This template was purchased by AuditNet from a third party under a work for hire

agreement. You acknowledge that the Third-Party Content provided to you is

obtained from sources believed to be reliable and that no guarantees are made by
AuditNet®. or the AuditNet® website or the providers of the Third-Party Content as
to its accuracy, completeness, or timeliness. You should be aware that the template
may be incomplete, may contain errors, or may have become out of date. While
every reasonable precaution has been taken in the preparation of this template,
neither the author nor AuditNet assumes responsibility for errors or omissions, or for
damages resulting from the use of the information contained herein. You
acknowledge and agree not to hold AuditNet®, it’s website, any products or services
through AuditNet® or the AuditNet® website liable for any product purchase or any
decision or other transaction you may make based on your reliance on or use of
such data, or any liability that may arise due to the delivery of the Third Party
Content for any reason. AuditNet® is not in the business of providing insurance, tax
or legal advice to anyone. The information contained in this document is believed to
be accurate. However, no guarantee is provided. Use this information at your own
risk.
Audit Program Licensing Terms
1. You accept that this product is intended for your use, and you will not duplicate in
any form or manner, electronic or otherwise, copies of this product nor distribute this
product to anyone else.
2. You recognize that the product and its content are the sole property of AuditNet®
(the Publisher), and that we have copyrighted the product.
3. You agree that the Publisher is not responsible for any interruption of service or
malfunction that is a consequence of the Internet, a service provider, personal
computer, browser or other software or hardware components. You accept that there
is no guarantee that this product is totally error free. You further understand and
accept that the Publisher intends to provide reliable information but does not
guarantee the accuracy or completeness of any information, and is not responsible for
any results obtained from the use of such information.
4 This license is effective until terminated, when the license or subscription period
ends without renewal, or when you destroy this product and any related
documentation. The Publisher may terminate your license without notice if you fail to
comply with the conditions set forth in this agreement, and may pursue any other legal
recourse.
COSO - Enterprise Risk Management
Integerating with Strategy and Performance

INTRODUCITON:

WHAT IS COSO 2017 ABOUT…?

The updated COSO Framework 2017 - Enterprise Risk Management - Integerating with strategy and
performance, Let me explain it. The Risk Management needs to be integerated with the
organization strategy and it's performance so that it is ensured that the organizational objectives
are achieved.

Every organization has set a Mission, Vision, goals and Core values. All this defines what
organization want to achieve and want how to conduct the business. There is a risk for all type of
organization that it may not achieve what it want to achieve and organization must manage that
risk so that organizational objectives are achieved. The updated version of COSO 2017 focuses on
managing the risk through integerating it with strategy and performance. i.e.

1) While setting the organizational strategy the related risk must be assessed and related risk
management measures should be set and kept in place to management the risk.

2) Similarly risks should be identified at operational level and related risk management measures
should be set or kept in place to ensure that operational objectives are achieved in effective
manner. If risk is management at operational level then entity's performance would be in
accordance with the set objectives.

ENTERPRISE RISK MANAGEMENT

MISSION, VISION AND CORE VALUES GOVERNANCE & CULTURE

STRATEGY DEVELOPMENT STRATEGY AND OBJECTIVE SETTING

BUSINESS OBJECTIVE FORMULATION PERFORMANCE

IMPLEMENTATION & PERFORMANCE REVIEW & REVISION

ENHANCES VALUES INFORMATION, COMMUNICATION & REPORTING

COSO - Enterprise Risk Management - Integrating with Strategy and Performance
COSO Component : Governance and Culture
COSO Principle # 3: Establishing Operating Structures
Function: Employee benefits - Other benefits - Pension-Rules-and-Regulations

COSO -2017 - Enterprise Risk Management - Integrating with Strategy and Performance, Risk influences an organization's strategy and performance throughout the process from strategic planning to operational
activities. So it is important to embedding the risk management across all organizational actives i.e. from setting mission, vision, strategic planning and operational activities.

Disclaimer:
The template is prepared to provide the guidance to the users to understand and enhance their knowledge in regards to the COSO Framework 2017 and apply their knowledge in accordance with the actual scenario in
their organization.

Process / Risk Mitigating Control / Internal Person Responsible for Last Review Next Review
Serial # Risk Remarks
Activities Control the Implementation performed Date

Management should perform

appropriate screening of fund
members in order to prevent
ineligible persons to become fund
member.
Eligibility rules may not be
1 Eligibility criteria
defined by management
Management should ensure that
membership criteria are understood
by the trustees so that they prevent
ineligible person from becoming
member of the fund.

Employees who leaves the
Organization may not be
2 Left employees
timely intimated to the fund
managers
Management should ensure that
employees who left the
organization are timely intimated to
the fund managers, so that they
can perform their duties
adequately.

The pension program rules should

Pension program rules may be up to date and reviewed by
not be known to the management periodically.
Communication of
3 members, which may lead to
the program rules
expectations not offered by The rules may be communicated to
the Organization the members of the fund in order to
avoid misconceptions or rumors.

Management should record all the

concerns and queries of fund
members.
Queries and Queries and concerns of
4 concerns of fund members may not be The queries should be timely
members addressed addressed and the concern should
assessed. If found reasonable and
suitable should be addressed and
discussed in board meetings.

All the members who are within a

year become retired should be
identified.
Value of fund may be known
5 Fund valuation
to individual members
Correct valuation of their pension
fund should be communicated to
them.

All the investments from the fund

Diversification of Investments may not be should be appropriately diversified
6
investments diversified in order to reduce the financial
risks.
 Management should ensure that
proportion of investments in a
Diversification of Investments may not be
7 sector should be made as per the
investments diversified
defined percentages of legislation
and regulations.

Management should develop an

investment policy and strategy that
ensure compliance with
Diversification of Investments may not be regulations, best practices and
8
investments diversified principle of diversification.

Management should ensure to

comply with the policy.

Management should ensure that

surplus funds should be timely
Surplus fund may not be identified and invested in order to
9 Surplus funds
identified gain maximum return within the
parameter of investment policy and
guidelines.

Management should ensure that

timely and accurate information is
Fund performance may not
available w.r.t fund performance. In
10 Fund performance be timely available to
order to assess the performance
management and trustees
and take any corrective action,
when required.

Management should ensure that

trustees of the fund are being kept
Trustee may not be aware of up to date w.r.t regulatory
Compliance
existing fund laws and requirements of the fund. In order
requirements
regulations to keep the fund fully compliant
w.r.t prevailing laws and
regulations.

Name and Title of Department Director (please print)

Signature of Department Director

Date of Department Director's Signature