Under Bapepam requirements, we are required to disclose the internal controls that we employ to achieve good corporate governance.
The controls and procedures that we employ are the COSO Internal Control framework, COSO Enterprise Risk Management Framework, and COBIT (Control Objectives for Information and Related Technology) related to IT based internal control.
With reference to the COSO Internal Control framework, internal controls to guarantee the reliability of the financial statements are applied at the following levels of control:
Entity Level Control
Transactional Level Control; and
IT Control.
In the design process, controls are determined on the basis of risk, where risks are managed to prevent error and fraud resulting from misstatements in the financial statements. This is not limited to financial reporting risks; controls also take into account other risks including other business and operational risks.
Entity Level Control actions that have been taken include:
Formulating policy on the design and implementation of ICOFR and disclosure controls and procedures pursuant to SOA Sections 404 and 302, PCAOB, Audit Standard No. 5, covering Telkom and its Consolidated Subsidiaries in Decree of the Board of Directors No. 13 Year 2009
Building commitment to running the company ethically and with proper governance by implementing business ethics, preventing conflict of interest, whistleblowing, applying risk management in each unit, implementing a fraud program, integrity pact, etc.
Conducting regular risk assessments and risk profiling as an early detection system; and
Performing audits to ascertain the effectiveness of the application of Entity Level Control.
Transactional Level Control actions that have been taken include:
Designing business processes by utilizing risk based control and implementing clear separation of authority by referring to the segregation of duties principle
Enforcing work discipline in accordance with the stipulated business processes
Continually correcting/redesigning business processes to ensure that they remain consistent with changes in policy and the organization, the demands of the business and follow up on audit findings; and
Performing audits to ascertain the effectiveness of the application of Transactional Level Control.
IT based control actions that have been taken include:
IT Entity Level Control — formulating IT policy and master plan to ensure IT Governance
IT General Control — ensuring the developments and changes in IT applications and operations can proceed in line with the provisions of IT Governance; and
Application Control — ensuring that the use of applications complies with the provisions on authorization and access rights, such as password management, end user computing, audit trails, etc.
Apart from this, as a foreign private issuer subject to Exchange Act requirements, we are obligated to comply with certain provisions of the Sarbanes-Oxley Act and related regulations under the Exchange Act as-well as the Foreign Corrupt Practices Act of 1977.
A discussion of how we satisfy Sarbanes-Oxley requirements may be found in “Controls and Procedures”.
Posted on May 25, 2009 Source: TELKOM 2009 Annual Report (filed to Bapepam-LK on April 08, 2009)
