Professional Documents
Culture Documents
2
Please refer to "TIMELINE" tab for detailed schedule. RA - Risk assessment - this includes walkthrough
CONFIDENTIAL #_x000D_
VERY HIGH Q1
HIGH Q2
HIGH Q3
HIGH Q1
HIGH
HIGH
HIGH Q2
HIGH
sment - this includes walkthroughs and test of design and implementation of controls. TOC - Test of Control
CONFIDENTIAL #
Department
S/N
Audit Universe
Audit Universe
1 Property Leasing Operations
Property Leasing Operations
Property Leasing Operations
Property Leasing Operations
Property Leasing Operations
Property Leasing Operations
Property Leasing Operations
Property Leasing Operations
2 Property Sales Operation
Property Sales Operation
Property Sales Operation
Property Sales Operation
Property Sales Operation
Property Sales Operation
Property Sales Operation
Property Sales Operation
3 Sales Personnel and Performance
Management
Sales Personnel and Performance
Management
Sales Personnel and Performance
Management
4 Customer Account Management
Customer Account Management
Customer Account Management
5 Hire-to-Retire
Hire-to-Retire
Hire-to-Retire
Hire-to-Retire
Hire-to-Retire
CONFIDENTIAL #
Hire-to-Retire
Hire-to-Retire
Hire-to-Retire
Hire-to-Retire
6 Corporate Health/Wellness
Corporate Health/Wellness
Corporate Health/Wellness
Corporate Health/Wellness
7 Corporate Admin
Corporate Admin
Corporate Admin
Corporate Admin
Corporate Admin
8 Procure-to-pay
Procure-to-pay
Procure-to-pay
Procure-to-pay
Procure-to-pay
Procure-to-pay
Procure-to-pay
Procure-to-pay
Procure-to-pay
Procure-to-pay
Procure-to-pay
9 Non-PO transactions
Non-PO transactions
Non-PO transactions
Non-PO transactions
Non-PO transactions
10 Acquire-to-Dispose
Acquire-to-Dispose
Acquire-to-Dispose
Acquire-to-Dispose
Acquire-to-Dispose
Acquire-to-Dispose
11 Record-to-Report
Record-to-Report
Record-to-Report
Record-to-Report
CONFIDENTIAL #
12 Tax Review
Tax Review
13 Financial Management
Information System
Financial Management
Information System
Financial Management
Information System
Financial Management
Information System
14 Cash management
Cash management
Cash management
Cash management
Cash management
15 Business & Project Development
Cycle
Business & Project Development
Cycle
Business & Project Development
Cycle
Business & Project Development
Cycle
16 Marketing Communications
Marketing Communications
Marketing Communications
Marketing Communications
17 Strategic Funding and Investment
Strategic Funding and Investment
Strategic Funding and Investment
Strategic Funding and Investment
18 Project Management
Project Management
Project Management
Project Management
Project Management
Project Management
Project Management
Project Management
19 EMERA
EMERA
EMERA
EMERA
EMERA
EMERA
EMERA
20 Legal and Compliance
CONFIDENTIAL #
Complexity or volatility of
Subprocesses activities/highly specialized
operations/complicated operations
RAW
Subprocesses RISK RATING
SCORE
Subprocesses 30%
Leasing Operations - Leads Generation (Strategy/Planning) LOW 2
Customer Accreditation and Credit Evaluation (Pre-reservation, MODERATE 3
Customer Code Maintenance)
Leasing Operations - Reservation (incl. Customer Master Data) LOW 2
Lease Agreements and Documentation (creation, issuance, monitoring) MODERATE 3
Leasing Operations - Booking of Accounts MODERATE 3
Lease Contract Management (including compliance, termination, MODERATE 3
adjustments or revision, cancellation - including pricing, rebates and
Tenant Relations and services LOW 2
discounts, etc)
Lease Record Management (incl. Unit Inventory) MODERATE 3
Sales Operations - Leads Generation (Strategy/Planning) HIGH 4
Customer Accreditation and Credit Evaluation (Pre-reservation, MODERATE 3
Customer Code Maintenance)
Sales Operations - Reservation (incl. Customer Master Data) MODERATE 3
Sales Agreements and Documentation (creation, issuance, monitoring) MODERATE 3
Sales Operations - Booking of Accounts VERY HIGH 5
Sales Contract Management (including compliance, termination, HIGH 4
adjustments or revision, cancellation - including pricing, rebates and
Sales Relations and services LOW 2
discounts, etc)
Sales Record Management (incl. Unit Inventory) MODERATE 3
Hiring and Training, MODERATE 3
Performance Evaluation and Commission & Incentives HIGH 4
Reservation Management - Sales Agent MODERATE 3
Billing Process HIGH 4
Collection Receipts Management (Manual/ IPay88) HIGH 4
Customer account maintenance VERY HIGH 5
Recruitment/Talent Acquisition, HIGH 4
Timekeeping & Payroll (TIN, Government Deductions) VERY HIGH 5
Compensation & Benefits, VERY HIGH 5
Employee Relations (including employee discipline) HIGH 4
Training & Development and Succession Planning HIGH 4
CONFIDENTIAL #
Regulations (AMLA, RESA Law, Maceda, SEC, PSE, HLURB (former HIGH 4
name))
Litigations MODERATE 3
Whistle-blowing practices HIGH 4
Related Party Transactions HIGH 4
Board Appraisal LOW 2
BOD Election LOW 2
Enterise-wide risk management MODERATE 3
Department risk management MODERATE 3
Risk framework MODERATE 3
Risk register and appetite MODERATE 3
Risk Program MODERATE 3
IT Risk Management MODERATE 3
General Information Technology and Application Controls MODERATE 3
Access rights management (privilege and general), MODERATE 3
Threats and vulnerabilty management MODERATE 3
Email and web browser security MODERATE 3
Inventory and configuration of HW and SW assets MODERATE 3
Controlled use of admin privileges MODERATE 3
Malware defenses MODERATE 3
Control of network ports, protocols and services, MODERATE 3
Protection of information assets, including physical security MODERATE 3
Change management MODERATE 3
Physical and network security LOW 2
Prevention, back-up and recovery MODERATE 3
Scenario and resource planning MODERATE 3
Program controls (records of processing activities, risk assessment and HIGH 4
breach management),
Privacy ecosystem (privacy impact assessment, oversight, review, HIGH 4
updates and/or revisions)
Periodic sustainability reporting process (GRA) HIGH 4
LEED, Verde, Edge HIGH 4
CONFIDENTIAL #
50%
CONTROL ENVIRONMENT AND MANAGEMENT OF INTERNAL CONTR
ty or volatility of
Policies and procedures Process and system changes, Manpower complemen
highly specialized
documentation and implementation adoption, and automation movements
mplicated operations
% SCORE RISK RATING RAW SCORE % SCORE RISK RATING RAW SCORE % SCORE RISK RATING
10%
F INTERNAL CONTROL SYSTEMS FINANCIAL
SUB-TOTAL %
RAW SCORE % SCORE RISK RATING RAW SCORE % SCORE RISK RATING
SCORE
5% 10% 35% 100%
3 3.0% MODERATE 3 6.0% 21.5% LOW
3 3.0% HIGH 4 8.0% 31.0% HIGH
3 3.0% MODERATE 3 6.0% 29.5% MODERATE
3 3.0% HIGH 4 8.0% 33.5% HIGH
2 2.0% MODERATE 3 6.0% 32.5% HIGH
2 2.0% MODERATE 3 6.0% 29.5% MODERATE
2 2.0% MODERATE 3 6.0% 23.5% LOW
3 3.0% LOW 2 4.0% 29.0% LOW
2 2.0% MODERATE 3 6.0% 29.5% LOW
3 3.0% LOW 2 4.0% 29.0% HIGH
2 2.0% MODERATE 3 6.0% 29.5% MODERATE
3 3.0% MODERATE 3 6.0% 33.0% HIGH
2 2.0% MODERATE 3 6.0% 44.0% HIGH
3 3.0% MODERATE 3 6.0% 33.0% MODERATE
3 3.0% LOW 2 4.0% 20.5% LOW
3 3.0% MODERATE 3 6.0% 30.0% LOW
2 2.0% LOW 2 4.0% 26.0% VERY LOW
4 4.0% MODERATE 3 6.0% 36.5% HIGH
3 3.0% MODERATE 3 6.0% 27.0% HIGH
3 3.0% HIGH 4 8.0% 39.5% HIGH
3 3.0% HIGH 4 8.0% 39.5% HIGH
3 3.0% MODERATE 3 6.0% 41.5% LOW
5 5.0% MODERATE 3 6.0% 42.0% MODERATE
5 5.0% MODERATE 3 6.0% 45.0% VERY HIGH
5 5.0% MODERATE 3 6.0% 48.0% VERY HIGH
3 3.0% MODERATE 3 6.0% 38.5% LOW
3 3.0% MODERATE 3 6.0% 36.0% LOW
CONFIDENTIAL #
Susceptibility to fraud/noted
SUB-TOTAL % SUB-TOTAL %
Financial Impact/Exposure occurrence of fraud incidents/personnel
SCORE SCORE
knowledge of incident reporting
SUB-TOTAL % SUB-TOTAL %
RAW SCORE % SCORE RISK RATING RAW SCORE % SCORE
SCORE SCORE
100% 10% 100% 10%
2 40.0% 4.0% LOW 2 40.0% 4.0%
4 80.0% 8.0% HIGH 4 80.0% 8.0%
3 60.0% 6.0% MODERATE 3 60.0% 6.0%
4 80.0% 8.0% HIGH 4 80.0% 8.0%
4 80.0% 8.0% HIGH 4 80.0% 8.0%
3 60.0% 6.0% MODERATE 3 60.0% 6.0%
2 40.0% 4.0% LOW 2 40.0% 4.0%
2 40.0% 4.0% LOW 2 40.0% 4.0%
2 40.0% 4.0% LOW 2 40.0% 4.0%
4 80.0% 8.0% HIGH 4 80.0% 8.0%
3 60.0% 6.0% MODERATE 3 60.0% 6.0%
4 80.0% 8.0% HIGH 4 80.0% 8.0%
4 80.0% 8.0% HIGH 4 80.0% 8.0%
3 60.0% 6.0% MODERATE 3 60.0% 6.0%
2 40.0% 4.0% LOW 2 40.0% 4.0%
2 40.0% 4.0% LOW 2 40.0% 4.0%
1 20.0% 2.0% VERY LOW 1 20.0% 2.0%
4 80.0% 8.0% HIGH 4 80.0% 8.0%
4 80.0% 8.0% HIGH 4 80.0% 8.0%
4 80.0% 8.0% HIGH 4 80.0% 8.0%
4 80.0% 8.0% HIGH 4 80.0% 8.0%
2 40.0% 4.0% LOW 2 40.0% 4.0%
3 60.0% 6.0% MODERATE 3 60.0% 6.0%
5 100.0% 10.0% VERY HIGH 5 100.0% 10.0%
5 100.0% 10.0% VERY HIGH 5 100.0% 10.0%
2 40.0% 4.0% LOW 2 40.0% 4.0%
2 40.0% 4.0% LOW 2 40.0% 4.0%
CONFIDENTIAL #
15%
PRIOR AUDIT
Audit rating/results of last audit findings Time since last audit 10 – more than 2 years/never audited, 7 – within 2
and implementation of corrective actions years, 4 – with 1 year
RAW RAW
AUDIT RATING % SCORE TIMELINE
SCORE SCORE
50% 50%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
SATISFACTORY 3 30.0% WITHIN 1 YEAR 4 46.7%
N/A 5 50.0% N/A 10 100.0%
N/A 5 50.0% N/A 10 100.0%
N/A 5 50.0% N/A 10 100.0%
NEEDS IMPROVEMENT 4 40.0% WITHIN 2 YEARS 7 73.3%
NEEDS IMPROVEMENT 4 40.0% WITHIN 2 YEARS 7 73.3%
NEEDS IMPROVEMENT 4 40.0% WITHIN 2 YEARS 7 73.3%
N/A 5 50.0% > 2 YEARS/ NEVER AUDITED 10 100.0%
N/A 5 50.0% > 2 YEARS/ NEVER AUDITED 10 100.0%
N/A 5 50.0% > 2 YEARS/ NEVER AUDITED 10 100.0%
N/A 5 50.0% > 2 YEARS/ NEVER AUDITED 10 100.0%
N/A 5 50.0% > 2 YEARS/ NEVER AUDITED 10 100.0%
CONFIDENTIAL #
SHARED KR
SUB-TOTAL % RAW
% SCORE RISK RATING % SCORE RISK RATING
SCORE SCORE
0% 10% 20% 30%
MODERATE 16.7% 7.0% HIGH 4 16.0% VERY HIGH
MODERATE 16.7% 7.0% HIGH 4 16.0% HIGH
MODERATE 16.7% 7.0% MODERATE 3 12.0% HIGH
MODERATE 16.7% 5.7% VERY LOW 1 4.0% MODERATE
MODERATE 16.7% 5.7% LOW 2 8.0% VERY HIGH
MODERATE 16.7% 7.0% VERY LOW 1 4.0% MODERATE
MODERATE 16.7% 7.0% VERY LOW 1 4.0% LOW
MODERATE 16.7% 7.0% VERY LOW 1 4.0% MODERATE
MODERATE 16.7% 7.0% HIGH 4 16.0% VERY HIGH
MODERATE 16.7% 7.0% HIGH 4 16.0% HIGH
MODERATE 16.7% 7.0% MODERATE 3 12.0% HIGH
MODERATE 16.7% 7.0% VERY LOW 1 4.0% MODERATE
MODERATE 16.7% 7.0% LOW 2 8.0% VERY HIGH
MODERATE 16.7% 7.0% VERY LOW 1 4.0% MODERATE
MODERATE 16.7% 7.0% VERY LOW 1 4.0% LOW
MODERATE 16.7% 7.0% VERY LOW 1 4.0% MODERATE
VERY HIGH 50.0% 15.0% HIGH 4 16.0% LOW
VERY HIGH 50.0% 15.0% LOW 2 8.0% HIGH
VERY HIGH 50.0% 15.0% LOW 2 8.0% VERY LOW
HIGH 33.3% 11.0% LOW 2 8.0% HIGH
HIGH 33.3% 11.0% LOW 2 8.0% VERY HIGH
HIGH 33.3% 11.0% LOW 2 8.0% HIGH
VERY HIGH 50.0% 15.0% HIGH 4 16.0% HIGH
VERY HIGH 50.0% 15.0% LOW 2 8.0% VERY HIGH
VERY HIGH 50.0% 15.0% LOW 2 8.0% HIGH
VERY HIGH 50.0% 15.0% HIGH 4 16.0% MODERATE
VERY HIGH 50.0% 15.0% HIGH 4 16.0% LOW
CONFIDENTIAL #
10%
SHARED KRA/ COMPANY GOALS/THRUST
RAW SCORE % SCORE RISK RATING RAW SCORE % SCORE RISK RATING RAW SCORE % SCORE
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
QUARTER 1 - 2022 QUARTER 2 - 2022 QUARTER 3 - 2022 QUARTER 4 - 2022
Total
No. Risk Goals JANUARY FEBRUARY MARCH APR MAY JUNE JULY AUGUST SEPTEMBER OCTOBER NOVEMBER DECEMBER
Mandays
W1 W2 W3 W4 W1 W2 W3 W4 W1 W2 W3 W4 W1 W2 W3 W4 W1 W2 W3 W4 W1 W2 W3 W4 W1 W2 W3 W4 W1 W2 W3 W4 W1 W2 W3 W4 W1 W2 W3 W4 W1 W2 W3 W4 W1 W2 W3 W4
1 Finalization and Approval of Corporate Business
Continuity Plan
3
CONFIDENTIAL #_x000D_
784
766
18
2%
784
766
CONFIDENTIAL #_x000D_
18
CONFIDENTIAL #
CONFIDENTIAL #
CONFIDENTIAL #
CONFIDENTIAL #
CONFIDENTIAL #