Risk Management Committee
The Company is an organization which in addition to generate profit, has also the purpose to preserve a positive image and reputation to the public by way of consistent and continuous risk management.
Risk Management Charter
1. MAIN REFERENCE
a. Committee on Corporate Governance published by Ronnie Hampel in January 1998.
b. Enterprise Risk Management – Integrated Framework published by The Committee of Sponsoring Organization (COSO) in September 2004.
c. Internal Control – Revised Guide For Directors on The Combines Code published by Financial Reporting Council (FRC) – Turnbull Review Group in October 2005.
d. Internal Control – Integrated Framework published by the Institute of Internal Auditors in 1992.
e. OECD Principles of Corporate Governance published by Organization For Economic Co-operation & Development
(OECD) in 2004.
a. Risk shall mean uncertainty of forthcoming occurrence that may have a negative impact to the goal achievement and or
the Company agreement. The risk will be measured in the case that the consequence of the risk possibility shall occur.
b. Consequence shall mean number of the loss value suffered by the Company when such risk really happens. Such consequence cannot always be quantified (no RUPIAH value can be predicted).
c. Risk Management shall mean a professionally fixed process to identify, analyze, manage, and control any matter that may result in the inability to reach the corporate goal. Its management may be done through risk mitigation, risk sharing, or risk transfer and the control on the residual risk as well as consecutively on the risk as a whole.
d. Enterprise Risk Management shall mean a process, influenced by an action taken by the Board of Commissioners, the
Board of Directors and All employees & Staff in the Company, implemented base on the business strategic formulation of the Company and whole process in the Company, which was designed to identify potential happenings generated to the loss for the Company, to manage the risk in the risk tolerance limits for the Company, to present reasonable assurance that the Corporate goal shall be achieved.
e. Risk Mitigation shall mean to reduce the possibility of the unsafe condition of the business risk
f. Risk Sharing shall mean the risk distribution in shares to other party.
g. Risk Transfer shall mean to transfer the risk to other party through a contract or hedging.
h. Residual Risk shall mean the leftover risk after Management took an action to reduce the impact that may happen in
i. Reasonable assurance shall mean providing reasonable assurance that the current report is free from
j. Risk appetite shall mean total of the risk received by a Company to pursue the certain value.
k. Ethical value shall mean an ethical value explaining the wrong and the correct wise of a case.
l. Risk Tolerance shall mean tolerable or acceptable risk level.
m. Risk assessment shall mean a process defining scale of loss/damage related to the anticipatable risk within
n. Risk mapping shall mean the risk assessment made in a map/matrix indicating the possibility level of occurrence of the loss resulted from such risk.
3. IMPLEMENTATION OF ENTERPRISE RISK MANAGEMENT IN THE COMPANY
a. Objective of the Enterprise Risk Management
i. The Company applied Enterprise Risk Management Concept in managing the risk to be faced.
ii. The company believes that by applying the Enterprise Risk Management, it shall assist achievement of the Company objective, such as:
1. Strategic objective shall mean that aims which are applied by the Company in accordance with the Company mission.
2. Operational objective shall mean the company goal to create an effective and efficient operation in exploiting the present sources.
3. Reporting objective shall mean the Company goal to ensure that the reporting system in the Company is capable to publish reliable and timeliness reports.
4. Compliance objective shall mean the Company goal that guarantees the Company shall always be complied with the rules and regulation issued by the Government and other regulatory bodies as well as with the Company business which are applicable in Indonesia in addition to develop compliance culture in the Company.
b. Component of the Enterprise Risk Management
i. Internal Environmental shall mean a process in which is a Corporate shall need to form such environment that
supports the implementation of the application of the Enterprise Risk Management consisting of the following:
1. Risk Management Philosophy shall mean a basic philosophy which becomes fundamental criteria for the
Company in managing the Company business risks.
2. Integrity culture and ethical value shall be in accordance with the provision defined in the Company ethical code.
ii. Information and communication shall mean a process in which the Company shall necessary to establish a system to guarantee that information within the Company is properly recorded and managed as well as it is communicated to the related parties on timely basis.
iii. Objective Setting shall mean a process in which the Company shall need regularly to analyze and define vision, mission, long term and short term Company goals in accordance with the provision stipulated in the Company Article of Association.
iv. Monitoring shall mean a process in which the Company shall establish reliable procedures to guarantee that management pattern/ implementation of Enterprise Risk Management in the Company is always being monitored, controlled, and updated when necessary.
v. Risk Assessment shall mean a process in which the Company shall require to establish reliable procedures to conduct measuring of identified risk, to determine consequence level and the possibility of the risk occurrence.
vi. Risk Identification shall mean a process in which the Company shall require to stipulate reliable procedures to ensure that the Company may perform the risk identified process related to the Company operational process measuring of identified risk, to precisely and relevantly determine consequence level and the possibility of the risk occurrence .
vii. Risk Response set up shall mean a process in which the Company shall need to set up reliable procedures to establish the risk response to be used in order to reduce/repress the identified risks. Risk Response shall mean any actions that was set up by the Company and shall be done to reduce/repress the risks in accordance with the Company risk tolerance.
viii. Control Activities shall mean a process in which is the Company shall need to set up procedures to ensure that the established risk response is done effectively and efficiently.
4. RISK MANAGEMENT FRAME IN THE COMPANY
5. RISK MANAGEMENT ORGANIZATION IN THE COMPANY
Risk Management Organization shall be ad-hoc in characteristic which shall mean that it may be formed from time to time for any certain purposes submitted by the Board of Directors in order to process and control the risk consideration. Ad-hoc (committee) organization shall replace any expert that assists normal evaluation in establishing good corporate governance. In this matter all items and the Risk Management work fundaments shall remain to be the main guidance.
a. Risk Management Division
i. The Risk Management Division shall mean a division that is established at PT Surya Toto Indonesia Tbk. which is thereafter is called “Company”, in which function is to assist the Management and the Board of Commissioners in:
1. Prepare good, precise, structured and efficient operational procedure and internal control in order to minimize the risk within the Company.
2. Process of direct identification and risk assessment in the Company, and
3. To monitor company main activities and operation without being involved directly in the Company operational activities.
ii. The Risk Management Division is directed by Head of the Risk Management Division.
iii The Head of the Risk Management Division shall be directly report to President Director and shall have indirect responsibility to the Risk Management Committee.
iv. The Risk Management Division has four (4) Departments, which are:
1. Operation Control Department
2. Corporate Policy and Process Improvement Department
3. Performance & Cost Monitoring Department
4. Corporate Control Department
b. Risk Management Committee
i. The Risk Management Committee shall mean a committee which was formed in the level of Commissioners in which the task shall be to assist the Board of Directors of the company in order:
1. To ensure that the Management shall always provide special attention to the application of Risk Management in the Company by adopting the best practice in the industry.
2. To prevail assurance that the Company has managed the risks properly from time to time, through regular communication being done between the Risk Management Committee and the Management as well as the Company the Risk Management Division.
6. WORK PRINCIPLE OF THE RISK MANAGEMENT
The Risk Management Division shall not have any conflict interest with other parties in which this conflict interest may lead the Risk Management Division to be dependent and in-objective position either in fact or in appearance.
The Risk Management Division highly respects honesty, fairness, and compliance as well as holds firmly stipulated value in managing the Company operation and the Company policy.
The Risk Management Division shall always improve their knowledge and skills in order to be able to properly implement any task and duties.
The Risk Management Division shall be resolved to provide value added to the Company through the more optimum Company management risk and process improvement identification that resulted in cost efficiency and/or increase the Company financial gain and revenue.
The Risk Management Division shall always hold closely any accepted information and shall not disclosed such information to any unauthorized parties.
7. TASK AND RESPONSIBILITY OF RISK MANAGEMENT DIVISION
i. Shall assist the Management and the Risk Management Committee to conduct process of Enterprise Risk
Management thoroughly from the process:
1. Preparation of the Company internal environmental to perform management philosophy, risk appetite, and
ethical values in the Company.
2. Set up of the Company Objective, covering the set up of strategic objective, operational objective, reporting objective and compliance objective.
3. To perform risk identification process, risk measurement, risk response determination, control activity set up, management of information and communication and monitoring process.
ii. To assist the Management in improving some capacities in developing the non-optimized sources in the Company
and some potential for financial gain and cost efficiency that is not properly managed
iii. To ensure the conformity between risk appetite, risk tolerance and risk management strategy in managing the Risk Management in the Company.
iv. To provide regular report to the Management and the Risk Management Committee in accordance with the agreed reporting system.
v. To assist the Management in identifying any factors that causing loss and any unpredictable matters in the Company operational activities.
vi. To perform identification process and management against multiple & cross functional risk.
b. Corporate Policy & Process Improvement Department
i. To conduct business process mapping in the framework of policy planning and Standard Operating Procedures to do the risk identification process, risk mapping and risk profile planning from the related process. This matter is used to set up the reliable internal control.
ii. To compile Policy and Standard Operating Procedure in the Company to provide guidelines for the work units in the company in performing the operational activities by adopting the Risk Management process and the reliable internal control.
iii. To identify any potential matters to perform process improvement to attain cost saving or improve financial gain for the Company.
iv. To apply activity of ISO maintenance as one of the acceptance for reliabilities, effectiveness, efficiency and ability to produce on timely basis output.
c. Performance & Cost Monitoring Department
i. To prepare a systematical reporting system or management dashboard to the Company Management in order to be early warning system mechanism for the management in the event that any crucial issues that should have immediate attention or response from the Management. This shall happen in the event that there is no any automatic/on-line reporting system is set up to the Management.
ii. To prepare regular periodical board reporting containing of detailed and comprehensive analysis regarding any information available in management dashboard as referred to above which requires further analysis.
d. Operational Control Department
i. To do study analysis to any non-programmed goods/service procurement by performing study analysis against Comparative Table. The price to guarantee process of the goods/service procurement has been done through proper and correct mechanism and to warrant that the Company will get the best and efficient quality, cost/price and delivery.
ii. To do study analysis to any disposal and/or sales from the stock/active/goods that is done by the Company to ensure that the process of disposal and selling have been done in accordance with the proper and reliable policy and Standard Operating Procedure.
iii. To conduct analysis toward activities of i and ii as referred above in order to provide reliable report to the
Management and to identify any process improvement potential in order to make the process more effective and efficient.
e. Corporate Control Department
i. To work cooperatively with Purchasing Division to do partnership management process in dealing with the non-programmed good/service procurement of the company.
ii. To conduct any analysis towards the reports published by the company in order to ensure for any possibility of the related risks and the edition process and the financial report content has been identified and has been planned to do the mitigation.
iii. To do study analysis regularly towards account receivables provision and write off to ensure the compliance level, its efficiency and effectiveness and optimization of tax strategy.
8. RIGHTS AND AUTHORIZATION
a. The Risk Management Division shall have rights and authorization to get access to all function in the organization, access to all documents/records and access to all Company assets.
b. Shall have rights and authorization to ask, conduct clarification process and request for explanation either from employee
c. To conduct process of communication and discussion directly with the Risk Management Committee for any significant
and relevant matters.
9. WORK TARGET AND MEASUREMENT
a. The Risk Management Division shall establish a target and a long term plan as well as road map in accordance with the study analysis being conducted, either by the Risk Management Division itself or any external party appointed by the Management, in order to implement optimum Risk Management in the Company and as inputs from the Board of Directors, The Risk Management Committee and the Board of Commissioners.
b. The Risk Management Division shall provide key performance indicator in accordance with matrix system as indicated below:
ii. Time frame
c. Road map and key performance indicator shall be submitted to the President Director and the the Risk Management Committee for their approvals.