Internal Control System and Risk Management
INTERNAL CONTROL SYSTEM AND RISK MANAGEMENT
Internal Control System
The Internal Control System aims to improve effectiveness and efficiency of operations, eligibility for financial reporting and compliance with prevailing regulations for public companies in Indonesia, Financial Service Authority (OJK) and Company policies.
Various activities conducted aimed at the realization of the Company’s Internal Control System :
- Formalized Company policies and procedures by the Company, were carried out through reviews and approvals by pre-determined levels of authority. The Company’s policies and procedures are grouped into five (5) categories: sales and marketing, finance, operations, governance, and General Affairs (GA).
- Renewal of policies aimed at fixing and improving existing procedures, in relation to the Company’s financial and operational procedures, were conducted in order to integrate and synergize these procedures.
- Socialization of policies and procedures was done via Intranet and Web networks.
- Formalization of the Company’s code of conduct, including implementation of values, ethics and employees’ integrity which can be accessed by all employees via the Company’s Intranet (portal).
- Utilization of integrated computer programs in financial and operational transactions (sales, programming and human resources).
- Separation of functions based on duties, responsibilities and authorities within the organizational structure of the Company and its business units.
- Supervision by respective superiors for every task and responsibility.
Risk Management System
The Commitment of Risk Management
The Company consistently implements risk management systems through operational and non- operational activities. Risk management implementation is the responsibility of employees in every level and organization under the Company.
The purpose of implementing the risk management system is to evaluate the effectiveness of internal environment, goal setting, identification of activities, risk assessment, risk management, control, information and communication activities, as well as supervising activities.
Risk Management System Implemented by the Company
The Company follows a comprehensive risk management system that has been integrated into the strategic planning process and the Company’s business activities. The Company’s risk management is implemented in all management levels according to various roles and functions:
- The GCP (Group Corporate Policy) function is to identify risks outlined in policies and procedures.
- The Internal Control function is to manage internal risks.
- The Internal Audit function is to evaluate the risk management system, internal control and related information system management.
- The IT Audit function is to ensure adequate control over the system adopted by the Company.
- The Compliance and Control Self-Assessment (CCSA) function is to evaluate the risk management system, internal control and devices used in management information systems.
- The MARS (Management Awareness Reporting System) function is to identify risk management, and report and resolve problems faced by the Company and business units.
Major Risks Encountered by the Company
Risk management strategies are implemented through delegation, avoidance and mitigation of risks through an internal control system, or by accepting existing risks. The main risks faced by the Company are generally divided into two categories:
- Risks due to changes in regulations by government and other authorities.
- Risks due to changes in customer/viewer orientation.
- Risks due to the development of technology.
- Risks due to new competitors.
- Risks due to customer complaints/dissatisfaction.
- Risks due to processing errors.
- Risks due to poor asset management.
- Risks due to system error or misuse.
- Risks due to production failures.
- Risks due to failure or poor distribution of production results to consumers.