251 PT Telkom Indonesia Persero Tbk Below is a chart of the organizational structure of the Telkom Internal Audit. president Director sVp Internal Auditor Harry Suseno Hadisoebroto Vp Infrastructure Operations Audit Dani Ramdani Vp Enterprise Management Audit Heru Muara Sidik Vp support subsidiary Audit Budhi Santoso Chief Expert strategic Advisor Audit Board of Commissioner The aforementioned Vision and Mission of the IA is applied in the form of IA activities that are organized in a systematic and measured manner, and in accordance with the applicable standards ranging from preparation, implementation and monitoring of the follow-up results. To this end, during the audit preparation phase, risk- based audit methodology is the main guideline which emphasizes that determining the proper audit unit auditable is based on the level of risk; the higher the risk, the higher the need for auditing. The risk level of the audit object auditor is based on the risks that have been mapped and determined by the Company as well as the professional assessment by the IA itself. Duties And Responsibilities The risk-based audit paradigm, in carrying out its duties and responsibilities, have used the IA Audit Management System AMS, which is an application system for documenting the implementation of risk- based audits online. Increasing the role of IA is done by improving quality assurance for the company’s operations through audit and non-audit activities. Audits are conducted to ensure that business risks that may occur can be addressed through efective internal controls. If deiciencies are found in the control of a business process andor the risk of spiraling out of control, then a substantive test is conducted, namely a further testing of the audit object in order to explore root causes. Moreover, as a consequence of listing of shares on the Indonesian Stock Exchange BEI and the New york Stock Exchange NySE, IA periodically carries out tests and audits of the efectiveness and adequacy of internal INTERNAL AUDIT CHARTER Telkom IA unit has been equipped with the Internal Audit Charter as a formal company document, which contains a description of the vision, mission, structure, status, tasks, responsibilities and authority of the IA, including requirements for IA auditor personnel. The drafting of the Internal Audit Charter is guided by international standards for the practice of the internal auditing profession issued by the Institute of Internal Auditors “IIA”, and has been approved by the President Director and the Audit Committee of the Board of Directors based on decision No.Tel. 09PW 000UTACOP-C00000002015 regarding the Internal Audit Charter. VISION, MISSION, TASKS AND RESPONSIBILITIES OF INTERNAL AUDIT Vision As a “Smart Partner” for Management, Business Unitwork Unit and subsidiaries in order to achieve the Company’s objectives as well as a driving force for the whole range of the Company and its subsidiaries in order to create a culture of discipline in implementing all provisions of the applicable legislationpolicyregulationsprocedures business processes. Mission 1. Provide services and internal audit consulting in a professional, objective and independent manner for Management, Business Unitwork Unit, and subsidiaries. 2. Provide assurance on the suitability of inancial reporting. 3. Actively guarding the implementation of internal control, providing support in raising GCG implementation, and evaluating the implementation of risk management. 252 PT Telkom Indonesia Persero Tbk controls in the context of inancial reporting in accordance with Internal Control over Financial Reporting ICOFR standards. In order to support the implementation of the audit and develop awareness towards the importance of internal control for the business units, each quarter, the business unit perform Control Self Assessment CSA to the internal controls for which it is responsible. Periodically, IA evaluates the CSA results to measure their adequacy and make recommendations for improvement both for design and implementation. The next stage is to participate in the activities of internal consulting services. Internal consulting services is focused on, among others, Company operations that can be grouped into infrastructure management production equipment, products and services as well as supporting operations, including the identiication of Group Financial Reporting RiskGFRR, the preparation of business processes of subsidiaries and HR management. This internal consulting activity is more of a preventive solution to anticipate that business operations continue in the right direction and heed applicable regulations. As part of the Company with a high commitment to the success of GCG, IA has an important role in the whistleblower mechanism which is the purview of the Audit Committee and the Executive Investigative Committee EIC, where the head of IA is appointed as secretary of the EIC. The whistleblower mechanism functions to accommodate every ‘complaints’ by employees to be forwarded to the management. In turn, if the Audit Committee and EIC deem that the complaint needs to be investigated further, IA will take the role to follow-up as part of the duties of audit. The results of such activities are reported to the President Director with copies forwarded to the Audit Committee and then the results will be communicated to the audit object to be followed up and rectiied. To ensure that the object of the audit has provided a suicient response on the results of the audit and internal consultation, it is necessary to conduct further monitoring. Follow-ups on the ground are conducted by the audit object which is then monitored by the IA. In this regard, a follow-up is limited to areas of signiicant business processes with a mutually-agreed settlement time. INDEPENDENCE INTERNAL AUDIT UNIT As set forth in the applicable capital market regulations, namely Bapepam-LK regulation No. XI.2.7, the Internal Audit is an independent unit from other work units and is directly responsible to the President Director. Telkom’s head of Internal Audit is appointed and dismissed by the President Director with the approval of the Board of Commissioners. One of the implementation of the independence of the Internal Audit Unit in Telkom is the Internal Audit Report sent to the President Director and copied to the Audit Committee Board of Commissioners. THE APPOINTMENT PROCEDURE AND NAME OF THE CHAIRMAN OF THE INTERNAL AUDIT The Internal Audit IA Unit plays a role in exercising control over the Company’s business activities. The IA is headed by a Senior Vice President of Internal Audit SVP Internal Audit, who is appointed and dismissed by the President Director with the approval of the Board of Commissioners. As of December 31, 2015, the Internal Audit SVP is held by Harry Suseno Hadisoebroto. BRIEF PROFILE OF THE HEAD OF INTERNAL AUDIT UNIT Harry Suseno Hadisoebroto served as Internal Audit SVP since July 1, 2015 and was appointed by a Resolution signed by the President Director. Since 1992 has worked at Telkom and its subsidiaries and has 11 years of professional experience in various positions at management level. He previously served as Internal Audit Telkomsel VP since May 1, 2014 until June 30, 2015. He has been Internal Audit VP at Telkom from April 1, 2011 until April 30, 2014. NUMBER OF PERSONNEL OF INTERNAL AUDIT UNIT At the end of 2015, the number of personnel in the IA unit numbered 49 people. Based education, the personnel of the Internal Audit are as follows: Education Number High School 1 2.0 D2 3 6.2 D3 1 2.0 S1 Undergraduate 30 61.2 S2 Graduate 14 28.6 Total 49 100 QUALIFICATIONPROFESSIONAL CERTIFICATION To maintain and improve auditors who have suicient competence both in quality and quantity to be able to act in accordance with the scope of activities of IA in guarding the business development of the Company, IA continues to strive in: 1. involve the IA auditor in training, seminars and workshops of a technical nature; and 253 PT Telkom Indonesia Persero Tbk 2. engage the IA auditor in both local and international certiied sustainable learning. Currently, the number of auditors who already have national certiication is eight people with Qualiied Internal Auditor “QIA” certiicates and six people with international certiicates, one person with a Certiied Fraud Examiner “CFE” certiicate, two people with Certiied Information Systems Audit “CISA” certiicates, one person with a Certiied Risk Management Audit “CRMA” certiicate, one person with a Certiied Management Audit “CMA” certiicate, and one person a Certiied Behavior Consultant “CBC” certiicate. Currently the number of auditors who have been certiied auditor both nationally and internationally, with details as follows : Type Certiicate Amount Qualiied Internal Auditor QIA 8 Certiied Fraud Examiner CFE 1 Certiied Information System Audit CISA 2 Certiied Management Accountant CMA 2 Certiied Behavior Consultant CBC 1 ISO 27001 Lead Auditor 5 Enterprises, universities and private companies. FKSPI routinely organizes seminars and workshops to improve the competence of its members. As many as nine 9 Telkom Internal Audit personnel became members of the Institute of Internal Auditors IIA. This membership, as part of the Telkom Internal Audit, is always updated with scientiic developments in the ield of auditing and assurance. AUDIT AND CONSULTING ACTIVITY IN 2015 In accordance with the Internal Audit Annual Work Plan, in the period 2015, the IA Unit implemented 45 audit objects and consultations. During 2015, the internal audit unit actively participate its auditor in the preparation of international certiication such as Certiied Information System Audit “CISA” and Certiied Internal Auditor “CIA”. TELKOM INTERNAL AUDIT ACTIVE IN PROFESSIONAL ORGANIZATIONS Telkom Internal Audit is actively involved in the activities of the Communication Forum of Internal Control Unit “FKSPI” Indonesia. This forum was formed to be the vehicle for improving the quality of supervision and establish professional auditors with international standards. FKSPI members consist of State-Owned Enterprises Internal Audit Unit, Regionally-Owned Sub Unit Q-I Q-II Q-III Q-IV year 2015 Enterprise Management Audit 4 6 3 7 20 Infrastructure Operation Audit 5 4 2 2 13 Support Subsidiary Audit 5 3 2 2 12 Total IA 14 13 7 11 45 Until December 31, 2015, Internal Audit has completed 45 Auditconsultations and produced 481 recommendations, with details as follows: Sub Unit Number of Recommendations Follow-up Status Closed Open Enterprise Management Audit 140 72 68 Infrastructure Operation Audit 252 207 45 Support Subsidiary Audit 89 74 15 Total IA 481 353 128 254 PT Telkom Indonesia Persero Tbk INTERNAL AUDIT TRAINING The training followed by Internal Audit in 2015 is as follows: Program Number of Participant Number of Day Sertiication Training 2 12 Operational Training 52 19 Competency Enhancement Training 42 31 EXTERNAL AUDIT In line with existing procedures and taking into consideration the independence and qualiications of independent auditors, at our AGMS on April 17, 2015 we appointed KAP Purwantono, Suherman Surja a member irm of Ernst young Global Limited a registered KAP with OJK, to perform the audit on our Consolidated Financial Statements for the iscal year ended December 31, 2015 and on the efectiveness of internal control on Financial Reporting as of December 31, 2015. The fee for the audit on the Consolidated Financial Statements for iscal year 2015 was agreed at Rp34.4 billion excluding VAT. Based on Bapepam-LK No.VIII. A. 2. on the Independence of Accountant Providing Audit Services in Capital Markets noted that the provision of services of general audit of the client’s inancial statements can only be done by a public accounting irm for as long as 6 six inancial years in a row and by an accountant no later than 3 three iscal years in a row. KAP Purwantono, Suherman Surja is a public accountant irm since 2012. In 2015, company’s public accountant irm is Purwantono, Sungkoro Surja previously Purwantono, Suherman Surja. Accountant who signed the Independent Auditors’ Report for Fiscal year 2015 was Hari Purwantono. KAP Purwantono, Sungkoro Surja was also appointed to audit the Efectiveness of Internal Control over Financial Reporting inancial year of 2015 and audit the use of funds of the Partnership and Community Development “PKBL” in iscal year 2015. Public accounting irm that has audited Financial Statement of the Company for the last 5 years, are as follows: years Public Accounting Firm Public Accountant Fee Rp million 2015 Purwantono, Sungkoro Surja Drs.Hari Purwantono 34,400 2014 Purwantono, Suherman Surja Drs.Hari Purwantono 31,500 2013 Purwantono, Suherman Surja Drs.Hari Purwantono 28,240 2012 Purwantono, Suherman Surja Drs.Hari Purwantono 26,619 2011 Tanudiredja, Wibisana Rekan Chrisna A.Wardhana, CPA 40,503 Fees and Services of the External Auditor The following table summarizes the fees for audit service in 2013, 2014 and 2015: For years Ended on Desember 31, 2013 2014 2015 Rp million Audit Fee 28,240 31,500 39,943 All Other Fees 340 370 400 AUDIT BY OTHERS EXTERNAL AUDIT INSTITUTIONS In 2015, in addition to the audit by the Public Accounting Firm KAP, Auditors from the Audit Board of the Republic of Indonesia BPK audited Telkom’s Income and Expenses. This audit further increased the “control awareness” of Telkom’s management in the procurement process of goods and services. 255 PT Telkom Indonesia Persero Tbk RISK MANAGEMENT IMPLEMENTATION OF RISK MANAGEMENT Risk management is important in the communication business because it has a wide scope that requires a large investment with a high degree of competition. Implementation of the risk management system is further strengthened by the Regulation of the Minister of State- Owned Enterprises No. 1 of 2011 which requires Telkom to conduct risk management. In its implementation, risk management is done in a systematic, structured and applied in all parts of the Company. Risk management is applied to minimize all possible risks that could negatively impact on the achievement of Company targets. Risk Management Development Milestone Since 2006, we have applied a risk management framework that refers to the COSO Enterprise Risk Management ERM as stipulated in Decision of the Board of Directors Number. 16 of 2006 on Corporate Risk Management Telkom Risk Management. The policy was amended by the Board of Directors’ Regulation No.PD.614.00r.00 HK.200COP-D00300002015 of September 30, 2015 on Company Risk Management Telkom Enterprise Risk Management. The implementation of risk management at Telkom in 2006 started with the establishment of the Legal Unit of Risk Management Compliance RMLC under the coordination of the Executive Vice President EVP. Furthermore, the Directorate of Compliance Risk Management CRM, under the control of the Director of the CRM, was created in 2007. With an improved level of awareness of risk management and greater business challenges in 2013, the function of risk management was formed by the Department of Compliance, Risk Management and General Affairs CRMGA, under the responsibility of the Head of CRMGA, to manage governance. Since January 28, 2015, the sub directorate of Risk Process Management belonged in the Finance Directorate. The history of Risk Management in Telkom in 2006 to 2015 has led the company to a level in which risk has been taken into consideration in making strategic decisions, in the implementation of operations, to oversee compliance as well as in safeguarding the inancial reporting process through the Internal Control Processes and Disclosure Control Procedures. Looking ahead, we continue to strive to maintain and improve the maturity of risk management implementation with some emphasis as follows: 2015 : Improved implementation of Business Continuity Management System BCMS 2016 : Improved implementation of Revenue Assurance Fraud Management System Risk Management Organizations at the corporate level Regulation of the Board of Directors No. 202.11r.01 HK200COP-J40000002015 dated January 28, 2015 on the TELKOM Group Office Organization, the organizational structure of Sub Directorate of Risk Process Management in the Finance Directorate are as follows: Vp Risk process Management AVp process strategy AVp process strategy AVp process strategy Risk Management Policy and Framework Risk Management policy in Telkom refers to Regulation of the Board of Directors Number: PD.614.00r.00HK.200 COP-D00300002015 of September 30, 2015 on Company Risk Management Telkom Enterprise Risk Management which replaces the Board of Directors’ Decision No. KD.16PW000PRO-IIC2006 of February 3, 2006 on Company Risk Management Telkom Risk Management. As the transition period the Decision of the Board of Directors No.KD.16PW 000PRO-IIC2006 is still valid in the period of 6 six months from the Board of Directors Regulations No.PD.614.00r.00HK.200COP-D00300002015 apply. 256 PT Telkom Indonesia Persero Tbk Purpose: 1. Ensure all risks that could interfere with the achievement of company objectives can be anticipated in advance as well as obtain new opportunities that can support the achievement of Company objectives. 2. Creating a standard framework for Company Risk Management for a more coordinated and integrated management. Scope: 1. Enterprise Risk Management implemented at all levels of the organization covers: 2. Corporation Level. 3. The unit of work at the Company Oice 4. Business Unit DivisionCenter 5. Subsidiary. The main framework used in risk management at Telkom COSO ERM Framework includes three major components: 1. Company risk management must be able to support the company’s goals from the following aspects: strategic, operational, Reporting and compliance. 2. Enterprise risk management applied at all levels of the organization within the company includes: Enterprise- level, Division, Business unit and Subsidiary. 3. The implementation of enterprise risk management consists of eight components which are: a. Developing the internal environment process b. Objective setting process c. Event identiication process d. Risk assessment process e. Risk response process f. Control activities process g. Information Communication Process h. Monitoring process However, in its implementation, Telkom also pays attention and integrates the framework with references and other relevant guidelines, among others: 1. ISO 31000 - Enterprise Risk Management as a comparison and complementary implementation. 2. ISO 27001 - Information Security Management System ISMS as a reference in the development of risk management to ensure information security in terms of Conidentiality, Integrity and Availability. 3. ISO 22301 - Business Continuity Management System BCMS as a reference in ensuring business continuityISO 20000 - Information Technology Service Management ITSM as a reference in ensuring IT services. 4. ISO 20000 - Information Technology Service Management ITSM as a reference in ensuring IT services. 5. Safety and Health Management System SMK3 based on Government Regulation No. 50 of 2012 on the application of SMK3. 6. ISO 18001 - Occupational Health and Safety Assessment System OHSAS as a reference to support the implementation SMK3. IMPLEMENTATION OF RISK MANAGEMENT POLICY AND FRAMEWORK

1. Eforts to add value to the management of the company

internal environment object setting event identiication risk assessment risk response Control activities information Communication monitoring STRA TEGIC opERA TIon S REpoR TInG Compl IAnCE ENTITY -LEVEL DIVISION BUSInESS UnIT SUBSIDIAR Y In line with the basic frameworks COSO ERM Framework, risk management at Telkom is expected to provide added value in achieving the objectives of the company, especially in the aspects of: Strategic, Operation, Reporting and Compliance. 257 PT Telkom Indonesia Persero Tbk Strategic Aspect: Risk management attempts to provide added value through the implementation of risk management in the company’s planning process, for example during the preparation of the Corporate Strategic Scenario CSS, as well as in the strategic decision-making process. Operational Aspect: • Implementation of Risk Management to protect the Company’s assets will include: • Physical Security Management for infrastructures security • IT Security Management System including Conidentiality, Integrity and Availibility • Management of Work Health and Safety Management System • Management of Business Continuity Management, Disaster Recovery Plan and Crisis Management Team • Management of Revenue Assurance and Anti Fraud Program Compliance Aspect: • Risk management is strived to provide some added values through: • Management of compliance of the External Regulations and Internal Rules • Management of compliance of SOX Provisions through the design and implementation of adequate Internal Control • Reporting Aspect: • Risk management strives to provide added value to the process of setting inancial reporting disclosure controls through Disclosure Control Procedure DCP.

2. Enterprise Risk Management ERM Governance

Telkom realizes that risk management is an integral part of Good Corporate Governance GCG to ensure business continuity. Governance of risk management referring to the Company Risk Management Policy includes: • Board of Directors: In the implementation of risk management policies, acting and responsible for establishing policies related to the management risk and ensures that company risk management is efectively implemented through all the company’s management processes. • Risk Committee: Acting and responsible for setting Policies, reviews and recommendations on company risks and provide feedback or guidance for every person in charge of company risk. • Corporate Risk Management Unit: Acting and responsible for coordinating the implementation of the company’s risk management policy. • Internal Audit Unit: Internal Audit function plays acts and is responsible for providing independent opinion to the Board of Directors, Risk Committee and Risk Management unit of the company. • Head of Unit: Unit leadersSenior Leaders have the duty and responsibility to implement and supervise the whole process of company risk management in the unit he leads. • All Employees: Have the task and responsibility of effectively and efficiently implementing company risk management policy according to their roles and positions. • Subsidiary: Has the task and responsibility of implementing risk management with a framework referring to the framework used by PT. Telkom

3. The process of building and maintaining Enterprise Risk Management ERM

In order to be able to properly run eight components in the COSO Framework process, we built and maintained Corporate Risk Management through: a. Structural aspects to build a supportive internal environment through: • Building Commitment and Tone at the Top. • Laying the foundation of risk management within the framework of GCG. • Establish a Risk Management Unit Organization. • Development of Policies, Guidelines for Risk Acceptance Criteria RAC, Guidelines for Risk Assessment Risk Control Self AssessmentRCSA and Governance. • Development of Competence in the Field of Risk Management. • Provision of adequate Tools and Systems. b. Operational aspects are focused on: • Guarding the implementation of risk assessment at the Corporate, Business Unit and Subsidiary as well as preparation of adequate mitigation plans. • Development of risk assessment methodologies for speciic functions by combining the implementation of the COSO ERM Framework with reference to standards or other guidelines • Aspects of maintenance that focuses on the process of information, communication, review and continuous improvement including: • Guarding the implementation of the review, monitoring and risk reporting system. • Coordination of the Audit Implementation Enterprise Risk Management.