Risk Management Division

As a mining company, PT TIMAH Tbk faces various business risks in conducting each of its business process activities. Mining business is a capital intensive business and has a high level of risk. Companies are required to be able to manage risk effectively in order to maintain the business sustainability. By managing  risks effectively and in an integrated manner, the possibility of  negative impacts that may harm the Company and stakeholders shall be prevented or minimized. To coordinate risk management in the Company, the Board of Directors through the Board of Directors Decree No. 1300/Tbk/SK-0000/18-S11.2 formed a Risk Management Unit.

In accordance with PT TIMAH Tbk’s 2018 Organizational Structure, the main duties of the Company’s Risk Management Division are to plan, coordinate and evaluate the Company’s risk management activities, including Establish the risk management plan of the Company and Subsidiaries and their policies, Coordinating the implementation of risk management maturity level assessment in the Company and Subsidiaries, Providing consultation related to risk management in the Company and its Subsidiaries, and Monitor the implementation of risk management of the Company and its Subsidiaries.

The derivatives of the main duties of Risk Management Division are contained in the Company’s Risk Management Guidelines which outlines the roles and responsibilities of Risk Management Division as a second line of defense in the concept of three lines of defense, namely:

  1. Reviewing the conformity and effectiveness of the Company’s  risk management tools with the current situation and propose improvements to the Board of Directors.
  2. Proposing a work program of which is an interpretation of an improved roadmap, as an improvement in the Company’s risk management.
  3. Facilitating the implementation of risk assessments to ensure that the risk owner may conduct his/her role  effectively in onducting the assessment, determining the risk management plan and proceeding its communication to the Risk Management Division or other relevant divisions.
  4. Conducting a risk assessment of strategic initiatives.
  5. Conducting a check and balance on the results of the risk owner assessment implementation including the fairness of the risk management plan.
  6. Supporting the implementation of a risk-based budgeting process.
  7. Facilitating the implementation of Business Continuity Management of which is in line with the implementation of enterprise risk management.
  8. Publishing risk profile reports and/or other reports regarding the Company’s risks to internal and external stakeholders.

The implementation of the risk management system in the Company refers to the ISO 31000:2009 Risk Management System - Principles and Guidelines. Aside from being part of the implementation of Good Corporate Governance (GCG) practices, the purpose of risk management is to improve performance and encourage the achievement of Company’s goals.