Penerapan manajemen risiko di Perusahaan mencakup, namun tidak terbatas pada:1. Penerapan Manajemen Risiko berbasis ISO 31000:2018 yang diintegrasikan ke dalam semua proses bisnis dan sesuai dengan Tata Kelola Perusahaan yang Baik (Good Corporate Governance) dengan tujuan untuk menciptakan dan melindungi nilai Perusahaan;2. Pernyataan Komitmen Manajemen Risiko dari Direksi dan Dewan Komisaris;3. Penyusunan Risk Register aktivitas ongoing business dan investasi dilakukan oleh Risk Owner secara berkala dengan mempertimbangkan masukan PT Pertamina (Persero) atau Korporat. Risk Register yang disusun telah memasukkan biaya Risk Treatment ke dalam RKAP;4. Setiap pemimpin tertinggi Fungsi, Regional, dan AP Services wajib memastikan pengelolaan risiko telah diterapkan sesuai dengan kerangka kerja kebijakan, strategi, dan prinsip Manajemen Risiko;5. Monitoring pengelolaan risiko (Top Risk) On going Businessdan Proyek Prioritas PHE Subholding Upstream dilaporkan secara berkala kepada Manajemen Risiko Perusahaan;6. Fungsi Internal Audit melakukan Risk Management Audit yang bertujuan untuk mendapatkan keyakinan yang memadai bahwa pengelolaan manajemen risiko telah dilakukan secara efektif;7. Meningkatkan komitmen, tanggung jawab, kesadaran, dan partisipasi dari Dewan Komisaris, seluruh pekerja, dan stakeholders; dan8. Menetapkan kebijakan yang dapat mendukung keberhasilan penerapan manajemen risiko, termasuk sistem, prosedur, standar, dan metodologi. Strategi Penerapan Manajemen Risiko mencakup:a. Penetapan Batas Toleransi Risiko;b. Penyusunan Risk Profile termasuk di dalamnya pembuatan skala prioritas dan penetapan rencana Risk Treatment. Dalam melakukan risk assessment, PHE membagi kegiatan Perusahaan dalam dua kategori:%u2022 Risiko kegiatan usaha yang sedang berjalan (on-going business) yang telah disesuaikan dengan Rencana Kerja Anggaran Perusahaan (RKAP).%u2022 Risiko proyek, termasuk proyek prioritas. c. Pemantauan dan pelaporan pengelolaan risiko;d. Pengembangan budaya risiko; dane. Penyediaan infrastruktur Manajemen Risiko. Tugas dan Tanggung Jawab Direktorat Manajemen RisikoPerusahaan mendorong partisipasi aktif dari seluruh jajaran Perusahaan, termasuk Dewan Komisaris sesuai fungsinya masing-masing dalam rangka mencapai tujuan bisnis. Penerapan manajemen risiko juga bertujuan mendukung komitmen dalam mengungkapkan risiko yang secara signifikan dapat memengaruhi nilai Perusahaan secara transparan kepada pihak-pihak yang berkepentingan. Pihak-pihak yang terkait dalam pelaksanaan manajemen risiko di PHE, di antaranya:The implementation of risk management in the Company includes, but is not limited to:1. Implementation of ISO 31000:2018-based Risk Management which is integrated into all business processes and in accordance with the Good Corporate Governance with the aim of creating and protecting the Company's value;2. Statement of Risk Management Commitment from the Board of Directors and Board of Commissioners;3. Preparation of the Risk Register of ongoing business and investment activities is performed by the Risk Owner periodically by considering input from PT Pertamina (Persero) or the Corporation. The prepared Risk Register has included the Risk Treatment costs in the RKAP;4. Every top leader of Function, Region, and AP Services is required to ensure that risk management has been implemented in accordance with the Risk Management policy framework, strategy, and principles;5. Monitoring risk management (Top Risk) of Ongoing Business and Priority Projects of the PHE Subholding Upstream is reported periodically to the Company's Risk Management;6. The Internal Audit function performs a Risk Management Audit which aims to obtain adequate assurance that risk management has been conducted effectively;7. Increasing commitment, responsibility, awareness, and participation of the Board of Commissioners, all workers, and stakeholders; and8. Establishing policies that can support the successful implementation of risk management, including systems, procedures, standards and methodologies.Risk Management Implementation Strategy includes:a. Determination of Risk Tolerance Limits;b. Preparation of the Risk Profile including the creation of a priority scale and the determination of the Risk Treatment plan. In conducting a risk assessment, PHE divides the Company's activities into two categories:%u2022 Risks of ongoing business activities that have been adjusted to the Company's Work Budget Plan (RKAP).%u2022 Project risks, including priority projects.c. Risk management monitoring and reporting;d. Development of a risk culture; ande. Provision of Risk Management infrastructure.Duties and Responsibilities of Directorate of Risk Management The Company encourages active participation from all levels of the Company, including the Board of Commissioners according to their respective functions in order to achieve business goals. The implementation of risk management also aims to support the commitment to transparently disclosing risks that can significantly affect the Company's value to the interested parties. The parties involved in the implementation of risk management at PHE include:Laporan Tahunan %u2022 Annual Report 586HULU ENERGI