We have designed and employed internal controls based on the COSO Internal Control framework. Conceptually, the design and implementation of our internal controls refer to the key concepts of the COSO Internal Control framework, as follows: 1. internal control is a process, thus in applying it we have designed operational guidelines that contain internal controls; 2. internal control is affected by people, thus in applying it we understand that the key is not how well or complete the designed processes are, but whether these processes are applied by the employees; 3. internal control is not an absolute value but that we must understand that we apply internal controls to be able to provide reasonable assurance that we have the means to guarantee the achievement of our objectives; and 4. internal control is one of the drivers in achieving our objectives and does not differ from or oppose or conflict with the process of managing the Company.
We began implementing internal controls at the same time as applying the provisions of (SOA) section 404 on internal control over ICOFR, namely in 2002. The focus of the internal controls applied in operational procedures is to ensure that our financial statements are reliable and free from misrepresentation and error; however, ICOFR is designed and applied on the basis of risks, which are not limited to quantitative risks related to the reliability of financial reporting but include qualitative risks related to strategic, business and other operational risks.
Internal control activities in 2010 continued to refer to the COSO Internal Control framework and placed more emphasis on maintenance to ensure that the design continues to fit, given the changes in the industry and the transformation of our organization in 2010.
