Documente Academic
Documente Profesional
Documente Cultură
Implementasi ERM
&
Internal Control
Enterprise
Telkom
Internal
Risk
At
Glance
Control
Management
TELKOM
–
At
Glance
Dewan Komisaris & Direksi
Direktur Utama :
Komisaris Utama : Arief Yahya
Jusman Syafii Djamal
Direktur :
Komisaris / Komisaris Independen : Muhammad Awaluddin
Parikesit Suprapto Indra Utoyo
Virano Nasution Sukardi Silalahi
Johnny Swandi Sjam Ririek Adriansyah
Hadiyanto Priyantono Rudito
Gatot Trihargo Rizkan Chandra
Honesti Basyir
Instruksi Pemerintah RI
Telkom At a Glance
1 Fortune 500
Besarkan Telkom jadi perusahaan
terkemuka di ASEAN, masuk
Fortune 500
2 Blue Chip
Perusahaan Blue Chip di pasar
Saham
3 Broadband
Bangun infrastructure broadband
yang unggul di Indonesia sebagai
wahana integrasi Bangsa
2 Engine of Growth
Garda Depan Lokomotif
Pertumbuhan Ekonomi
Nasional
Strictly
Confidential 5
Telkom Journey
Telkom At a Glance
Vision (2000-2007):
1 “To Become a Dominant InfoCom Player in the Region”
We transform……..
Vision (2007-2011):
2 “To Become a Leading Telecommunication, Information, Media,
Edutainment (TIME ) Player in the Region”
We are now..……..
3 Vision (2012--:
“To Become a Leading Telecommunication, Information, Media,
Edutainment & Services (TIMES )Player in the Region”
TIMES
COMPANY
Strictly
Confidential 6
Kepemilikan Saham
Telkom At a Glance
Government Public
53.86% 46.14%
Consolidated
100% 65% 100% 100% 100% 100% 100% 100%
60% 60% 100% 75% 100% 51% 100% 100% 100% 100% 100% 55% 51%
TLT GYS
e-Commerce e-Health Portal &Digital MusicBPO/KPO Digital MVNO MVNO Cellular Property Dev
e-Payment ITO, VAS 29%
Man Apps e-Commerce Advertising & Man
Australia
100% 100% 100% 65% 100%
BPO BPO Offshore
Premise IT Service IT Service ISH
Integration Printing & Publishing BPO PJTK
Integration Integration
VSAT
Fixed Line Telco Construction e-Trade/ e-Logistic
Satellite and Maintenance Supply Chain
Management
Strictly
Confidential 7
TELKOM’s
Por,olio
Business
:
TIMES
Services
Wholesale
Interna>onal
Network Services
Tower
Enterprise
Risk
Management
Telkom’s
GCG
Framework
Investor
r
to
la
Ko
n
pa
gu
m
ka
Re
un
ng
Au
n
ita
Visi &
u
da
d
ng
it
s
Misi
Pe
In
h
Ke
ta
te
an
ua
rn
in
Pemegang Saham
id
a
er
ng
ld
as
Komisaris
m
an
an
ik
Pe
un
Direksi
Ek
Transaksi Transaksi
m
st
Komite
Ko
Internal Eksternal
er
Sekretaris Perusahaan
na
l
Etika Kebijakan
Bisnis & Prosedur
Manajemen Pengawasan &
Risiko Pengendalian Internal
Kejelasan Kemampuan
Evaluasi
Kepemimpinan Tugas dan Manajemen dan Penghargaan
Kinerja yang
yang Efektif Tanggung Kompetensi dan Pengakuan
Efektif
Jawab Karyawan
Sustainabl
e
Competitiv
e Growth
Long
Journey
...
Governance
Risk
Compliance
Development
“the possibility that an event will occur and adversely affect the achievement of
objectives” (COSO ERM Framework)
“any event which is likely to adversely affect the ability of the organization
to achieve the defined objectives” (Method 123)
“the possibility of suffering injury, damage or loss or uncertainty about achieving a
certain outcome”
(Martin C. Leinweber - Managing Director CERMAS, Risk and the Audit Committee)
Problems/Crisis Risks
• Terjadi saat ini • Potensial Problem
• Akibat dari keputusan/aktivitas yang lalu • Akibat dari keputusan/aktivitas saat ini
Decisions/ Action
Activities Risk
Risk Management
Decisions/ • No surprise
Activities • Objectives
achievement
• ERM bertujuan agar risk yang mungkin terjadi di masa datang dapat diantisipasi sejak
saat pengambilan keputusan, agar kemungkinan terjadinya diperkecil dan/atau
dampaknya bila terjadi dapat diperkecil, sehingga tujuan dari keputusan yang diambil
bisa diraih.
• Crisis/Problem Management is not Risk Management
COSO
ERM
Framework
Departemen
CRMGA
Internal Audit
Direktorat
Divisi Subsidiaries
(Corporate)
Aspek Struktural – Operational - Perawatan ...
Unit Risk Mgmt Unit Risk Mgmt All Unit & Unit Risk Mgmt
Unit Corporate Corporate Subsidiary RM Corporate
Unit Corp Strategic All Unit & Subsidiary function All Unit & Subsidiary
Pelaksana
Planning RM function Unit Risk Mgmt RM function
Corporate as
Consultant
Focus Group Discussion Workshop & One on One FGD di tiap unit One on One
Metode Observasi & Benchmark Discussion RM Corporate as Discussion
consultant
Faktor Risiko Perusahaan TELKOM Risk Profile Unit & Subsidiary Risk Management
Output Pada Corporate Strategic Risk Profile Review & Report
Schenario (CSS)
Departemen CRMGA - Positioning
Type Rutin & Insidental Rutin & Insidental Rutin & Insidental Rutin & Insidental Rutin & Insidental
Jenis Aktivitas (1) ICoFR Risk (1) Revenue (1) Insurance (1) Six-Eyes- (1) Corporate
Assessment, Assurance Mgmt Mgmt Principle Strategic Risk
(2) Generic ERM (2) Customer (2) Disaster (2) Risk Reviewer Assessment,
Implementation Fraud Risk Recovery Plan (2) Corporate &
(3) Corporate Management (3) Health & Business Risk
Fraud Risk Safety Assessment,
Assessment (4) Physical (3) Sensitivity
Security Analysis,
(5) Non Physical (4) Early Warning
Security
(6) Technical Risk
Assessment
Benefit &
Insight
Internal
Control Best
Practice
Sharing
D/I
Why TELKOM Must Comply ?
SEC
n As one of foreign public
listed companies in
NYSE since 1995 PT
Telkom should also
Policies,
Regulations, comply with all SEC
Comply
Rules rules and regulations,
including SOX.
Lesson learn:
Menyerahkan sepenuhnya kepada
auditor, juga standard audit yang
ada dipandang memiliki
keterbatasan bahwa : “tidak cukup
US SEC mampu” untuk mencegah
terjadinya fraud di Perusahaan.
terpanggil untuk
melindungi
investor
• 12/2001 – Enron Apa yang harus dilakukan perusahaan?
• 06/2002 – Arthur Andersen and WorldCom
•
•
01/2002 Global Crossing
12/2004 Kmart and Tyco
Manajemen harus berperan
aktif menjalankan
pengendalian internal
Para shareholder (investor) kemudian berpersepsi
bahwa “tidak menutup kemungkinan FRAUD DAN (internal Control) untuk
KECURANGAN LAPORAN KEUNGAN terjadi juga mencegah potensi
diperusahaan publik lainnya?”
terjadinya ERROR &
FRAUD diperusahaannya
Message (SOX)
Sustainable
Competitive
Growth
Prinsip Audit
• Audit dalam hal ini adalah membandingkan kriteria vs kondisi
• ICOFR meminta manajemen untuk menyampaikan :
1. Dokumentasi internal control
2. Evidential matter
§ Sebelumnya lebih ke Finansial Audit > Penekanan audit adalah audit atas HASIL
> Integrated Audi “Audit atas PROSES
dan HASIL yang terintegrasi (Financial
Audit dan ICOF Audit yang terintegrasi)
§ Dua Pendekatan audit ICOFR > Walk trough & Test of Control (TOC)
§ Proses Audit > Interim Audit & Year End Closing Audit
§ Ruanglingkup audit > ELC, TLC dan IT Control
SOX 302 - SOX 404 - Risk Mgt.
• Public expose
• Press release
• Info memo
• Investor update
• Company profile
• Company website,dll
Component Principles
Suggest COSO
Suggest IT Framework
COBIT
Classification of ICOFR
Entity Level Control
Is a process designed by or under control management
monitoring to realize the environment that have
pervasive impact on the effectiveness of controls at the
process, transaction or application level
IT Control
• The information technology processes and related
controls that are applied above the computer
application level
• IT controls are controls that exist above and around
the computer application, which are designed to:
– Ensure that changes to applications are properly
authorized, tested, and approved before they are
implemented, and
– Ensure that only authorized persons and applications
have access to data, and then only to perform
specifically defined functions (e.g., inquire, execute,
update).
IT Control for SOX
Tahapan Umum Perancangan
Financial
Statements
?
Significant Significant what can go controls monitor
Account Processes wrong
q D a p a t d i t e r a p k a n a t a u
dijalankan di operasional
(applicable)
q D a p a t d i b u k t i k a n a t a u
diverifikasi (untuk keperluan
evaluasi pelaksanaannya).
FINANCIAL ASSERTIONS
(control objectives),
Existence or Occurrence
KEBERADAAN ASET, KEWAJIBAN, DAN KEPEMILIKAN tercatas sesuai tanggal
kejadian dan transaksi tersebut merupakan peristiwa yang benar-benar terjadi selama
periode tertentu.
Contoh : persediaan barang jadi pada neraca adalah tersedia untuk dijual.
Completeness
Semua transaksi, peristiwa dan kejadian yang terjadi selama jangka waktu tertentu, maka
harus DIAKUI DALAM PERIODE TERTENTU, BENAR ADANYA, SESUAI KEJADIAN
SEBENARNYA DAN TELAH DICATAT. Contoh : semua retur penjualan telah dicatat.
Valuation or Allocation
Aset, kewajiban, pendapatan, dan beban DICATAT DENGAN JUMLAH YANG TEPAT
SESUAI DENGAN PRINSIP AKUNTANSI YANG RELEVAN DAN TEPAT.
Contoh : piutang usaha termasuk dalam neraca disajikan sebesar nilai realisasi.
FUNGSI DESKRIPSI
Custody of Asset Upaya untuk melakukan perlindungan atas aset, meliputi :
perolehan, penggunaan dan penghapusan aset
Authorization of Memastikan transaksi dijalankan oleh orang sesuai wewenang
Transaction dan otoritasnya