This template was purchased by AuditNet from a third party under a work for hire

agreement. You acknowledge that the Third-Party Content provided to you is

obtained from sources believed to be reliable and that no guarantees are made by
AuditNet®. or the AuditNet® website or the providers of the Third-Party Content as
to its accuracy, completeness, or timeliness. You should be aware that the template
may be incomplete, may contain errors, or may have become out of date. While
every reasonable precaution has been taken in the preparation of this template,
neither the author nor AuditNet assumes responsibility for errors or omissions, or for
damages resulting from the use of the information contained herein. You
acknowledge and agree not to hold AuditNet®, it’s website, any products or services
through AuditNet® or the AuditNet® website liable for any product purchase or any
decision or other transaction you may make based on your reliance on or use of
such data, or any liability that may arise due to the delivery of the Third Party
Content for any reason. AuditNet® is not in the business of providing insurance, tax
or legal advice to anyone. The information contained in this document is believed to
be accurate. However, no guarantee is provided. Use this information at your own
risk.
Audit Program Licensing Terms
1. You accept that this product is intended for your use, and you will not duplicate in
any form or manner, electronic or otherwise, copies of this product nor distribute this
product to anyone else.
2. You recognize that the product and its content are the sole property of AuditNet®
(the Publisher), and that we have copyrighted the product.
3. You agree that the Publisher is not responsible for any interruption of service or
malfunction that is a consequence of the Internet, a service provider, personal
computer, browser or other software or hardware components. You accept that there
is no guarantee that this product is totally error free. You further understand and
accept that the Publisher intends to provide reliable information but does not
guarantee the accuracy or completeness of any information, and is not responsible for
any results obtained from the use of such information.
4 This license is effective until terminated, when the license or subscription period
ends without renewal, or when you destroy this product and any related
documentation. The Publisher may terminate your license without notice if you fail to
comply with the conditions set forth in this agreement, and may pursue any other legal
recourse.
COSO - Enterprise Risk Management
Integerating with Strategy and Performance

INTRODUCITON:

WHAT IS COSO 2017 ABOUT…?

The updated COSO Framework 2017 - Enterprise Risk Management - Integerating with strategy and
performance, Let me explain it. The Risk Management needs to be integerated with the
organization strategy and it's performance so that it is ensured that the organizational objectives
are achieved.

Every organization has set a Mission, Vision, goals and Core values. All this defines what
organization want to achieve and want how to conduct the business. There is a risk for all type of
organization that it may not achieve what it want to achieve and organization must manage that
risk so that organizational objectives are achieved. The updated version of COSO 2017 focuses on
managing the risk through integerating it with strategy and performance. i.e.

1) While setting the organizational strategy the related risk must be assessed and related risk
management measures should be set and kept in place to management the risk.

2) Similarly risks should be identified at operational level and related risk management measures
should be set or kept in place to ensure that operational objectives are achieved in effective
manner. If risk is management at operational level then entity's performance would be in
accordance with the set objectives.

ENTERPRISE RISK MANAGEMENT

MISSION, VISION AND CORE VALUES GOVERNANCE & CULTURE

STRATEGY DEVELOPMENT STRATEGY AND OBJECTIVE SETTING

BUSINESS OBJECTIVE FORMULATION PERFORMANCE

IMPLEMENTATION & PERFORMANCE REVIEW & REVISION

ENHANCES VALUES INFORMATION, COMMUNICATION & REPORTING

COSO - Enterprise Risk Management - Integrating with Strategy and Performance
COSO Component : Governance and Culture
COSO Principle # 3: Establishing Operating Structures
Function: Employee benefits - Other benefits - Pension - Book keeping and monitoring

COSO -2017 - Enterprise Risk Management - Integrating with Strategy and Performance, Risk influences an organization's strategy and performance throughout the process from strategic planning to operational
activities. So it is important to embedding the risk management across all organizational actives i.e. from setting mission, vision, strategic planning and operational activities.

Disclaimer:
The template is prepared to provide the guidance to the users to understand and enhance their knowledge in regards to the COSO Framework 2017 and apply their knowledge in accordance with the actual scenario in
their organization.

Process / Risk Mitigating Control / Internal Person Responsible for Last Review Next Review
Serial # Risk Remarks
Activities Control the Implementation performed Date

Management should ensure that all

the other benefits of employees are
adequately addressed through a
Pension and other benefits comprehensive policies.
1 Policies may not be addressed
through policies The policy should address all the
aspects including legislative
requirements and best practice
requirements.

Updates and amendments in The updates in other benefits

2 Policies the policies may not be including pension should be
approved approved by the board.
 Management should prepare a
checklist of existing regulations
which addresses the operational
Management may not and other requirements of pension
Monitoring
3 monitor the compliance of fund.
compliance
regulations and legislations
The management should review
the compliance of legislation and
regulations.

Compliance should be ensured and

any instance of non-compliance
with the regulation should be
penalized by the management.
Management may not
Monitoring
4 monitor the compliance of
compliance Management should inquire
regulations and legislations
justification and reasoning for such
non-compliance in order to address
the reason and to prevent the
occurrence in future.

Management should ensure that

books of accounts of pension fund
Books of pension fund may
5 Books of accounts should be kept separate and are
not be kept separate
accounted for by the trustees of the
fund.

Management should ensure that

separate financial statements are
Books of pension fund may being prepared for the pension
6 Books of accounts
not be kept separate fund as required by the law in
force.

Management should ensure that

periodic reconciliation are being
prepared between employees
Reconciliation between
contribution and fund balances.
employee balances and
7 Books of accounts
contributions may not be
The reconciliation should be
prepared
reviewed by an independent
person not involved in the
management of fund.

Separate bank accounts
8 Books of accounts
may not be opened
Management should ensure that
separate bank accounts are
maintained for the fund operations.

Management should ensure that

Separate bank accounts
9 Books of accounts
may not be opened
fund activities and bank accounts
are adequately segregated from
Companies activities and
operations.

Management should monitor the

operations of the funds in order to
Fund operational Fund operations may not be
10 ensure that they are in compliance
monitoring monitored
with the legislations and regulations
of the fund.

Management should ensure that

eligibility/membership rules of
Eligibility rules may not be
11 Eligibility criteria pension fund are adequately
defined by management
defined and explained in the
policies.

Name and Title of Department Director (please print)

Signature of Department Director

Date of Department Director's Signature