Whistleblowing system is a reporting mechanism for whistleblower to submit information concerning indication or violation or fraud in PT Indointernet Tbk (“Company”).

Since 2021, the Company has implemented whistleblowing system to receive, handle, and follow up on reports from the Company’s stakeholders by ensuring neutrality of investigations and reporting confidentiality. The implementation of whistleblowing system refers to the Whistleblowing Policy that has been formalized in reference to Holding Company Policy PT IndoInternet Tbk on September 30, 2021 with document number Indonet/POL/CORP/06 – Whistleblowing Policy.

Violation report can be submitted by filling the Whistleblower Form in the provided format and sending the form to email at whistleblower@indonet.co.id with a subject of “Whistleblowing”.

Every whistleblower shall act on goodwill and fair principal in believing that the reported action is a violation.

The Risk Management Policy is intended as a guide to risk management process in PT Indointernet Tbk and its subsidiaries (“Company”). This policy aims to determine the risk limit that can be tolerated by the Company and establish controls or mitigation plan that must be implemented to prevent risk events from occurring, as well as ensure that the Company’s operational activities can continue even if risk events still occur after prevention efforts have been made. The intent and purpose of the Risk Management Policy is a form of the Company’s commitment to ensuring good service standards in terms of value and security for all Company stakeholders.

Rapid developments that occur in the internal and external environment have the potential to create uncertainty that can affect the achievement of the Company’s goals and therefore, the Company seeks to minimize threats and maximize existing opportunities through the implementation of risk management by referring to various risk management guidelines and policies that apply to similar industries. The implementation of risk management refers to the Risk Management Policy which was formalized on August 1, 2013 and revised on July 7, 2022 with the document number Indonet/POL/ISMS/20.

The Company continuously carries out risk identification by involving all layers of management so that the Company’s risk profile can be described more comprehensively. Risks with impacts that are considered significant and have the potential to occur repeatedly are recorded in a risk register and monitored periodically by the Board of Directors and the Board of Commissioners through the Audit Committee. The risk identification process is carried out periodically to identify emerging new risks.

n the event that PT Indointernet Tbk and its subsidiaries (the “Company”) enter into cooperation and/or loan agreements or the acquisition of facilities with each creditor, the Company is subject to the policies as stipulated in this policy for fulfilling the rights of creditors to fulfill the rights of creditors as referred to in paragraph (1). required in the Corporate Governance regulations issued by the Financial Services Authority (“OJK”).

This policy is specifically aimed at maintaining the fulfillment of creditor rights and maintaining the trust that creditors have placed in the Company.

In the event that the Company enters into a loan agreement with the creditor and utilizes the facilities provided by the creditor, the Company is committed to:

1. Always strive to carry out and fulfill all obligations and responsibilities of the Company to creditors in accordance with the provisions agreed by the Company and creditors.

2. Using loan facilities obtained from creditors in an accountable and efficient manner.

3. Carry out obligations in a timely manner in accordance with the provisions of the agreement agreed between the Company and creditors as well as the applicable laws and regulations.

4. Convey material information relating to creditors, to investors/public in a fair, transparent, true and accurate manner.

The Fulfillment of Creditors’ Rights Policy has been formalized by the Company in reference to Holding Company Policy PT IndoInternet Tbk on November 22, 2021 with the document number Indonet/POL/CORP/03 – Fulfillment of Creditors’ Rights Policy.

The supply chain is an important factor that needs to be managed properly in order to support the smooth operation of the Company’s business. The Company is committed to running an inclusive business by opening up opportunities for all parties to work together as business partners in meeting their needs as long as the necessary criteria and conditions are met such as price, quality, guarantee, certain certifications if needed and experience. Partners who have worked together for a long time and have a good track record will have added value in the eyes of the Company. So far, there are no partners who in their operations, cause negative impacts from social and environmental aspects.

The vendor selection process in the Company follows the vendor qualification procedure. The processes carried out by the Company are Direct Selection, Direct Appointment, and Tender. An assessment is carried out on all vendors to be compared, then the Company will select a vendor in accordance with the result of vendor assessment. Due diligence processes for vendors who will enter into cooperation agreements will also be carried out to ensure vendor properness. Each vendor will be evaluated periodically and for vendors who do not meet the qualifications will be removed from the vendor list.

The procedure for Vendor Qualification has been formalized by the Company on September 26, 2013 and revised on January 12, 2022 with the document number Indonet/SOP/PC/02.

The procedure for Vendor Evaluation has been formalized by the Company on September 26, 2013 and revised on June 21, 2022 with the document number Indonet/SOP/PC/03.

The Company has established Anti-bribery and Corruption Policy that must be complied by all employees. The Company strictly forbids bribery and corruption practices in any form. The Company and all of its members, including employees, Board of Directors, Board of Commissioners, Shareholders, and third parties mediator are strictly prohibited to be involved in any form of bribery and corruption directly or indirectly, in their relation to the Company’s business activities.

The Company has stipulated the Policy in the programs and procedures related to sponsorship, donation, gift, hospitality and others. Every transaction should be processed based on the ”payment authorization matrix” and shall be verified by Compliance Officer. In addition, the transaction must also be recorded to specific general ledger and made into complete and accountable document.

The Company has appointed a Compliance Officer to implement the proper mitigation and control efforts in detecting and preventing bribery and corruption practices that might occur in the Company. In addition, the Compliance Officer is also responsible to verify documents in order to ensure the validity and accuracy of the transaction before being processed further by each authorized officers for approval. The Compliance Officer wrote her initials at the verified document.

The policy for Anti-Bribery and Corruption has been formalized by the Company on October 14, 2021 with the document number Indonet/POL/CORP/05 – Anti Bribery and Corruption Policy.

Training/Socialization of Anti-Bribery and Corruption to Employees

The Company has a policy to organize training and socialization of Anti-bribery and Corruption at least once a year in order to improve employees’ awareness on what they should and should not do to comply with the policy.

Attendance and fulfillment of the training is mandatory and is a part of employee assessment. Related to this training and socialization, the Company assigned the Internal Audit Unit/HR/ Compliance Officer and/or relevant external advisor to organize the training and in order to provide a comprehensive knowledge regarding anti-bribery and corruption to all employees.

The HR function shall keep all the notes related to the materials and the list of attendants in the internal training of anti-bribery and corruption in the last 5 (five) years.

The Company establishes a Communication Policy with Shareholders or investors as a reference in determining the implementation of Good Corporate Governance, especially the principle of transparency through communication with Shareholders or Investors. The Company through the Corporate Secretary and appointed work units always maintains good relations and communication with Shareholders or Investors and is able to communicate what is happening within the Company while still paying attention to the principle of prudence and confidentiality of the Company’s customer data.

In carrying out the communication program, the Company (Indonet) may use channels including but not limited to:

1. General Meeting of Shareholders
2. Public Expose
3. Financial Report
4. Website
5. Annual Report
6. Company Email

The Company provides access for shareholders, investors or the public to communicate via official e-mail, namely corporate.secretary@indonet.co.id.

The Policy for Communication with Shareholders or investors has been formalized by the Company on November 22, 2021 with document number Indonet/POL/CORP/01 – Communication with Shareholders or Investors Policy.

The Company’s Code of Conduct is the manners set by the Company as a guide to attitude and behavior for the Company’s ranks in running the Company’s business, carrying out daily work duties and activities, as well as interacting with stakeholders including shareholders, regulators, customers, employees/coworkers, partners and the community. The Company’s Code of Conduct is rooted in values (cultural values) which are believed by the Company as noble values of professionalism, sense of responsibility, maintaining trust and mutual respect.

All Company employees including Board of Commissioners and Directors are required to sign an Integrity Pact every year, where the Code of Conduct is one of the documents that must be read and understood by Company employees. This Code of Conduct applies as a conduct guidelines in working and/or cooperating and binds all members of the Board of Commissioners, Board of Directors, and Employees, and must be submitted for the knowledge of the Company’s stakeholders, including among others regulators, suppliers, contractors, customers.

Masa jabatan susunan anggota Komite Nominasi dan Remunerasi di atas terhitung 5 tahun sejak tanggal pencatatan saham Perseroan di BEI dan dapat diangkat kembali.

Selain itu, Perseroan telah membentuk Pedoman Komite Nominasi dan Remunerasi yang mengatur tugas, tanggung jawab dan wewenang serta tata cara dan prosedur Komite Nominasi dan Remunerasi Perseroan sebagai berikut:

Terkait dengan fungsi Nominasi:

1. memberikan rekomendasi kepada Dewan Komisaris mengenai:
– komposisi jabatan anggota Direksi dan/atau Dewan Komisaris;
– kebijakan dan kriteria yang dibutuhkan dalam proses nominasi; dan
– kebijakan evaluasi kinerja bagi anggota Direksi dan/atau Dewan Komisaris;

2. membantu Dewan Komisaris melakukan penilaian kinerja anggota Direksi dan/atau Dewan Komisaris berdasarkan tolak ukur yang telah disusun sebagai bahan evaluasi;

3. memberikan rekomendasi kepada Dewan Komisaris mengenai program pengembangan kemampuan anggota Direksi dan/atau Dewan Komisaris; dan

4. memberikan usulan calon yang memenuhi syarat sebagai anggota Direksi dan/atau Dewan Komisaris kepada Dewan Komisaris untuk disampaikan kepada RUPS.

—

Terkait dengan fungsi Remunerasi:

1. memberikan rekomendasi kepada Dewan Komisaris mengenai:
– struktur remunerasi;
– kebijakan remunerasi; dan
– besaran atas remunerasi.

2. membantu Dewan Komisaris melakukan penilaian kinerja dengan kesesuaian remunerasi yang diterima masing-masing anggota Direksi dan/atau anggota Dewan Komisaris;

Komite Nominasi dan Remunerasi wajib bertindak independen dalam melaksanakan tugasnya.

Pedoman Komite Nominasi dan Remunerasi Perseroan ditetapkan Dewan Komisaris Perseroan berdasarkan Surat Keputusan Dewan Komisaris No.01/Indonet-Dekom.SK/X/2020 tentang Pembentukan Pedoman Komite Nominasi dan Remunerasi tanggal 27 Oktober 2020.

Duties and Responsibilities

The Audit Committee acts independently in carrying out its duties and responsibilities.

In carrying out its functions, the Audit Committee’s duties and responsibilities shall include the following:

1. Reviewing financial information that will be released by the Company to the public and/or authorities, including financial statements, projections and other reports related to the Company’s financial information;

2. Reviewing the Company’s compliance with prevailing laws and regulations relevant to the Company’s activities;

3. Providing an independent opinion in the event of disagreements between management and the Accountant for the service rendered;

4. Provide recommendations to the Board of Commissioners with regard to the appointment of Accountant based on independence, scope of assignment and fees;

6.Reviewing and assessing the activities related to risk management implementation by the Board of Directors;

7.Reviewing and assessing complaints/concerns related to the Company’s accounting and financial reporting processes;

8. Examining the independence and objectivity of public accountant;

9. Reviewing the adequacy of audits carried out by public accountant and supervise the Board of Directors follow-up on the public accountant’s findings;

10. Carrying out supervision over the investigations into allegations of errors in the decisions made in Board of Directors meetings or implementation deviations from the  of the Board of Directors meeting decisions;

11. Report to all members of the Company Board of Commissioners, the conclusion or result of reviews, assessments, or investigations carried out by the Audit Committee;

12. Review/assess and provide advice to the Board of Commissioners regarding potential conflicts of interest in the Company and public accountant; and

13. Maintain the confidentiality of the Company’s documents, data and information.

—

Authority and Working Mechanism

In carrying out its duties, the Audit Committee has the following authorities and work mechanisms:

1. Access to Company’s documents, data and information relevant to employees, funds, assets and the Company’s required resources;

2. Communicate directly with employees, including the Board of Directors and parties in-charge of internal audit function, risk management and Accountant which relate to the duties and responsibilities of the Audit Committee;

3. Involve independent parties outside the Audit Committee members who may be needed to assist in the carrying out their duties; and

4. Perform other authorities as delegated by the Board of Commissioners.

Piagam Internal Audit

Sebagaimana terdapat di dalam Piagam Internal Audit Perseroan, tugas dan tanggung jawab serta wewenang dari Audit Internal Perseroan adalah sebagai berikut:

—

Tugas dan Tanggung Jawab Unit Audit Internal meliputi:

1. Menyusun dan melaksanakan rencana audit internal tahunan;

2. Menguji dan mengevaluasi pelaksanaan pengendalian interen dan sistem manajemen sesuai dengan kebijakan Perseroan;

3. Melakukan pemeriksaan dan penilaian atas efisiensi dan efektivitas di bidang keuangan, akuntansi, operasional, sumber daya manusia, pemasaran, teknologi informasi dan kegiatan lainnya;

4. Memberikan saran perbaikan dan informasi yang obyektif tentang kegiatan yang diperiksa pada semua tingkat manajemen;

5. Membuat laporan hasil audit dan menyampaikan laporan tersebut kepada Presiden Direktur dan Dewan Komisaris;

6. Memantau, menganalisis dan melaporkan pelaksanaan tindak lanjut perbaikan yang telah disarankan;

7. Bekerja sama dengan Komite Audit;

8. Menyusun program untuk mengevaluasi mutu kegiatan audit internal yang dilakukannya; dan

9. Melakukan pemeriksaan khusus apabila diperlukan.

—

Wewenang Unit Audit Internal meliputi:

1. Mengakses seluruh informasi yang relevan tentang Perseroan terkait dengan tugas dan fungsinya;

2. Melakukan komunikasi secara langsung dengan Direksi, Dewan Komisaris, dan/atau Komite Audit;

3. Mengadakan rapat secara berkala dan insidentil dengan Direksi, Dewan Komisaris, dan/atau Komite Audit; dan

4. Melakukan koordinasi kegiatannya dengan kegiatan auditor eksternal.

Tugas dan tanggung jawab Sekretaris Perusahaan Perseroan adalah sebagai berikut:

1. Mengikuti perkembangan Pasar Modal khususnya peraturan perundang-undangan yang berlaku di bidang Pasar Modal;

2. Memberikan masukan kepada Direksi dan Dewan Komisaris Perseroan untuk mematuhi ketentuan peraturan perundang-undangan di bidang Pasar Modal;

3. Membantu Direksi dan Dewan Komisaris dalam pelaksanaan tata kelola perusahaan yang meliputi:

• keterbukaan informasi kepada masyarakat, termasuk ketersediaan informasi pada situs web Perseroan atau perusahaan publik;
• penyampaian laporan kepada OJK tepat waktu;
• penyelenggaraan dan dokumentasi Rapat Umum Pemegang Saham;
• penyelenggaraan dan dokumentasi rapat Direksi dan/atau Dewan Komisaris; dan
• pelaksanaan program orientasi terhadap perusahaan bagi Direksi dan/atau Dewan Komisaris;

4. Sebagai penghubung atau contact person antara Perseroan dengan pemegang saham Perseroan, OJK, dan pemangku kepentingan lainnya.

5. Menjaga kerahasiaan dokumen, data dan informasi yang bersifat rahasia kecuali dalam rangka memenuhi kewajiban sesuai dengan peraturan perundang-undangan atau ditentukan lain dalam peraturan perundang-undangan;

6. Mengikuti pendidikan dan/atau pelatihan dalam rangka meningkatkan pengetahuan dan pemahaman untuk membantu pelaksanaan tugasnya;

7. Membuat laporan secara berkala sekurang-kurangnya 1 kali dalam 1 tahun mengenai pelaksanaan fungsi sekretaris perusahaan kepada Direksi dan ditembuskan kepada Dewan Komisaris.

—

Informasi mengenai kontak Sekretaris Perusahaan Perseroan adalah sebagai berikut: