat mengukur: a. Sensitivitas produkaktivitas terhadap perubahan faktor-faktor yang mempengaruhinya, baik dalam kondisi normal maupun tidak normal; b. Kecenderungan perubahan faktor-faktor dimaksud berdasarkan fluktuasi perubahan yang terjadi dimasa lalu dan korelasinya; c. Faktor risiko risk factors secara individual; d. Eksposur risiko secara keseluruhan aggregate dengan mempertimbangkan risk correlation; e. Seluruh risiko yang melekat pada seluruh transaksi serta produk perbankan dan dapat diintegrasikan dalam sistem informasi manajemen bank bjb. Penggunaan model pengukuran risiko disesuaikan dengan kebutuhan dan karakteristik kegiatan usaha bank bjb, ukuran dan kompleksitas usaha bank bjb serta manfaat yang diperoleh serta ketentuan yang berlaku. Bank menggunakan metode alternatif dengan model internal dalam pengukuran risiko kredit, risiko pasar, dan risiko operasional sekurang-kurangnya mempertimbangkan hal- hal sebagai berikut: 1. Persyaratan penggunaan model internal: i. Isi dan kualitas data yang dibuat harus sesuai standar yang berlaku dan reliable; ii. Tersedianya sistem informasi manajemen yang memungkinkan sistem tersebut mengambil data dan informasi yang layak dan akurat pada saat yang tepat; iii. Tersedianya sistem yang dapat memperoleh data risiko pada seluruh posisi Bank; iv. Tersedianya dokumentasi dari sumber data yang digunakan untuk keperluan proses pengukuran risiko; v. Database dan proses penyimpanan data harus merupakan bagian dari rancangan sistem guna mencegah terputusnya series data statistik. B. Risk Measurement Risk measurement is aimed to estimate the overall risk exposure and per type of risk on every product and activity owned by bank bjb. Approach to risk measurement is used to measure the risk exposure of banks in order to obtain the overview of effective Risk Management application. The approach and methodology of measurement may be quantitative, qualitative or a combination of both as well as adapted to the characteristics and complexity of bank’s business. The selection of approaches and methodologies for measuring the risks should at least be able to measure: a. Sensitivity of productsactivities to changes of factors that influence them, both in normal and abnormal conditions; b. The tendency to changes of factors as referred to is based on fluctuation of changes occurred in the past and its correlation; c. Individual risk factors; d. Aggregate risk exposure by considering the correlation risk; e. All risks inherent in all transactions and banking products and can be integrated in management information system of bank bjb. The use of risk measurement models is adjusted to the needs and characteristics of bank bjb business activities, size, and complexity and benefits gained as well as the applicable provisions.Bank uses alternative methods to internal models in measuring credit risk, market risk, and operational risk which should at least consider the following matters: 1. Terms of use of internal models : i. Data content and quality must be made according to prevailing standards and reliable. ii. Management information system that allows the system to retrieve data and information that is feasible and accurate at the right time; iii. System to obtain risk data on the entire position of the Bank is available; iv. Documentation of the data source used for the purposes of risk assessment process is available; v. Database and data storage process must be part of the system design in order to prevent loss of statistical data series. MANAJEMEN RISIKO RiSK ManageMenT annual report 2016 601 Growing Together with new expanding opportunities 2. Dalam melakukan back-testing terhadap model internal untuk eksposur yang mengandung risiko tertentu, Bank menggunakan data historis dan asumsi yang disusun oleh Bank sendiri danatau asumsi yang diminta oleh regulator. 3. Keperluan data terkait disesuaikan dengan sistem pelaporan data yang diwajibkan oleh regulator. 4. Dalam rangka mengatasi kelemahan yang dapat timbul atas penggunaan model pengukuran risiko tertentu, maka Bank melakukan validasi model oleh pihak independen terhadap pihak yang mengaplikasikan model tersebut. 5. Metode pengukuran risiko harus dipahami secara jelas oleh RTU yang terkait dalam pengendalian risiko, antara lain SKMR, trisuri, akuntansi, RMC dan Direktur bidang terkait. Stress Test dilakukan untuk melengkapi sistem pengukuran risiko dengan cara mengestimasi potensi kerugian Bank pada kondisi yang tidak normal dengan menggunakan skenario tertentu guna melihat sensitivitas kinerja Bank terhadap perubahan faktor risiko dan mengidentifikasi pengaruh yang berdampak signifikan terhadap portfolio dan kinerja Bank. Bank melakukan Stress Testing secara berkala dan me-review hasil Stress Testing tersebut serta mengambil langkah-langkah yang tepat dalam perkiraan kondisi yang akan terjadi melebihi tingkat toleransi yang dapat diterima. Hasil tersebut digunakan sebagai masukan pada saat penetapan atau perubahan kebijakan dan limit. C. Pemantauan Risiko Bank memiliki prosedur pemantauan risiko yang antara lain mencakup pemantauan risiko terhadap besarnya kepatuhan limit internal maupun konsistensi pelaksanaan dengan kebijakan dan prosedur yang ditetapkan. Proses pemantauan dilakukan dengan cara mengevaluasi eksposur risiko untuk seluruh produk dan aktivitas bank bjb. Pemantauan dilakukan baik oleh RTU maupun oleh SKMR. Hasil pemantauan disajikan dalam laporan berkala yang disampaikan kepada manajemen dalam rangka mitigasi risiko dan tindakan yang diperlukan. Dalam pemantauan risiko, Bank menyiapkan prosedur yang efektif untuk mencegah terjadinya gangguan disruptions dalam proses pemantauan risiko, dan melakukan review kembali secara berkala atas prosedur tersebut. D. Pengendalian Risiko Bank memiliki sistem pengendalian Risiko yang memadai dengan mengacu pada kebijakan dan prosedur yang telah ditetapkan dan bertujuan untuk mengelola seluruh eksposur risiko. Salah satu yang dilakukan dalam 2. In doing back-testing to internal models for exposures containing specific risk, Bank uses historical data and assumptions prepared by the Bank andor assumptions required by the regulator. 3. Related data purposes is adjusted to the reporting system required by regulators. 4. In order to to overcome weaknesses that may arise over the use of certain risk measurement model, the Bank then validate the model by independent party to parties that apply the model. 5. Risk measurement methods should be clearly understood by RTU related in risk control, among others SKMR, treasury, accounting, RMC, and Director of related sectors. Stress Test is done to complete risk measurement system by estimating the Bank’s potential loss on abnormal conditions using specific scenarios to see the sensitivity of Bank’s performance to changes of risk factors and identifying the effect that give significant impacts on Bank’s portfolio and performance. Bank conducts periodic Stress Testing and review the results of such Stress Testing and take appropriate steps in potential conditions that may occur beyond acceptable tolerance.These results are used as inputs during the establishment of or changes to policies and limits. C. Risk Monitoring Bank has risk monitoring procedures which include risk monitoring to internal limit compliance and consistent implementation of the policies and procedures established. The monitoring process is done by evaluating risk exposure for all bjb bank products and activities.Monitoring is carried out either by the RTU or by SKMR. The monitoring results are presented in periodic reports submitted to the management in order to mitigate the risks and actions needed.In risk monitoring, Bank sets up effective procedures to prevent disruptions in risk monitoring process, and review it periodically over the procedure. D. Risk Control Bank has adequate risk control system with reference to the policies and procedures established and aims to manage risk exposure.Validation and evaluation of risk management model are among other things done in MANAJEMEN RISIKO RiSK ManageMenT Laporan Tahunan 2016 602 Semakin Berkembang Bersama peluang Baru yang Membentang pengendalian risiko melalui validasi dan evaluasi model manajemen risiko. Validasi dan evaluasi model dilakukan dalam rangka mengatasi kelemahan yang dapat timbul atas penggunaan model pengukuran risiko terkait yang dilakukan oleh pihak internal yang independen terhadap pihak yang mengaplikasikan model tersebut. 1. Validasi Validasi model merupakan suatu proses: • Evaluasi terhadap logika internal suatu model tertentu dengan cara verifikasi keakurasian matematikal. • Membandingkan prediksi model dengan peristiwa setelah tanggal posisi tertentu subsequent events • Membandingkan model satu dengan model lain yang ada, baik internal maupun eksternal, apabila tersedia. Validasi juga dilakukan terhadap model baru, baik yang dikembangkan sendiri oleh Bank maupun yang dibeli dari vendor. Model yang digunakan oleh bank harus dievaluasi secara berkala maupun sewaktu-waktu terutama dalam hal terjadi perubahan kondisi pasar yang signifikan. 2. Evaluasi Evaluasi adalah proses pengkajian atas efektivitas setiap pendekatan atau metodologi yang digunakan dalam pengukuran risiko dan dilakukan secara berkala terhadap cara pengukuran dan asumsi yang digunakan. bank bjb mengevaluasi secara berkala prosedur, metodologi dan mendokumentasikan setiap asumsi yang digunakan jika menggunakan metode internal. Rekomendasi perubahan prosedur, metodologi dan asumsi yang dibuat berdasarkan hasil evaluasi di atas disampaikan dalam rapat Komite Manajemen Risiko dan Direksi berwenang memutus perubahan metodologi dan prosedur tersebut. E. Sistem Informasi Manajemen Risiko Sistem Informasi Manajemen Risiko merupakan bagian dari sistem informasi manajemen yang dimiliki dan dikembangkan sesuai dengan kebutuhan Bank. Sistem infromasi Manajemen Risiko Bank digunakan untuk mendukung pelaksanaan proses identifikasi, pengukuran, pemantauan, dan pengendalian risiko sebagai bagian dari proses penerapan Manajemen Risiko yang efektif dan mendukung pelaksanaan pelaporan kepada regulator. Beberapa hal yang harus diperhatikan agar penerapan sistem informasi Manajemen Risiko berjalan efektif maka diperlukan kemampuan untuk menghasilkan informasi yang tepat waktu, akurat, konsisten, komprehensif, revelan, dan informatif sehingga dapat digunakan oleh Direksi, Dewan Komisaris, dan satuan kerja terkait dalam penerapan Manajemen Risiko untuk menilai, memantau, dan memitigasi risiko yang dihadapi Bank dalam proses pengambilan keputusan. controlling risks.Model validation and evaluation are done in order to address weaknesses that may arise over the use of relevant risk measurement models conducted by internal parties independently to the parties that apply such model. 1. Validation Model validation model is process of: • Evaluation to internal logic of a particular model by mathematical accuracy verification. • Comparing model predictions with subsequent events • Comparing one model to another existing model, both internal and external, if available. Validation is also made to the new model, either developed by the Bank or purchased from vendors.The model used by the bank should be evaluated regularly and at any time, especially in case of significant changes on market condition. 2. Evaluation Evaluation is the process of assessment on the effectiveness of each approach or methodology used in risk measurement and are periodically made to the way measurements and assumptions used. bank bjb periodically evaluates the procedures and methodology, and documents any assumptions used when using internal methods.Recommended changes to procedures, methodologies, and assumptions made based on the results of the evaluation shall be submitted in the meeting of the Risk Management Committee and the Board of Directors is authorized to decide changes to such methodology and procedures.. E. Risk Management Information System Risk Management Information System is a part of management information system owned and developed in accordance with Bank’s needs.Bank Risk Management information systems is used to support risk identification, measurement, monitoring, and controlling as part of the process of implementing effective Risk Management and supporting the implementation of reporting to regulators.In order to gave effective implementation of Risk Management information system, the capability to produce information that is timely, accurate, consistent, comprehensive, relevant, and informative is needed so that it can be used by the Board of Directors, Board of Commissioners, and work units involved in the implementation of Risk Management to assess, monitor and mitigate the risks faced by the Bank in decision making process. MANAJEMEN RISIKO RiSK ManageMenT annual report 2016 603 Growing Together with new expanding opportunities Kecukupan informasi yang dihasilkan dari sistem infromasi Manajemen Risiko direviu secara berkala untuk memastikan bahwa cakupan tersebut telah memadai sesuai perkembangan tingkat kompleksitas usaha. Dalam pengembangan sistem informasi Manajamen Risiko, Bank menugaskan pihak ketigaoutsourcing dalam penyempurnaan sistem tersebut. Untuk memastikan pengendalian yang memadai atas sistem informasi Manajemen Risiko yang efektif, Bank menatausahakan dan mengkinikan dokumentasi sistem, yang memuat hardware, software, data base, parameter, tahapan proses, asumsi yang digunakan, sumber data, dan output yang dihasilkan. Sebagai upaya meningkatkan kualitas penerapan manajemen risiko bank dilengkapi dengan sistem informasi yang memadai diantaranya bank telah memiliki sistem OPICS Risk sebagai sistem manajemen risiko yang mengukur aktivitas dealing room, BJB Reds yang merupakan sarana untuk memperoleh data historis kerugian risiko operasional, credit risk web rating dan credit line tools yang merupakan alat manajemen risiko dalam menilai kualitas kelayakan debitur. SISTEM DAN PENERAPAN MANAJEMEN RISIKO Penerapan Sistem Manajemen Risiko bank bjb berdasarkan empat cakupan: 1. Pengawasan aktif Dewan Komisaris dan Direksi sebagai bagian dari peran pengawasan manajemen. 2. Kecukupan kebijakan, prosedur dan penetapan limit sebagai pedoman penerapan manajemen risiko. 3. Kecukupan proses identifikasi, pengukuran, pemantauan dan pengendalian risiko serta sistem informasi manajemen. 4. Sistem pengendalian internal yang menyeluruh. Pilar I : Pengawasan Aktif Dewan Komisaris dan Direksi Direksi dan Dewan Komisaris bertanggung jawab atas efektivitas penerapan Manajemen Risiko di bank bjb. Untuk itu Direksi dan Dewan Komisaris harus memahami Risiko yang dihadapi oleh bank bjb dan memberikan arahan yang jelas, melakukan pengawasan dan mitigasi secara aktif serta mengembangkan budaya Manajemen Risiko dalam organisasi bank bjb. Dalam rangka mendukung penerapan Manajemen Risiko secara efektif, Direksi dan Dewan Komisaris, menetapkan tugas dan tanggung jawab yang jelas pada masing-masing unit, memastikan struktur organisasi yang memadai, serta memastikan kecukupan kuantitas dan kualitas Sumber Daya Manusia SDM. The adequacy of information generated from Risk Management information systems is reviewed regularly to ensure that it has adequate coverage according to the development level of business complexity.In the development of risk management information system, Bank commissioned third partyoutsourced in improving the system. To ensure adequate control over effective Risk Management Information System, Bank administers and updates system documentation, which includes hardware, software, database, parameters, process steps, assumptions used, data sources, and output.In an effort to improve the quality of risk management implementation, bank is equipped with adequate information including OPICS Risk system as risk management system that measures the activity of the dealing room, BJB Reds a means of obtaining historical data loss operational risk, credit risk web rating and credit line tools which are risk management tools in assessing the feasibility of the quality of the debtor. RISK MANAGEMENT IMPLEMENTATION The Implementation of bank bjb Risk Management System based on four pillars: 1. Active supervision of the Board of Commissioners and the Board of Directors as part of its supervisory role of management. 2. The adequacy of policies, procedures and limits as guidelines for the implementation of risk management. 3. Adequacy of identification, measurement, monitoring, and risk control processes, as well as risk management information system. 4. Comprehensive internal control system. First Pillar : Active Supervision of the Board of Commissioners and the Board of Directors The Board of Commissioners and the Board of Directors are responsible for effective Risk Management implementation in bank bjb.Therefore, the Board of Commissioners and the Board of Directors should understand the risks faced by bank bjb and provide clear guidelines, monitor and mitigate actively and develop Risk Management culture in bank bjb organization. In order to support the implementation of effective risk management, the Board of Directors and the Board of Commissioners, assign tasks and responsibilities clearly to each unit, ensure adequate organizational structure, and ensure adequate quantity and quality of Human Resources HR. MANAJEMEN RISIKO RiSK ManageMenT Laporan Tahunan 2016 604 Semakin Berkembang Bersama peluang Baru yang Membentang Pilar II : Kecukupan kebijakan, prosedur dan penetapan limit sebagai pedoman penerapan manajemen risiko Penerapan Manajemen Risiko yang efektif telah didukung dengan kerangka yang mencakup kebijakan dan prosedur Manajemen Risiko serta limit Risiko yang ditetapkan secara jelas sejalan dengan visi, misi, dan strategi bisnis Bank. Penyusunan kebijakan dan prosedur Manajemen Risiko tersebut dilakukan dengan memperhatikan antara lain jenis, kompleksitas kegiatan usaha, profil Risiko, tingkat Risiko yang akan diambil, keterkaitan antar Risiko, serta peraturan yang ditetapkan otoritas dan atau praktek perbankan yang sehat. Selain itu, penerapan kebijakan dan prosedur Manajemen Risiko yang dimiliki Bank harus didukung oleh kecukupan permodalan dan kualitas SDM. Dalam rangka pengendalian Risiko secara efektif, kebijakan dan prosedur yang dimiliki Bank didasarkan pada strategi Manajemen Risiko yang dilengkapi dengan toleransi Risiko dan limit Risiko. Penetapan toleransi Risiko dan limit Risiko dilakukan dengan memperhatikan tingkat Risiko yang akan diambil dan strategi Bank secara keseluruhan. Hal-hal yang perlu diperhatikan dalam penetapan kerangka Manajemen Risiko termasuk kebijakan, prosedur, dan limit, antara lain: Strategi Manajemen Risiko Strategi manajemen risiko merupakan acuan terhadap pendekatan mengenai cara pencapaian tujuan Manajemen Risiko. Bank merumuskan strategi Manajemen Risiko sesuai strategi bisnis secara keseluruhan dengan memperhatikan risk appetite, risk tolerance dan risk limit. Strategi Manajemen Risiko disusun untuk memastikan bahwa eksposur risiko Bank berada pada atau di bawah tingkat eksposur risiko yang ditetapkan sesuai dengan kebijakan, prosedur internal Bank, peraturan perundang-undangan dan ketentuan lain yang berlaku. Strategi Manajemen Risiko disusun berdasarkan prinsip-prinsip umum berikut: a. Strategi Manajemen Risiko harus berorientasi jangka panjang untuk memastikan kelangsungan usaha Bank dengan mempertimbangkan kondisi atau siklus ekonomi; b. Strategi Manajemen Risiko secara komprehensif dapat mengendalikan dan mengelola Risiko Bank dan Perusahaan Anak; dan c. Mencapai kecukupan permodalan yang diharapkan disertai alokasi sumber daya yang memadai. Strategi Manajemen Risiko disusun dengan mempertimbangkan faktor-faktor berikut: a. Kondisi ekonomi serta dampaknya pada risiko Bank.

b. Organisasi bank bjb, termasuk kecukupan sumber daya

manusia dan infrastruktur pendukung. Second Pillar : The adequacy of policies, procedures and limits as guidelines for the implementation of risk management. Effective Risk Management Implementation has been supported by a framework that includes policies and procedures for Risk Management and risk limits defined clearly in line with Bank’s vision, mission, and business strategies.The formulation of risk management policies and procedures is conducted with respect to among others, the type, complexity of business activities, risk profile, the level of risk to be taken, the relationship between risks, and regulations established by the authority andor sound banking practices.In addition, the application of Bank’s Risk Management policies and procedures should be supported by capital adequacy and quality of human resources.In order to control the Risks effectively, Bank’s policies and procedures are based on Risk Management strategies equipped with risk tolerance and risk limit.Determination of risk tolerance and risk limits is conducted with respect to levels of risk to be taken and Bank’s overall strategies. Things that need to be considered in determining Risk Management framework including policies, procedures, and limit, are namely: Risk Management Strategies Risk management strategies are references to approach on ways to achieve Risk Management purposes.Bank formulates appropriate the overall Risk Management strategies by considering risk appetite, risk tolerance, and risk limit.Risk Management Strategies are designed to ensure that Bank’s risk exposures are at or below the level of risk exposure defined in accordance with policies, Bank’s internal procedures, regulations, and other provisions.Risk Management Strategies are prepared based on these general principles: a. Risk Management Strategy must have long term orientation to ensure Bank’s business continuity by taking into account the conditions or economic cycle; b. Risk Management Strategies can comprehensively control and manage the risks of the Bank and its subsidiaries; and c. Achieve the expected capital adequacy with the allocation of adequate resources. Risk Management Strategies are prepared by considering these factors: a. Economic condition and its impacts to Bank risks.

b. bank bjb organization, including sufficient human resources

and supporting infrastructure. MANAJEMEN RISIKO RiSK ManageMenT annual report 2016 605 Growing Together with new expanding opportunities c. Kondisi keuangan Bank, organisasi Bank, kemampuan untuk menghasilkan laba dan kemampuan mengidentifikasi, memantau, dan mengendalikan risiko yang timbul sebagai akibat perubahan faktor internal dan eksternal; d. Bauran serta diversifikasi portofolio Bank. Strategi Manajemen Risiko dimaksud di review secara berkala dan dikomunikasikan secara efektif kepada seluruh jenjang organisasi agar memahami secara jelas pendekatan yang telah ditetapkan serta mematuhi seluruh aspek yang terkait. Direksi mengkomunikasikan Strategi Manajemen Risiko secara efektif kepada seluruh jenjang organisasi dan melakukan review secara berkala. Tingkat Risiko yang akan Diambil Risk Appetite dan Toleransi Risiko Risk Appetite merupakan tingkat risiko yang bersedia diambil oleh Bank dalam rangka mencapai sasaran atau tingkat laba yang diharapkan. Risk Appetite tercermin dalam strategi dan sasaran bisnis Bank serta mencerminkan harapan stakeholders. Tingkat Risiko yang akan diambil Risk Appetite tercermin dalam strategi dan sasaran bisnis Bank. Toleransi Risiko Risk Tolerance merupakan tingkat dan jenis Risiko yang secara maksimum ditetapkan oleh Bank. Risk Tolerance merupakan penjabaran dari Risk Appetite. Direksi memberikan arahan yang jelas mengenai risk appetite, risk tolerance dan risk limit Bank. Risk Appetite dan risk tolerance harus tercermin di dalam kebijakan Manajemen Risiko, termasuk dalam penetapan limit. Dalam merumuskan risk tolerance, Bank perlu mempertimbangkan strategi dan tujuan bisnis Bank serta kemampuan Bank mengambil risiko risk bearing capacity. Pilar III : Kecukupan proses identifikasi, pengukuran, pemantauan dan pengendalian risiko serta sistem informasi manajemen Identifikasi, pengukuran, pemantauan, dan pengendalian Risiko merupakan bagian utama dari proses penerapan Manajemen Risiko. Identifikasi Risiko bersifat proaktif, mencakup seluruh produk dan aktivitas bisnis bank bjb dan dilakukan dalam rangka menganalisa sumber dan kemungkinan timbulnya Risiko serta dampaknya terhadap kelangsungan bisnis bank bjb. Selanjutnya perlu dilakukan pengukuran Risiko yang telah diidentifikasi sesuai dengan karakteristik dan kompleksitas kegiatan usaha Bank. Atas hasil pengukuran tersebut perlu dilakukan pemantauan yang dilakukan oleh RTU yang berkoordinasi dengan SKMR selaku pihak yang independen dalam proses pemantauan tersebut. Selain itu, guna mendukung efektivitas penerapan Manajemen Risiko perlu didukung oleh pengendalian risiko dan sistem informasi manajemen risiko yang memadai. c. Bank’s financial condition, organization, ability to generate profits, and ability to identify, monitor and control risks arising from changes in internal and external factors; d. Mix and diversification of Bank’s portfolio. Such Risk Management Strategies is reviewed periodically and communicated effectively to all levels of organization in order to understand clearly the approach specified and to comply with all aspects related.The Board of Directors communicate Risk Management Strategies to all levels of the organization and conduct periodic review. Risk Appetite and Risk Tolerance Risk Appetite is a level of risk that is willing to be taken by the Bank in order to achieve the goals or anticipated profit levels. Risk Appetite is reflected in Bank’s business strategies and goals, and reflects the stakeholders’ expectations.Risk Appetite is reflected in Bank’s business strategies and goals. . Risk Tolerance is the level and type of Risk specified to maximum level by the Bank.Risk Tolerance is the elaboration of Risk Appetite.The Board of Directors provide clear guidelines on Bank’s risk appetite, risk tolerance, and risk limit.Risk Appetite and risk tolerance should be reflected in Risk Management policies, including in limit determination. In formulating risk tolerance, Bank needs to consider the strategies and business objectives and its ability to take risks risk bearing capacity. Third Pillar : Adequacy of risk identification, measurement, monitoring, and control processes, as well as risk management information system Risk identification, measurement, monitoring, and control processes, are main part of Risk Management application process.Proactive Risk Identification covers all products and business activities of bank bjb and carries out in order to analyze the source and possible risks and their impact on bank bjb business continuity. Moreover, risk measurement identified in accordance with the characteristics and complexity of Bank’s business activities needs to be conducted.Results of these measurements need to be monitored, which is conducted by RTU in coordination with SKMR as an independent party in the monitoring process.In addition, in order to support the effective implementation of Risk Management, adequate risk control and risk management information system are needed. MANAJEMEN RISIKO RiSK ManageMenT Laporan Tahunan 2016 606 Semakin Berkembang Bersama peluang Baru yang Membentang Pilar IV : Sistem Pengendalian Internal yang menyeluruh Proses penerapan Manajemen Risiko yang efektif harus dilengkapi dengan sistem pengendalian internal yang andal. Penerapan sistem pengendalian internal secara efektif dapat membantu pengurus Bank menjaga aset Bank, menjamin tersedianya pelaporan keuangan dan manajerial yang dapat dipercaya, meningkatkan kepatuhan Bank terhadap ketentuan dan peraturan perundang-undangan, serta mengurangi Risiko terjadinya kerugian, penyimpangan dan pelanggaran aspek kehati-hatian. Terselenggaranya sistem pengendalian internal Bank yang andal dan efektif menjadi tanggung jawab dari seluruh satuan kerja operasional risk-taking unit dan satuan kerja pendukung serta Divisi Audit Internal. Hal-hal yang perlu diperhatikan dalam pelaksanaan sistem pengendalian internal antara lain: 1. Pelaksanaan sistem pengendalian internal secara efektif dalam penerapan Manajemen Risiko Bank mengacu pada kebijakan dan prosedur yang telah ditetapkan. Penerapan prinsip pemisahan fungsi four eyes principle harus memadai dan dilaksanakan secara konsisten. 2. Sistem pengendalian internal dalam penerapan Manajemen Risiko paling sedikit mencakup: a. kesesuaian antara sistem pengendalian internal dengan jenis dan tingkat Risiko yang melekat pada kegiatan usaha Bank; b. penetapan wewenang dan tanggung jawab untuk pemantauan kepatuhan kebijakan dan prosedur Manajemen Risiko serta penetapan limit Risiko; c. penetapan jalur pelaporan dan pemisahan fungsi yang jelas dari satuan kerja operasional risk-taking unit kepada satuan kerja yang melaksanakan fungsi pengendalian; d. struktur organisasi yang menggambarkan secara jelas tugas dan tanggung jawab masing-masing unit dan individu; e. pelaporan keuangan dan kegiatan operasional yang akurat dan tepat waktu; f. kecukupan prosedur untuk memastikan kepatuhan Bank terhadap ketentuan dan peraturan perundang-undangan; g. kaji ulang yang efektif, independen, dan obyektif terhadap kebijakan, kerangka dan prosedur operasional Bank; h. pengujian dan kaji ulang yang memadai terhadap sistem informasi manajemen; i. dokumentasi secara lengkap dan memadai terhadap cakupan, prosedur operasional, temuan audit, serta tanggapan pengurus Bank berdasarkan hasil audit; dan j. verifikasi dan kaji ulang secara berkala dan berkesinambungan terhadap penanganan kelemahan Bank yang bersifat material dan tindakan pengurus Bank untuk memperbaiki penyimpangan yang terjadi. Fourth Pillar:Comprehensive Internal Control System Effective risk management implementation process must be equipped with reliable internal control system.The implementation of internal control system can effectively help Bank’s management to maintain Bank’s assets, ensure the availability of trustworthy financial and managerial reporting, increase Bank’s compliance to the rules and regulations, as well as reduce the risk of losses, irregularities, and violations of prudential aspects.The implementation of reliable and effective Bank’s internal control systems is the responsibility of the whole risk-taking units and supporting unit and Internal Audit. Things that need to be considered in the implementation of internal control systems are namely: 1. The effective implementation of internal control systems in the implementation of Bank Risk Management refers to the policies and procedures established.The application of four eyes principle should be adequate and implemented consistently. 2. Internal control system in the application of Risk Management should at least include: a. correspondence between internal control system with the type and level of Risk inherent in Bank’s business activities; b. establishment of the authority and responsibility for monitoring compliance with Risk Management policies and procedures and the establishment of Risk limits; c. determination of reporting lines and clear separation of the functions of the operating unit risk-taking units to the unit performing controlling function; d. organizational structure which clearly describes the duties and responsibilities of each unit and individual; e. accurate and timely financial reporting and operations; f. the adequacy of procedures to ensure compliance with the Bank towards the rules and regulations; g. effective, independent, and objective review on Bank’s policies, frameworks, and operating procedures; h. adequate test and review to the management information system; i. complete and adequate documentation of the scope, operational procedures, audit findings, and Bank’s management response based on audit results; and j. regular and continuous verification and review on the handling of Bank’s material weaknesses and Bank’s management actions to correct deviations. MANAJEMEN RISIKO RiSK ManageMenT annual report 2016 607 Growing Together with new expanding opportunities 3. Pelaksanaan kaji ulang terhadap penerapan Manajemen Risiko paling sedikit sebagai berikut: a. Kaji ulang dan evaluasi dilakukan secara berkala, paling sedikit setiap tahun oleh SKMR dan DAI; b. Cakupan kaji ulang dan evaluasi dapat ditingkatkan frekuensi atau intensitasnya, berdasarkan perkembangan eksposur risiko Bank, perubahan pasar, metode pengukuran, dan pengelolaan risiko; c. Khusus untuk kaji ulang dan evaluasi terhadap pengukuran Risiko oleh SKMR, paling sedikit mencakup: • Kesesuaian kerangka Manajemen Risiko, yang meliputi kebijakan, struktur organisasi, alokasi sumber daya, desain proses Manajemen Risiko, sistem informasi, dan pelaporan Risiko Bank dengan kebutuhan bisnis Bank, serta perkembangan peraturan dan praktik terbaik best practice terkait Manajemen Risiko; • Metode, asumsi, dan variabel yang digunakan untuk mengukur Risiko dan menetapkan limit eksposur Risiko; • perbandingan antara hasil dari metode pengukuran Risiko yang menggunakan simulasi atau proyeksi pada masa datang dengan hasil aktual; • perbandingan antara asumsi yang digunakan dalam metode dimaksud dengan kondisi yang sebenarnya atau aktual; • perbandingan antara limit yang ditetapkan dengan eksposur yang sebenarnya atau aktual; dan • penentuan kesesuaian antara pengukuran dan limit eksposur Risiko dengan kinerja pada masa lalu dan posisi permodalan Bank saat ini. d. Pelaksanaan kaji ulang oleh pihak independen atau DAI antara lain mencakup: • keandalan kerangka Manajemen Risiko, yang mencakup kebijakan, struktur organisasi, alokasi sumber daya, desain proses Manajemen Risiko, sistem informasi, dan pelaporan Risiko Bank; dan • penerapan Manajemen Risiko oleh unit bisnis atau aktivitas pendukung, termasuk kaji ulang terhadap pelaksanaan pemantauan oleh SKMR. 4. Penyampaian hasil penilaian kaji ulang oleh SKMR kepada Dewan Komisaris, DAI, Direktur yang membawahkan fungsi kepatuhan, Komite Audit dan Direksi terkait lainnya sebagai masukan dalam rangka penyempurnaan kerangka dan proses Manajemen Risiko. 5. Pemanatauan oleh DAI terhadap perbaikan atas hasil temuan audit internal maupun eksternal. Temuan audit yang belum ditindaklanjuti harus diinformasikan oleh DAI kepada Direksi untuk diambil langkah-langkah yang diperlukan. 6. Tingkat responsif Bank terhadap kelemahan danatau penyimpangan yang terjadi terhadap ketentuan internal dan eksternal yang berlaku. 3. Implementation of review on the implementation of Risk Management should at least include the following: a. Review and evaluation are conducted regularly, at least annually by SKMR and IAD; b. the frequency or intensity of review and evaluation coverage can be increased, based on the development of Bank’s risk exposure, market changes, measuring methods, and risk management; c. particularly for review and evaluation of risk measurement by SKMR, should at least include: • the suitability of Risk Management framework, which includes policies, organizational structure, resource allocation, Risk Management process design, information systems, and Bank risk reporting to the needs of Bank’s business, as well as regulatory developments and best practices related to Risk Management; • methods, assumptions, and variables used to measure Risks and assign Risk exposure limit; • the comparison between the results of Risk measurement method using simulation or projection in the future with actual results; • the comparison between the assumptions used in such method with actual condition; • the comparison between the limit specified by real or actual exposure; and • determination of the suitability of Risk measurement and risk exposure limit with past performance and Bank’s capital current position. d. Implementation of the review by independent party or IAD, among others, include: • the reliability of Risk Management framework condition that includes Bank’s policies, organizational structure, resource allocation, Risk Management process design, system information, and risk reporting • the implementation of Risk Management business unit or support activities, including the review of monitoring implementation by SKMR. 4. Submission of review rating results by SKMR to the Board of Commissioners, IAD, director in charge of compliance, audit committee and other related Directors as inputs in order to improve Risk Management framework and process. 5. Monitoring by IAD on the improvement of internal and external audit findings.Audit findings which have not been followed up must be informed by IAD to the Board of Directors to take the necessary steps. 6. Bank’s responsiveness level on the weaknesses and or irregularities occurred against internal and external conditions that apply. MANAJEMEN RISIKO RiSK ManageMenT Laporan Tahunan 2016 608 Semakin Berkembang Bersama peluang Baru yang Membentang Misi dan objektif dari pengelolaan risiko bank harus berpedoman kepada konsep pengendalian risiko yang terukur secara konsisten dan akurat, sehingga bank dapat mengalokasikan modalnya secara lebih efektif dan efisien untuk kepentingan usahanya. Metodologi proses pengelolaan manajemen risiko menggambarkan secara lengkap rencana manajemen risiko yang logis yang dilaksanakan pada tiga tingkatan yang berbeda, yaitu: level strategis, level transaksi dan level portofolio: 1. Level pertama merupakan perspektif makro. Proses dimulai dengan analisa risiko dan imbal-hasil berdasarkan rencana kerja business plan. Tahap berikutnya dimulai dengan perubahan budaya kerja yang menggambarkan pandangan bank tentang risiko. Proses ini dimulai dan menjadi tanggung jawab utama dari Direksi. Direksi berkewajiban membangun budaya risiko dan organisasi manajemen risiko, serta memasukkan proses risiko sebagai bagian yang penting dalam menetapkan rencana strategis perusahaan. Pembentukan budaya manajemen risiko memerlukan perubahan organisasi yang cukup mendasar. Hal tersebut diperlukan agar manajemen dapat menangani secara langsung masalah risiko yang dihadapi misalnya risiko pasar tingkat suku bunga, nilai tukar dan lain-lain, dan risiko kredit yang terkait dalam perjanjian dengan counterparty. Komite Manajemen Risiko bertugas untuk mengembangkan budaya risiko dan menetapkan arahan untuk seluruh aktivitas yang mengandung risiko; 2. Level kedua level transaksi dan level ketiga portofolio membahas elemen yang lebih spesifik berupa konsep risiko, perangkat trading, model analisis, metodologi statistik, pengamatan data historis dan analisa pasar, yang semuanya merupakan faktor penting dalam sistem manajemen risiko yang rasional. The mission and objective of risk management should be based on the concept of risk control that is measured consistently and accurately, so that the Bank can allocate its capital more effectively and efficiently to the best of its interest. The Methodology of risk management process describes the complete risk management plan that is reasonable, implemented at three different levels, namely: strategic, transaction and portfolio. 1. The first level is macro perspective. The process begins with risks and returns analysis based on business plan. The next step starts with changing the work culture that describes how the Bank views at risks. When the above process begins, it becomes the primary responsibility of the Board of Directors. The Board of Directors is obliged to build a risk culture and risk management organization, and to incorporate a risk process as an important part in determining company’s strategic plan. Creating a risk management culture requires a fairly fundamental organizational change. This is necessary so that management can directly handle the exposed risks, eg. market risk interest rates, exchange rates, etc., and credit risk risk associated with counterparty within an agreement. Risk Management Committee is in charge to develop a risk culture and to set a direction for all activities that involve risks; 2. The second level transactions and the third level portfolio discuss more specific elements on the concept of risk, trading tools, analysis models, statistical methodology, observation of historical data and market analysis; all of which are important factors in a sound risk management system. MANAJEMEN RISIKO RiSK ManageMenT