Republic of the Philippines

CAPIZ STATE UNIVERSITY

BURIAS CAMPUS
Burias, Mambusao, Capiz
www.capsu.edu.ph email address: burias@capsu.edu.ph

College of Management
Anna Mae Isoy Ariel N. Labaniego
BSBA IV-FM Course Facilitator

Risk Management
FE 413

4th set
Assessment

1. What is Coco Framework of Internal Control?

The Coco framework of internal control is concerned with the establishment and
communication of objectives. Coco framework, plans to assist with the achievements of objectives and
the inclusion of measurable performance targets and indicators. Coco framework also assure that during
the establishing and analyzing the purpose of the organization, the risks and opportunities facing by
organization should be analyzed I detail. CoCo is concerned with shared ethical values, and human
resources policies and practices, communication throughout the organization.
2. Enumerate the number of steps in undertaking an Internal Audit. Explain each.
Undertaking an internal audit involves a number of steps, it include, Planning the
internal audit exercise During the planning process, the internal audit team will define the scope and
objectives, review guidance relevant to, review the results from previous audits, set a timeline and
budget for the audit, create an audit plan to be executed, identify the process owners to involve, and
schedule a kick-off meeting to commence the audit. Another step is undertaking the fieldwork during
which control are tested. Fieldwork is the actual act of auditing. Throughout this phase, the audit team
will execute the audit plan. This usually includes interviewing key personnel to confirm an understanding
of the process and controls, reviewing relevant documents and, documenting the work performed, and
identifying exceptions and recommendations. Next step is, producing the audit report. The report
should be written clearly and succinctly to avoid misinterpretation and to encourage the intended
audience to actually read and understand the report. Findings should be accompanied by
recommendations that are actionable and lead directly to process improvements. The process of issuing
an internal audit report should include drafting the report, review the draft with management to ensure
the accuracy of findings, and issuance and distribution of the final report. And finally, ensuring that
there is adequate follow up.  Following up is critical to ensure that the recommendations have been
implemented to address the findings identified. This process should include appropriate follow-up with
process owners needing to implement the recommendations as well as Board oversight of the
company’s overall status in addressing findings identified by internal audit. If an organization fails to
follow-up on the implementation of recommendations, it is unlikely that the changes will be made.
3. Explain the three lines of applied tax.
The three lines of defence is a concept that seems quietly to be taking over the whole field of
risk management. It now seems all over in financial services and is finding its way, often through public
sector procurement requirements, into a vast range of new areas. In the first line, means having a
strategic understanding and the right people responsible for the basic business processes as they affect
tax. The Second line, this is the regular monitoring process, this requires framework and guidelines
developed by the tax and finance functions together, which are designed to facilitate effective
monitoring of tax risks. And the Third line is the independent assurance that the tax function in running
properly through both internal and external auditing.

4. Discuss the allocation of responsibilities.

In allocating the responsibilities is that the internal audit is responsible for the activities that are
identified as core internal audit roles. Giving the assurance on risk management process, and assurance
that risks are correctly evaluated. Risk management should facilitate and support the activities in the
center of the fan identified as legitimate roles for internal audit, risk management facilitate
identification and evaluate of risks, and line management at the appropriate level should have
responsibilities which includes the setting the risk appetite, imposing risk management processes, and
taking decisions on risk responses.

5. Explain the five lines of Assurance.

The five lines of assurance has been put forward in order to enhance the effectiveness
of the three lines of defence model. It is said that the three lines of defence model is well established
but sometimes it is extended by showing external audit and regulators but this does not represent the
five lines of assurance approach, it is currently being developed. The five lines of assurance model
suggest the sources of assurance which have their own assigned responsibilities, these are the board,
the senior executives and senior managers , the Business unit leaders, the Specialist units, and the
Internal audit.

6. Discuss Charities’ risk reporting.

The risk reporting by charities is compulsory in most countries in the world there is an
expectation that charities have detailed a risk management procedures that equivalent to those
required of government departments or a firm listed on a stock exchange. charities that are required by
law to have their accounts audited must make a risk management statement in their trustees' annual
report confirming that the charity trustees have given consideration to the major risks to which the
charity is exposed and satisfied themselves that systems or procedures are established in order to
manage those risks.