- Home
- Investors
- ESG
- Governance
- GCG Principles
Investors
Commitment
The Company fully committed to becoming a good business entity, performing in consistency with the laws, regulations, and code of ethics, as well as implementing an effective management system. In its business conduct, the Company always upholds the GCG principles of transparency, accountability, responsibility, independence and fairness as part of its efforts to implement best governance practices to create added value for shareholders and other stakeholders.
Company GCG Principles
- Transparency
The Company consistently provides clear, accurate, complete, and timely information to the shareholders and other stakeholders, in the form of financial statements, investor information, and other relevant materials or disclosures. These are available on the corporate website, www.matahari.com /corporate/, and disclosed in the Company’s annual reports. - Accountability
The Management accepts its responsibility to the shareholders and other stakeholders regarding the implementation of the Company’s strategies and the achievement of its objectives and is ready to be accountable for all its actions and decisions to the Board of Commissioners, the shareholders, and others stakeholders. The Board of Commissioners is responsible for the effective supervision of Management and is accountable to the shareholders. - Responsibility
The Company complies with the relevant laws and regulations and respects the rights of all the stakeholders. It also fulfills its responsibility to protect and promote the sustainability of the environment, public welfare and healthy living.
- Independence
The Company manages the business in a professional manner, without any conflict of interest or influence or pressure from any party that is in contrary to the laws and regulations. This is demonstrated in the Company’s objective decision making, which is free of any intervention from third parties.
- Fairness
The Company treats all the shareholders equitably, regardless of whether they are majority or minority shareholders, and guarantees the rights of the shareholders and stakeholders. Therefore, the Company always provides equal opportunities to all shareholders to make decisions and engage with the company in AGMS, and treats all stakeholders fairly by providing equal opportunities related to employment, training, promotion, access to information, and so forth.
Implementation of GCG principle
Implementation of GCG principle
Internal Monitoring and Control
Code of Conduct
The Company’s Code of Conduct is a standard of business ethics and work ethics which is prepared by taking into account the principles of Good Corporate Governance, based on the values and norms that apply in the Company, and is constantly tailored to the development of laws and regulations and applicable practices.
- The key objectives of the Code of Conduct are:
- Integrating the Company’s values into employees’ ethical business practices in line with the Company’s vision and mission;
- and
Clearly describing the Company’s values and the acceptable conduct that must be followed by all employees in carrying out their day-to-day duties and responsibilities.
- Providing basic guidelines for all levels in the Company with regard to the interaction between employers and employees, shareholders, suppliers, Government, and other stakeholders.
The Code is reviewed periodically to ensure that it remains consistent with these objectives.
Contents of the Code of Conduct
The Code provides guidance for employees on their interactions with colleagues, employees, shareholders, suppliers, and regulatory officials in the following areas:
- Improving accountability, transparency, and compliance with existing laws and regulations;
- Implementing tasks with the highest degree of professionalism and integrity;
- Avoiding giving or accepting inappropriate corporate gifts, bribery and kickbacks in any form and for any reason, for example, cash and its equivalent, membership/ entertainment, unusual discounts, unusual (in terms of frequency and/or value), fund support for tours or vacations, hampers, and bouquets;
- Avoiding activities which may give rise to a conflict of interest with their work in any form or situation for example, an employee has a financial interest with vendors, contractors or brokers who have business relations with the Company; an employee operates and manages an enterprise that is related to the Company; an employee uses the Company’s asset for personal benefit; and
- Protecting the Company’s proprietary information, both during and after an employee’s employment term with the Company.
Internal Audit
This unit is responsible to provide objective assurance and independent as well as objective consultation in order to strengthen Internal Control and other specific operational issues. Acting as the internal controller and supervisor, the Internal Audit Unit aims at making operational, financial and management activities more effective and efficient.
Internal Audit Charter
Internal Audit (IA) has a Charter in accordance with POJK No. 56/POJK.04/2015 on the Establishment and Guidelines for the Internal Audit Charter. In performing its duties and responsibilities, IA adheres to the Charter which contains:
- The organisational structure of the Internal Audit and its position within the Company;
- The qualifications, duties, responsibilities and authority of the auditors;
- The procedures for their appointment, replacement and termination;
- The plans, guidelines and reporting procedures of the IA;
- The independence and objectivity of the IA; and
- The Code of Ethics for the IA.
The Charter is periodically reviewed and updated and is also available on the Company’s website www.matahari.co.id.
Structure and Position of the Internal Audit
Internal Audit is structurally independent of the Company’s business units and directly responsible to the President Director. The Internal Audit Unit is led by the Head of Risk Management and Internal Audit, who is appointed and dismissed by the President Director, upon approval of the Board of Commissioners.
Maju Tarigan serves as the Head of the Internal Audit of the Company and reports directly to the President Director of the Company. His appointment was conducted following the merging of the Audit and Social Affairs Division with the Risk Management Division. As the Head of Risk Management and Internal Audit, he is assisted by a team of six corporate auditors, as indicated in the IA organisational chart above.
The organizational chart of IA can be found on page 175 of the Company's 2023 Annual Report.
Duties and Responsibilities
Based on the Internal Audit Charter, Internal Audit Unit carries out the following duties and responsibilities:
- Prepare and execute the annual Internal Audit Plan;
- Evaluate the implementation of the Company’s internal control and risk management systems, recommending areas for improvement and monitoring the effectiveness of the recommended follow-up actions;
- Evaluate the efficiency and effectiveness of the Company’s performance in key strategic areas, including finance, accounting, operations, human resources, marketing and information technology;
- Conduct special audits and/or investigations as required;
- Prepare reports on the audit findings for the President Director, the Board of Commissioners and the Audit Committee;
- Provide objective information as well as value-added recommendations for the improvement of the activities under review at all management levels;
- Monitor, analyse, and report on the implementation of followup actions on the recommended improvements;
- Cooperate with the Audit Committee;
- Design programs for quality assessment activities conducted by the Internal Audit Unit.
Whistleblowing System
The Whistleblowing System (WBS) is part of the Company’s Code of Conducts. It is a form of supervision inherent in carrying out consistent and continuous internal control, by involving all members of the Company to be proactive in maintaining order, and combating the practice of activities that may damage the Company’s reputation.
Suara Matahari is the Company’s official mechanism for a whistleblower to report misconduct which offers a range of confidential channels through which employees and other stakeholders can report if they genuinely suspect that a violation of the Code of Conduct or other misconduct has taken place, remaining anonymous if they wish. The Company’s whistleblowing policy, including the procedures and contact numbers for reporting, has been disseminated to all our employees, management, suppliers and business partners.
Suara Matahari has some features that support its accessibility, trustworthiness and effectiveness:
-
- Numerous hotline channels, including toll-free phone lines, Short Message Services/SMS, website, email and mailbox;
- Promotion of anti-fraud awareness and the whistleblowing program to all management, employees and suppliers;
- Experienced contact centre operators who handle incoming reports;
- Forensic investigation experts follow up the incoming reports and present the issues to management;
- Recommendations for improvements.
Whistleblowing System Management
Suara Matahari is managed independently by Deloitte as a third-party administrator in order to ensure reporting objectivity. The Company ensures that reporting parties have complete anonymity and protection. The status of incoming reports will be monitored by the Internal Risk Management and Audit Division. They will consolidate and report them to the Board of Directors and the Risk Management Committee.
Suspected misconduct or violations of the Code of Conduct can be reported through any of the following channels:
-
- Hotline: Informants can contact Suara Matahari on +62 21 2350 7056; they have the right to remain anonymous if they choose.
- SMS: Reports can be sent by SMS to +62 81586709196.
- Email: Reports can be sent via email to suaramatahari@tipoffs.info. The informant’s email address will not be disclosed without permission.
- Website: Reports can be sent via the Suara Matahari Website at https://id.deloitte-halo.com/suaramatahari Reports can be sent via Suara Matahari Website and providing detailed information about the suspected violation.
- Mail: Reports can be sent via regular mail to Suara Matahari PO Box 3670/JKP 10036, Central Jakarta.
Reports submitted in writing must be accompanied by a disclosure cover sheet, which can be downloaded from the Suara Matahari website. Informants should provide at least the following information to ensure that the appropriate actions can be taken:
-
- Name(s) of those involved;
- Name of a witness (if available);
- Information about the incident, including date, time and location;
- Evidence;
- The related nominal or assets; and
- The frequency of the incident(s).
Report Handling
- The Suara Matahari operator receives the whistleblowing report through one of the above channels and assigns a unique, anonymous reference number to the informant, which he or she can use when requesting information about the progress of the case.
- The report is sent to a Deloitte analyst for assessment. The results are returned to the Company’s representative within one working day.
- The Risk Management and Internal Audit Division determines further investigation and clarification actions. Later on, this division will present the results to the Risk Management Committee to decide on the penalties or sanctions on the suspects and determine any internal control improvements or other changes the Company needs to make.
Protection for Whistleblowers
The Company guarantees to protect whistleblowers who report in good faith from any retaliation by the allegation's subject. The whistleblowers have the following options regarding the disclosure of their identity:
- Full disclosure: the whistle-blowers is willing to disclose his/her identity to Deloitte and the Company.
- Partial anonymity: the whistle-blowers is willing to disclose his/her identity only to Deloitte. In this case, Deloitte will keep the informant’s identity confidential from the Company.
- Full anonymity: the whistle-blower is not willing to disclose his or her identity to Deloitte or the Company. The Company guarantees to protect the whistle-blower, who acts in good faith, from any act of retaliation by the reported party.
Whistleblowing Reports
Throughout 2023, 116 cases were reported, in which 109 cases were received via Suara Matahari and 7 cases through other reporting channels. The cases involved internal and external parties, which includes alleged breaches on code of conduct, conflict of interests, stealing of merchandises, manipulation of sale transactions (discounts are not matched with approved promotion), and sexual harassment. All cases have been investigated, with 50 proven cases, 42 unproven cases, and 24 undergoing cases during the publication of this Annual Report.
Sanctions or penalties imposed for violations committed in 2023 are detailed on page 200 of the Company's 2023 Annual Report.
Risk Management
The Company recognizes that risk has become an integral part of every business process. The possibility of risk occurring at any time and if significant, the consequences will impact on operational stability and performance achievement.
To ensure sustainability and business growth, the Company is committed to managing all risks proactively, systematically, effectively and efficiently.
The Risk Management Committee, the Audit Committee, the Internal Audit and the Company’s External Auditors work closely to identify, evaluate and mitigate risks by reviewing risk parameters in various areas, particularly critical systems, areas affecting costing and/or profitability, fraud, and abuse of authority.
Risk Management Framework
The Company has Enterprise Risk Management Framework which contains the Company’s objectives, strategies, governance, organisation, methodology, monitoring, and risk management reporting processes, thus enabling the Company to analyse, identify, and address risks in strategic areas in every part of the organisation actively and consistently which includes:
- Risk identification, measurement, monitoring and control, including awareness;
- Risk management infrastructure, including organisational structure, governance systems, data collection, analysis methods, policies and procedures and reporting; and
- Corporate culture, including training, performance measurement, value development, and rewards.
In order to protect the Company’s assets, the Company has developed a roadmap for implementing risk management processes across the organisation via several functions in Loss Prevention, Security, and Safety.
The Company also continuously implements a Risk Control Awareness and Assessment Program to ensure that all stakeholders (including business partners) understand and support the Company-wide risk management approach. As a result, the Company has developed a risk treatment, risk tolerance, and risk control matrix.
In 2023, the Company identified key risks and its mitigation efforts which are summarised below:
Governing Sustainability Matters
Ethical business practices are critically important to Matahari. Our commitment is reflected in the way we do our business and the way we treat our people. We are dedicated to operating with the highest standards of ethics and integrity, as well as complying with policies and procedures designed for good corporate governance.
Our programs in this pillar are focused on anticorruption and customer responsibilities.
- Anticorruption: The Company is committed to fully supporting the efforts made by all parties in creating a business climate free from corrupt practices and gratification. To ensure that ethical business is internalised across our company and supply chain, we have established and communicated the Gratification Policy to all employees and related parties. In 2023, we recorded 49 reports related to corruption, which increased compared to 44 in 2022 amid our more vigorous efforts to encourage anticorruption practices through identification and prevention.
-
Customer responsibilities: As one of our commitments to provide the highest quality to our customers, we continuously performed quality checks on all products. We adequately managed the risk of data breaches through a series of Information Technology security capability improvements.
We understand that customers entrust their personal information with us, and we have a responsibility to those individuals to respect their rights for privacy. Therefore, we are committed to protecting customer security by not disclosing or disseminating customers’ confidential data to irresponsible parties. Our Customer Privacy Policy provides transparency into the information we collect, how we use that information, and our commitment to following all applicable laws governing that information. Additionally, our privacy program ensures individuals’ privacy rights are fulfilled to the extent law requires.
To ensure the risk of customer data breaches are properly managed, we have improved our Information Technology (IT) security through the Security Operation Center (SOC) operating 24x7, completed a Vulnerability Assessment (VA) to our IT network infrastructure, upgraded end-point antivirus with the next-generation capability, and upgraded Back-up solution with ransomware protection. We also continuously socialise IT Cyber Security awareness to all users to mitigate potential data breaches and leakages. - Through these initiatives, we managed to maintain zero cases related to breach of customer privacy and achieve a 4.04 service quality index, higher compared to the industry average of 4.01 in 2023. In 2023, there were no reports of the product being withdrawn from the market, which occurred due to a product error or other reasons. No operational activities have been suspended due to non-compliance with regulations and/or voluntary codes concerning the health and safety impacts of products and services.
Information Access
The Company provides public access to the Company’s information and data through reports that the Company produces for capital market regulators and information for shareholders disseminated through the IDX website and the mass media, as well as other information published on the Company’s website or present www. matahari.com/corporate/, available in Indonesian and English. Matahari also provides information about the Company, its stores and products, as well as offers and promotions through the following social media platforms, such as Facebook (Matahari), Instagram (@matahari and @ storyofmatahari), TikTok (tiktokmatahari). In 2022, the Company issued 28 press releases to various media.
External Audit
Audit on the Company’s Consolidated Financial Statements for the year ended December 31, 2021, which include the statements of financial position, statements of profit or loss and other comprehensive income, statements of changes in equity and statements of cash flows, prepared in accordance with Indonesian Financial Accounting Standards.
Public Accounting Firm
Tanudiredja, Wibisana, Rintis & Rekan
(Anggota firma dari/member of PricewaterhouseCoopers International Limited)
WTC 3 | Jl. Jend. Sudirman Kav. 29-31 | Jakarta 12920 - Indonesia
T: (62-21) 50992901/31192901
F: (62-21) 52905555/52905050