Business Development Report Management Reports Company Information Information For Investors Operational Review Assuring the Move Into Next Level 146 Following the significant growth of innovators participation, the Company consistently held SMI- AI every year in the company’s environment, and develops innovation group from 3 innovation group in 2011 expanded to 5 innovation group, as illustrated below: • Raw materials and products • Technology and production process: Mining - Raw mill • Technology and production process: Kiln - Packer • Management • Subsidiaries and Affiliates The above innovation group has been forecasted to develop in the years to come, by involving partners, academics, and communities to contribute in the Company’s competitiveness. The results of SMI-AI activity are periodically monitored especially the nominators of SMI-AI to ensure that the innovations will increase the Company’s efficiency, and it’s being synergized between other strategic business units. Innovation Management implementation is the appreciation media for the high achievers employees that enhances the spirit of innovation and competition, in the effort to create innovation culture towards critical and creative thinking. Operational Review Tinjauan Kinerja Company Innovation Total Innovations Total Nominees Innovation Implementation SP ST SMIG SMI 25 21 22 12 24 48 71 15 60.00 95.45 50.00 67.61 Corporate Governance Implementation Report Corporate Social Responsibility Report Corporate Data Management Discussion and Analysis Financial Statements Assuring the Move Into Next Level 147 Information and Communication Technology The Company carries out Information and Communication Technology ICT, in which are excellent and in harmony with the operations needs. ICT holds an important role in the Company, to support expansion strategy, from system and data supplies for market research, market forecasting and simulation, simulation and raw material reserves portfolio, due diligence in other cement mills acquisition, project management, operations facilities of new production, synergy between production facilities, as well as to monitoring, evaluating and consolidating the Company’s performance reports. GUIDELINES Since 2013, the Company established ICT Governance and Standard Policy, as the guidelines of ICT enforcement and management, which formulated referring to the ICT best practices and in compliance to relevant external regulations including Laws, Miniter Regulations, Statements of Financial Accounting Standards SFAS, and other related regulations. ICT ORGANIZATION STRUCTURE Pursuant to the Board of Directors Decree No. 055 KptsDir2014 dated 20 November 2014, stipulated 1 one function to manage the Company’s ICT, namely ICT Strategic Department. This function is under the coordination and responsible to the Finance Director of PT Semen Indonesia Persero Tbk. Enforcing the latest information and communication technology in line with the operations needs to support efficiency and accurate expansion strategy, to ascertain excellent performance levels in the future “ “ Business Development Report Management Reports Company Information Information For Investors Operational Review Assuring the Move Into Next Level 148 GM of Strategic ICT GM of Strategic ICT GM of Strategic ICT Operational Review ICT Organization Structure as of 1 December 2014 Information and Communication Technology GM of Strategic ICT Mgr. ITSM Mgr. ICT Archi- tecture Mgr. Infra Strategy Mgr. BI Analystic Mgr. ICT Project Control ITFM Mgr. BI Analytics Mgr. Performance Mgr ITSM Mgr Documentation Mgr. Demand Mgt Mgr. Demand Mgr. Demand Process Mgt. Mgr. Demand Process Mgt. GM of Strategic ICT Staff Process Designer 5 Corporate Governance Implementation Report Corporate Social Responsibility Report Corporate Data Management Discussion and Analysis Financial Statements Assuring the Move Into Next Level 149 time acted as the ICT counterpart that manages ICT operations and development in PT Semen Indonesia Persero Tbk. Information and Communication Technology In June 2014, the Company established new subsidiary engaged in ICT field, PT Sinergi Informatika Semen Indonesia PT SISI, with main assignments to support the ICT operations and development activity in PT Semen Indonesia Persero Tbk. Coordination Relations of Users, ICT Strategic Department and ICT Subsidiaries To fulfill ICT services, the ICT Strategic Department is coordinating with ICT subsidiaries, at the same With PT SISI, there is a continuous transformation of ICT Organization in SMIG. The ICT functions in PT SI Holding is changed to become Strategic ICT Function. ICT Development Team ICT Operations Dept CENTRALIZATION FEB 2014 ICT functions at Holding PTSI only ICT Development Team ICT Operations Dept STRATEGIC + SBU DES 2014 ICT Strategic functions in Holding + ICT Operations Development at SBU ICT functions in TLCC ICT functions in PTSP ICT functions in PTST ICT functions in PTSI DECENTRALIZATION ICT functions in each Organization ICT Operations ICT Services Usage ICT Development • SLAContact • Performance Evaluation • Requirement Definition • Quality Business Development Report Management Reports Company Information Information For Investors Operational Review Assuring the Move Into Next Level 150 Information and Communication Technology Coordination Lines of Users, ICT Strategic Department and ICT Subsidiaries Operational Review ICT Services Usage Services Operation Marketing Marketing Requirements Policies Strategy Demand Mgt New Service Change Support Service Demand Management Performance Mgt. ICT Governance Performance Services Development CONTRACT • Scopes • SLA • Tariff STRATEGIC ICT SMIG USERS PT SISI ICT Services Corporate Governance Implementation Report Corporate Social Responsibility Report Corporate Data Management Discussion and Analysis Financial Statements Assuring the Move Into Next Level 151 Information and Communication Technology ASSESSMENT MATURITY LEVEL To enhance ICT quality, the external parties are appointed annually to implement maturity level assessment of ICT management, and to provide recommendations regarding the refinement of the Company’s ICT management. In 2014, the Company recorded a Maturity Level of 3.58, increased from the previous year of 3.34. ICT Maturity Level Scales: ENTERPRISE RESOURCE PLANNING ERP SUPPORT ON THE COMPANY’S BUSINESS PROCESSES Aligned with the Company’s vision and mission, information system implementation in PT Semen Indonesia Persero Tbk is intended to meet the needs and contributed to the welfares improvement of Stakeholders. To that end, the strategic measures was implemented through Information System of Enterprise Resources Planning ERP in SAP basis, which managed all lines of business processes with the following category: Core Process The processes within the company’s supply chain. Supporting Process The processes aimed at providing resources for core processes. 2 4 1 3 5 3 3 2.85 Non Existent Initial Repeatable Defined Maturity Level 2012 Maturity Level 2013 Maturity Level 2014 Managed Optimized 5 - Optimizing 4 - Managed 3 - Defined 2 - Repeatable 1 - Initial Focus on process improvement Process are measured and controlled Processes are characterized for specific projects and organization is often reactivated Processes is unpredictable, poorly controlled and reactivated Projects are tailored to their processes from the organizations development methodology Business Development Report Management Reports Company Information Information For Investors Operational Review Assuring the Move Into Next Level 152 Information and Communication Technology Monitoring and Improvement Process The processes aimed to ensure the achievement of targets and performance improvements. ICT Functions Performance in 2014 Throughout 2014, ICT functions has executed several activities in line with the KPI of ICT functions, as follows: NO ACTIVITIES TARGETS ACHIEVEMENTS 1 Maturity Level 3.5 3.58 2 Availability of ERP System 99.95 99.98 3 Fulfillment of SLA of ICT Operations 75 86.25 4 Level of user satisfaction with ICT services 75 89 Operational Review VISION, MISSION, POLICY, STRATEGY, CULTURE STAKE HOLDERS VALUE ADDED STAKEHOLDERS REQUIREMENTS SUPPORTING PROCESS UTILITY COMMUNICATION INFORMATION HUMAN RESOURCES FINANCE ASSET INVENTORY MANAGEMENT IDENTIFICATION OF STAKEHOLDERS’ NEED OPERATIONAL CONTROL STRATEGIC PLANNING IMPROVEMENT BREAKTHROUGH PERFORMANCE EVALUATION MONITORING, MEASUREMENT ACTION AUDIT ACTION COMMUNITY DEVELOPMENT CORE PROCESS MONITORING IMPROVEMENT PROCESS ORDER TO CASH DISTRIBUTION PRODUCTION PROCURE TO PAY INFORMATION AND COMMUNICATION TECHNOLOGY DEVELOPMENT In the effort to accelerate business decision making towards operations efficiency and effectiveness, the Company develops and increased its core assets quality, namely information capital. The quality increment is executed through the development of Information Technology role as the catalyst that directly able to accelerate the Company’s business growth. For this reason, aligned with the formulation of business development strategy and roadmap, the Company is consistently executing initiatives as stated in the ICT Master Plan, so as to support business strategy and strengthen its competitiveness in cement industry, in which cost efficiency becomes one of significant key to win the competition. The Company also formulates the ICT Target Operating Model to ascertain IT supports in the implementation of business strategy by placing the principles towards: Corporate Governance Implementation Report Corporate Social Responsibility Report Corporate Data Management Discussion and Analysis Financial Statements Assuring the Move Into Next Level 153 Information and Communication Technology • Business Process and System Standardization in all Semen Indonesia Group • Increment of automation process level • Control improvements The Target Scheme of ICT operating model to support business strategy is illustrated below. • Business Strategy • Business Requirements Drivers Components of Target Operating Model • ERP Application Architecture • CRM • Security Architecture • IT Vision Organization Other Projects • Business Intelligence Integration Architecture Collaboration tools for Customer Portal Unified Communication Architecture • IT Governance • Knowledge Management Network Architecture • Human Resource • BCM • Managed Services • IT Requirements • As Is Analysis • Guiding Principle ICT MASTER PLAN IMPLEMENTATION The Company has formulated ICT master plan with methodology to ascertain the harmony between business needs and ICT initiatives. All operating companies OpCo requirements and business plans are identified, both in operations and strategic levels. Further, the ICT initiatives are detemined to support and eventually accelerate business target achievements and divided into the categories of ICT Infrastructures, ICT Management, and ICT Business services. Business Development Report Management Reports Company Information Information For Investors Operational Review Assuring the Move Into Next Level 154 The ICT master plan Phase II ICTMP II for the period of 2014-2017 is the continuation of Phase I ICTMP I. The ICTMP I was focused on the procurement of ERP system single plaforms for business process standardization between OpCo. The ICTMP II is intended to revitalize and increase the ERP modules, as well as expand the capability to support CRM Customer Relation Management and SCM Supply Chain Management. CRM and SCM are keys to increase the Company’s competitiveness in both domestic and regional markets, to “enhance the Company’s growth“. Information and Communication Technology Operational Review The CRM will enable the Company to “moving closer to the customers” by providing better customers knowhow and customers supports to win the market. The SCM will strengthen the Company’s supply chain networks by uniting and integrating supply chains as well as improve vendors’ cooperations. The SCM will take charge and support the company’s strategies to “manage energy reservation” and to “manage major risks”. All ICTMP II efforts will “enhance the Company’s image”. ICTMP I ICTMP II Expected Benefits Theme SIG ICT Centralized Single PLATFORM to ENABLE Business Synergy Capacity and CAPABILITY to ENABLE Business Growth Enhanced Capability Business Process Support • Internal Process: Core ERP SAP ECC 6 • Standard Best Pracices • Integrated Supply Chain : Extended ERP CRM SCM • Improved Best Pracices • Integrated Supply Chain • Customer Retenion • Compeiive Advantage Informaion Level Emphasized on Transacional Emphasized on Analyical Consolidaion • Performance tracking • Decision making process Corporate Governance Implementation Report Corporate Social Responsibility Report Corporate Data Management Discussion and Analysis Financial Statements Assuring the Move Into Next Level 155 Herewith the initiatives of ICT Master Plan period of 2014-2017 carried out during 2014, among others are: ICT DEVELOPMENT INITIATIVES RISK REDUCTION OPPORTUNITY TO BE CAPTURED 1 ERP-SAP process enhancement • Reduce complexity and time in some business processes • Enhance ERP features • Increase performance • Process simplification 2 Employee Performance Management System • Reduce the late visibility of Employee informationdata • Build good employee performance monitoring system 3 Corporate Performance Management System • Reduce the late visibility of Corporate informationdata • Build good corporate performance monitoring system 4 Banking Online System • Reduce time for financial transactions • Quick payment collection 5 E-Procurement • Reduce cost of procurement • Increase opportunity for saving money 6 Business Planning Consolidation • Reduce time to prepare consolidation report • Effective efficient financial report 7 Customer Relationship Management CRM • Reduce inefficiency of order and delivery handling • Buildeducate market • Increase customer loyalty 8 Supply Chain Management SCM • Reduce inefficiency • Reduce underserve market • Build strong networks with partners 9 Supplier Relationship Management SRM • Reduce uncertainty in material spare part supply • Effective sourcing 10 E-Tax • Reduce late payment • Reduce inaccurate payment • Effective efficient Tax payment 11 Business Intelligence • Reduce the late visibility of key informationdata • Analyze more granular information • Monitor corporate performance • Early warning system 12 Capex Management • Reduce project risks • Reduce inefficiency • Leverage resources to faster investment and benefit realization 13 Strategy Management • Reduce misalignment between strategy and operational strategy • Leverage resources to business growth 14 Maturity Level Assessment • Reduce ICT regulation, policy and procedure violation risk • Increase ICT Governance Performance • Comply with ICT regulation, policy procedure 15 ICT infrastructure • Reduce Business disruption Risk • Reduce SLA violation risk • Leverage IT resources to value to business and its strategy Implementation Strategy To ascertain the successful implementation of ICTMP, in supporting the Strategic Alignment and improving efficiency, the Company carries out integration of ICT organization in Holding levels. With this integration, the planning, services standardizations, strategy executions, and monitoring of ICT projects will be centralized, including the ICT operations. Information and Communication Technology The proper ICT Governance is expected to support KPI achievements and increases maturity level as targeted. To that end, ICT Performance Governance board was established, which specifically enforcing the governance implementation. Business Development Report Management Reports Company Information Information For Investors Operational Review Assuring the Move Into Next Level 156 In addition, a subsidiary PT Sinergi Informatika Semen Indonesia was officially established in 2014, with main assignments to support the continuity of operations and development of Information System in all PT Semen Indonesia Persero Tbk Group. SUPPORTING ELEMENTS OF COMPANY INFORMATION SYSTEM Integrated Computer Network The Company has had a backbone group network to enable the access of communication of data, voices and videos from every end points of the Company’s branches. The Company also has carried out centralization of servers, to centralize all business application that are accesible from any location, from offices, mills, Packing Plants, Distributors, Expeditures, Vendors, as well Banks. Virtual Meeting Virtual Meeting has been embedded in Semen Indonesia Group for coordination between operating units as well as companies. Meeting rooms are mostly equipped with advanced Video Conferences equipments, thus enabled the users to conduct long distant meetings effectively and efficiently. As a result, the decision making process can take place quickly, travel expenses can be saved, and the users are able to reduce the coordination times and efforts. ICT Service Desk Call Center To provide better and measured services to ICT users, the ICT Service Desk Call Center unit has been established with centralized management. All ICT problems in Operating Company are reported to the Service Desk unit for record in the system and tickets are provided. Further, the tickets will be resolved by the engineers and the status will be reported. As such, the users’ problems and complaints can be well managed and settled in satisfactorily results. Business Process Automation To identify and monitor the cargo truckings in and out of the mills and warehouses, the Company enforces RFID technology which automatically will enter the data into the SAP system if it went through certain posts. This will expedite products distribution process. In 2014, sufficient numbers of distribution areas have been utilizing the RFID technology. Information and Communication Technology Operational Review Corporate Governance Implementation Report Corporate Social Responsibility Report Corporate Data Management Discussion and Analysis Financial Statements Assuring the Move Into Next Level 157 The performances of industry machineries in all mills are monitored in real time and featured in the dashboards for early detection of possible problems. The Global Positioning System technology is used to monitor vessels position, as well as to report new unidentified stores by Area Managers. As such, the sea-trans-shipment and stores management are properly enforced. BUSINESS IMPACTS OF ICT ENFORCEMENT • Corporate Culture The ERP SAP Single system also has enforced a common terminology, which is by expediting the communication between entities in the Company. Information transparency is increasing, thereby every entities in the Comapny are able to share strategies and experiences in order to face competition and utilizing opportunities in the markets. The integration of ICT organization in the holding levels has merged the Company’s ICT plannings, through a professionally designed roadmap to meet the long term needs of all OpCos. • IT Shared services Aligned with single and centralized business service system implementation in holding, all business services requested by OpCo are provided by ICT organization in holding, and will be charged based on the services. The shared services will maintain the group strategic policies and business process standardization, service qualities are increased and efficient operations cost can be achieved. The Company is committed to continuously support the enforcement of ICT programs and expects diligent endeavours from all management levels, employees as well as vendors, to ascertain the achievement and optimum roles of ICT in improving the Company’s sustainable future performances. Information and Communication Technology Business Development Report Management Reports Company Information Information For Investors Operational Review Assuring the Move Into Next Level 158 Risks and Risk Management In realizing business development programs and in managing routine business activities to achieve the company’s vision by continuing to enforce good corporate governance practices, the Company faced risks as the challenges that need to be resolved, which presented business growth opportunities in its process. To mitigate the risks, at the same time recognizing business development opportunities, will ascertain the realization of the Company’s strategic plans and ensure business continuity, thereby since 2005 the Company implements the Enterprise Wide Risk Management EWRM, integrated into all company’s management system. EWRM is consistently and continuously carried out in all business processes and in strategic as well as operations decision making. The Company’s risk management is built through various phases, which are: Ø Preparation Phase 2005 – 2007 Preparation phase is carried out within 3 years time frame to prepare required infrastructures for risk management, with the following activities: ฀ Risk Management Unit establishment; ฀ Preparation of competence personnels; ฀ Risk assessment pilot project in Production and Marketing Division; ฀ Establishment of Strategy, Risk Management, and Investment Committee by the Company’s Board of Commissioners; ฀ Risk management audit by the Audit Committee; ฀ Disposition of risk management manual; ฀ Initiation of risk strategic review disposition in the Company; ฀ Disposition of risk management roadmap. Ø Implementation Phase 2008 – 2009 The system designed and analyzed in the preparation phase is continued into implementation phase, with the following activities: ฀ Formulation of risk management policy; ฀ Establishment of risk management team; ฀ Disposition of risk management procedures; ฀ Dissemination and Training of risk management in all elements of the Company; ฀ Risk Assessment in all operating units; ฀ Measurement of the first Risk Maturity Level by independent institutions; ฀ Reviewing the risks related to strategic and operations issues of the Company. Operational Review Enhancing risk management quality to recognize and mitigate risks impact, as well as identifying and utilizing growth opportunties by acknowledging risks mitigation efforts to boost the Company’s development in achieving new performance levels in the future, and at the same time as the realization of prudent and quality management of the Company “ “ Corporate Governance Implementation Report Corporate Social Responsibility Report Corporate Data Management Discussion and Analysis Financial Statements Assuring the Move Into Next Level 159 Risks and Risk Management Ø Enforcement Phase 2010 – 2014 The Company enforces the structures and systems that are being implemented to verify the consistency and sustainability of the systems, which was targeted to finalize in 2014. The following are the activities: ฀ Application of Risk Based Audit; ฀ Risk management integration with Company’s policy and procedures; ฀ Disposition of Risk Maturity Level evaluation guidelines for self assessment; ฀ Implementation of Value at Risk; ฀ Application of Internal Control of Financial Reporting; ฀ Application of Key Risk Indicator KRI and Key Control Indicator KCI for Key Performance Indicator KPI; ฀ Measurement of Risk Maturity Level by independent institutions; ฀ Implementation of ISO 31000 framework; ฀ Development of Risk Management Portal Website; ฀ Application of Integrated Governance, Risk Compliance Integrated GRC; ฀ Initiation of Corporate Loss Event Database; ฀ Initiation of Corporate Risk Modeling. Integrated Governance, Risk Compliance Integrated GRC The increasing complexity of activities of the company operating in the archipelago and foreign countries, as the results of well planned and measured development program realization and expansion, making the Company to face various challenges. These challenges include: accurate investment decision making process, investment monitoring, Subsidiaries management, changes in business environment, and compliance in the prevailing laws, both in the country and in units operating abroad. The challenges shall be acknowledged and effectively managed, thus the Company can realize the targets and maintained the optimum and sustainable growth. In relations to the above matters, the Company develops a professional and responsible management through the application of Good Corporate Governance GCG, Enterprise Risk Management ERM, and Corporate Compliance System CCS in an integrated way. The Company stipulates an Integrated GRC Application Policy and Guidelines, as the manifestation of commitment towards professional and responsible management, and becomes the basis in the enforcement of Integrated GRC’s system, structures, and infrastructures, applicable for Semen Indonesia Group and Subsidiaries. The integrated governance, risk, and compliance GRC enforced a more effective and efficient assurance functions management, supported by monitoring system and implementation reports in all Semen Indonesia Group and Subsidiaries. Frameworks and Main Components of Integrated GRC The main components in the frameworks of Integrated GRC are as follows: ฀ Values and Corporate Culture, ฀ Corporate Governance, ฀ Enterprise Risk Management ERM, ฀ Compliance Management System, and ฀ Integration Enabler: GRC single-platform. Business Development Report Management Reports Company Information Information For Investors Operational Review Assuring the Move Into Next Level 160 The relations and process of five Integrated GRC components is illustrated in Image 1 as follows: I. SIG Values and Culture Information and Communication Technology ICT - Single I-GRC Platform Across Group Group Board Governance - Principles, Manual, Charters, Structures, Strategic Plans, and Assurance Reports, Certificates Audits Targets Determination, Strategic Decision Making and Company Strategy Formalization ICOFR CSA KCI Compliance towards Laws Regulations HSE Standards Application Documentation and Register of Company’s Obligations and Compliance Group Portfolio Investment Risk Management Group OPRISK Management Integrated KPI-KRI SM Business Continuity Management II. Corporate Governance IV. Compliance Management System V. Integration Enabler III. Enterprise Risk Management MONITORING CONTROL OF INTEGRATED GRC APPLICATION The Company Integrated GRC System adheres to the concept of integrated involvement of all lines by relying on the competence and integrity of SIG human capital. The performance, growth, and sustainability of the Company is determined by its human capital. The Three Lines of Defence is revolved on the President Director as the highest responsible Risks and Risk Management Operational Review person in the application of Integrated GRC, of which the daily management is mandated to the assigned Director. As in below diagram 2, the monitoring and contol lines of GRC are as follows: 1. The first lines are business process owner. C - Officers GRC Excutives Level and Risk Compliance Managers of Operating Units Chief Risk Compliance Officer Corporate Risk Compliance Officer of GRC Functions BOC CEO GRC Champion Chief Audit Officer of Internal Audit Functions 1 2 3 Corporate Governance Implementation Report Corporate Social Responsibility Report Corporate Data Management Discussion and Analysis Financial Statements Assuring the Move Into Next Level 161 2. Middle lines are the assurance functions, namely governance, risk management and compliance functions. 3. Last lines are the highest responsible functions in GRC application comprise of Internal Audit; CEO as GRC Champion acted as the highest responsible person in GRC application; and BOC with important roles on the effectiveness of supervisory and monitoring functions on the Company’s management through the Commissioners’ Committees, External Auditor, and GRC functions Internal Audit, Risk Management, and Compliance. Risk Management Frameworks The Company has enforced transformation of risk management standards which previously conducted with ASNZS standards to ISO 31000 standards. The ISO 31000 standards, supported by House of Risk are both become the core infrastructures in the Company’s risk management application. The application of ISO 31000 as frameworks is expected to support the implementation of the Company’s risk management in accordance with the international standards and in line with the Company’s vision and mission. In addition, risk management is expected to propel the application of good corporate governance, thus the Company’s business process is carried out according to stakeholders expectation. ISO 31000 is an international standards that applied in risk management application guidelines published by International Organization for Standardization ISO and is not developed for certifications. ISO 31000 was published on 13 November 2009, as the enforcement of ASNZS 4360:2004 standards, which was endorsed by Standard Australia. As the guidelines of risk management implementation, the Company develops internal systems and references framework that is called “House of Risk Semen Indonesia” HORSI. HORSI regulated all risk management infrastructures of the Company so as to let the harmonious implementation of risk management with and to support the Company’s performances. The implementation of risk management and related programs is infrequently met several obstacles. The biggest obstacles are the dissemination to all elements, internally or externally. The Company anticipates this by applying periodical dissemination that was integrated with the existing system development. As Risks and Risk Management Organization Structure Reporting Monitoring Review Risk Mitigation Risk Policy Risk Procedure Risk Evaluation Guideline Risk Management Information System IT Risk Management Evaluation Risk Based Audit Risk Assessment Business Development Report Management Reports Company Information Information For Investors Operational Review Assuring the Move Into Next Level 162 such, risk management is expected to become the culture that underlies activities in every elements of the Company. Risk Management Organization Structure The Company has formed Risk Management Unit as the coordinator in the application of risk management. The Unit is designing the risk management system, frameworks and roadmap development, and infrastructure refinements required in the application of risk management, facilitating and disseminating activities related to risk management application, and others. Strategies and working programs are carried out to manage risks consistently and continuously, in order to be able to divert risk impact, increased affirmity to achieve targets, and able to recognize and realize business opportunities. In risk management, close relations is occured between Risk Management Unit as Corporate Risk Manager, business process owner as Risk Coordinator, and Internal Audit Unit as Risk Control. Risk management is a responsibility of business process owner, thus business process owner are accountable for the risks, risk control, and risk mitigation. In this process, the Company assigned risk officers. Risk Assessment, Key Risk Indicators, and Key Control Indicators Business process owner carries out periodical risk assessment, and in 2012 the risk assessment has been completed with Key Risk Indicators KRI and Key Control Indicators KCI applied to detect risks potential in the effort to achieve key indicators from the Company’s performance, thereby the KRI is used as leading indicators of KPI’s achievement.The identification fo KRI and KCI is expected to assure the Company’s target achievement as the early warning that took placed on potential risks indicators including its control measures. Risks and Risk Management Operational Review Risk Owner Risk Sponsor Risk ControlAudit Risk Coordinator Risk Officer Corporate Risk Manager Risk Manager Corporate Governance Implementation Report Corporate Social Responsibility Report Corporate Data Management Discussion and Analysis Financial Statements Assuring the Move Into Next Level 163 Business process ownerrisk owner presented the risk assessment results to Risk Management Unit for monitoring and further be submitted to Internal Audit Unit, which assessed the effectiveness of risk assessment results through its risk control and mitigation efforts. In addition, risk assessment results also applied as consideration in risk based audit. Effectiveness of Risk Management Maturity Level Assessment The Company conducts risk maturity level assessment periodically by applying AS:NZS criteria, through refinement and improvement of risk management quality. The assessment is executed towards seven criteria, which are contexts determination, risk identification, risk analysis and evaluation, risk handling, risk control, information and communications, as well as monitoring and review. The assessment of risk management effectiveness presented the following 1 to 5 scores: started from initial level 1, repeatable level 2, defined level 3, managed level 4, and optimised level 5. The assessment results derived from methods of documents verification, questionnaires distribution, and interviews with related parties, was recorded a maturity level score of 3,70 for risk management application of fiscal year 2013. The increased of score from 3,48 to 3,70 represents optimum and continuous improvement of risk management by the Company. Through current and future working plans, the Company is expected to continue attaining better maturity levels. No Risk Management Implementation Components Maturity Values 2009 2011 2013 1. Contexts Determination 3.71 4.01 4.24 2. Risk Identification 4.08 3.3 3.75 3. Risk Analysis 3.84 3.12 3.75 4. Risk Evaluation 3.84 4.16 3.75 5. Risk Handling 3.20 3.12 3.21 6. Communications and Consultations 3.22 3.02 2.86 7. Monitoring and Review 1.75 3.75 3.54 Total Score Maturity 3.39

3.48 3.70

Risks and Risk Management Business Development Report Management Reports Company Information Information For Investors Operational Review Assuring the Move Into Next Level 164 Risk management and risk monitoring. The Company strives to refine and develop risk management system through work plans programs conducted at the next period, so as to achieve better maturity levels. Risks and Risk Management Operational Review 5 Organization has the capability that properly developed to identify, measure, manage, and monitor risks; risk management process is dynamics and adapted with variety of risk changes and cycles • Formal statements on risk appetites as well as risk tolerance and are in decision making • Risks and risk management information are explicitly considered into the management decision making process • Consistent implementation to analyze by combining qualitatives and quantitaives techniques • Risk management is considered to provide competitive advantages as the focus of optimum best selection is based on risk reward trade-offs 4 Clear understanding on main risks in the organization and consistent implementation of risks handling; several functions are enabled to apply advanced techniques more than others • Guidelines on tolerance implementation and loss limits has been previously set or under development • Explicit consideration on risks and risk management information conducted on significant decision making process • Consisent implementation on analysis by combining qualitatives and quantitatives techniques 3 Acknowledging and handling of main risks by the organization; capability to measure, manage, and monitor the risks are already accurate, although there is a possibility of inconsistency in all levels of organization • Guidelines to determine risk losses and tolerance has not yet developed • Risks and risk management information are considered as information or implicitly in decision making • Consisent implementation on analysis by focusing on qualitatives approach 2 Inconsistency in knowledge, management, and monitoring of main risks in overall organization; limited capability to consistently identify, assess, manage, and monitor risks • Risk management activity is applied in functional levels than in the corporate levels • Risk management activity is emphasized more on compliance • Risks and risk management information are considered informally or impllicitly in decision making, often taken as ad-hoc 1 Risks identification and handling by the organization are conducted in certain parts only; risk management components and process are limited and implemented as ad-hoc. Corporate Governance Implementation Report Corporate Social Responsibility Report Corporate Data Management Discussion and Analysis Financial Statements Assuring the Move Into Next Level 165 With the achievement of Aon Risk Maturity Index 4.5, the Company is concluded: - Has the commitment to implement risk management in all aspects of company’s management, supported by work programs by the Board of Directors, and monitoring by the Board of Commissioners. - Has developed capability to identify, assess, and build risk priorities consistently in all company’s operations. - Has conducted consistent risk analysis through qualitatives and quantitatives approaches. - Has upheld risk culture that embedded into decision making and company’s operations management. Aon Risk Maturity Index is a method to capture and asessment on risk management implementation in a company. It provides feedback in the form of Risk Maturity Rating include recommendations for improvements. Aon Risk Maturity Index applies various questions related to the implementation of risk management, GCG and decision making process, among others are: - Knowledge and commitment of risk management in the level of Board of Directors and Board of Commissioners in decision making and value creation. - Company’s transparency in communicating risks to the concerned parties. - Risks culture that propel the involvement and accountability in all levels of company. - Risk identification, both on existing risks and potential risks through internal and external information. - Formal approaches on corporate governance and decision making processes in compiling and utilizing the operations and financial risk information. - Moving the focus from risk avoidance and mitigation to risk utilization and management, so as to create better values. Assessment and Mitigation of High Level Corporate Risks The Company annually conducts risk assessment. In 2014, business process and KPIs evaluation has been enacted by the Company, and has indentified 231 significant risks in all departments. From the identification of significant risks, the Company stipulates high level corporate risks to anticipate the most significant risk potential that may hampered the Company’s achievements. To resolve risk potential into opportunities towards profitability for the Company, the identification of control and mitigation of all risks especially high level corporate risks has been implemented by the Company, so as to minimize the possibility and impact of the risks. Risks and Risk Management