As part of institutionalizing a good corporate governance culture, PT Indo Sino Energi (ISE) Board (the Board) is pleased to provide the following statement which outlines the nature and scope of risk management and internal control of PT Indo Sino Energi and its subsidiaries (the ISE Group) during the year under review. The ISE Statement of Corporate Governance can be referred to for more details..

BOARD’S ACCOUNTABILITY

The Board is responsible to oversee and ensure a sound system of risk management and internal control for the ISE Group. An effective risk management framework helps the company to achieve its goals and perform more efficiently. The framework includes identifying potential risks, evaluating their impact, and implementing controls to mitigate these risks.

The Board is also cognizant that its role in providing risk oversight sets the tone and culture towards embedding risk management practices across the ISE Group. The ISE Board Charter includes risk management and internal control oversight as one of the main functions of the Board, in line with the requirements of relevant corporate governance standards.The Board risk oversight is supported by the following committees.

RISK MANAGEMENT

Risk management is an integral part of the ISE Group's activities. Ongoing improvement to strengthen the monitoring of principal risks is crucial. The Board focuses on building a sustainable risk management culture to ensure that potential risks are identified, evaluated, and managed effectively, thus contributing to the decision-making process.

Group-wide implementation of risk management and internal control is supported by the following committees :

The ISE Group's system of risk management and internal control seeks to manage and control risks appropriately. The system provides reasonable but not absolute assurance against material misstatement, loss, or the occurrence of unforeseeable circumstances. In order to build highly capable organizations to meet risk management requirements, the ISE Group provides continuous risk management capability development and knowledge-sharing programs.

The risk management capability development and knowledge-sharing programs are conducted through various platforms, aimed at building the competency of risk practitioners. Corporate membership to risk associations also provides platforms for risk practitioners to participate in industry-wide forums and knowledge-sharing sessions that are aligned with global standards and best practices. The knowledge-sharing programs consist of risk publications, risk conversations, a community of practice, and a series of risk engagements, all of which propagate the sharing of current risk management practices and knowledge.

RISK POLICY

ISE's Risk Policy (refer Chart 1) stipulates the general principles and guidelines for actions which influence operations. It gives a clear communication of the management’s expectations in relation to risk management practices throughout the ISE Group.

The ISE Risk Policy is complemented by the ISE Resiliency Model that provides a structured, holistic view of risk and resiliency towards managing the ISE Group's risks, focusing on three areas of business resilience, namely Enterprise Risk Management (ERM), Crisis Management, and Business Continuity Management (BCM). The Enterprise Risk Management, Crisis Management, and Business Continuity Management activities are actively coordinated across the ISE Group. The status of risk management activities and the ISE Resiliency Model implementation is reported regularly to the RMC.

INTERNAL CONTROL

The ISE Group’s internal control framework aligns with best practices to ensure the effective achievement of its business objectives. This involves regular assessment, monitoring, and continuous improvement of internal controls.

The ISE Group remains committed to maintaining a robust internal control environment to safeguard its assets and ensure the integrity of its financial reporting.

ENTERPRISE RISK MANAGEMENT

The Enterprise Risk Management (ERM) process is an integral part of managing the business as it provides a guide to systematically identify, assess, treat, monitor, and review risks. It aims to identify the risks that may affect the achievement of business objectives. Risk profiles established through the ERM process are monitored and controlled. The ERM process includes identifying principal risks and integrating risk management practices across the ISE Group. This approach ensures that risks are effectively managed by the respective units.

ISE RISK APPETITE

ISE Risk Appetite articulates the type of risks that ISE is willing to pursue or accept to achieve its strategic and operational objectives. It involves setting risk tolerance and threshold levels. The risk appetite is reviewed and managed quarterly by the ELT, BGRC, and the Board.

Crisis Management

Crisis Management (CM) (refer Chart 3) is an integrated process that aims to prepare an organisation, at both domestic and international operations, to respond and manage crises in the risk areas to protect People, Environment, Asset, and Reputation (PEAR).

Business Continuity Management

Business Continuity Management (BCM) (refer Chart 4) is a management process that aims to build the capability of PT Indo Sino Energi to recover and continue delivery of products or services at acceptable predefined levels following any prolonged disruption.

Business Continuity Plans (BCP) were established through the BCM process to enhance PT Indo Sino Energi’s preparedness to recover and restore businesses' critical functions within a reasonable period, sustaining the company's activities and minimizing disruptions to stakeholders. Testing and Evaluation (T&E) via simulation of test scenarios validate the effectiveness of recovery strategies and maintain a high level of competence and readiness as identified in the BCP. T&E programs were carried out at the respective BUs and OPUs.