This template was purchased by AuditNet from a third party under a work for hire

agreement. You acknowledge that the Third-Party Content provided to you is

obtained from sources believed to be reliable and that no guarantees are made by
AuditNet®. or the AuditNet® website or the providers of the Third-Party Content as
to its accuracy, completeness, or timeliness. You should be aware that the template
may be incomplete, may contain errors, or may have become out of date. While
every reasonable precaution has been taken in the preparation of this template,
neither the author nor AuditNet assumes responsibility for errors or omissions, or for
damages resulting from the use of the information contained herein. You
acknowledge and agree not to hold AuditNet®, it’s website, any products or services
through AuditNet® or the AuditNet® website liable for any product purchase or any
decision or other transaction you may make based on your reliance on or use of
such data, or any liability that may arise due to the delivery of the Third Party
Content for any reason. AuditNet® is not in the business of providing insurance, tax
or legal advice to anyone. The information contained in this document is believed to
be accurate. However, no guarantee is provided. Use this information at your own
risk.
Audit Program Licensing Terms
1. You accept that this product is intended for your use, and you will not duplicate in
any form or manner, electronic or otherwise, copies of this product nor distribute this
product to anyone else.
2. You recognize that the product and its content are the sole property of AuditNet®
(the Publisher), and that we have copyrighted the product.
3. You agree that the Publisher is not responsible for any interruption of service or
malfunction that is a consequence of the Internet, a service provider, personal
computer, browser or other software or hardware components. You accept that there
is no guarantee that this product is totally error free. You further understand and
accept that the Publisher intends to provide reliable information but does not
guarantee the accuracy or completeness of any information, and is not responsible for
any results obtained from the use of such information.
4 This license is effective until terminated, when the license or subscription period
ends without renewal, or when you destroy this product and any related
documentation. The Publisher may terminate your license without notice if you fail to
comply with the conditions set forth in this agreement, and may pursue any other legal
recourse.
COSO - Enterprise Risk Management
Integerating with Strategy and Performance

INTRODUCITON:

WHAT IS COSO 2017 ABOUT…?

The updated COSO Framework 2017 - Enterprise Risk Management - Integerating with strategy and
performance, Let me explain it. The Risk Management needs to be integerated with the
organization strategy and it's performance so that it is ensured that the organizational objectives
are achieved.

Every organization has set a Mission, Vision, goals and Core values. All this defines what
organization want to achieve and want how to conduct the business. There is a risk for all type of
organization that it may not achieve what it want to achieve and organization must manage that
risk so that organizational objectives are achieved. The updated version of COSO 2017 focuses on
managing the risk through integerating it with strategy and performance. i.e.

1) While setting the organizational strategy the related risk must be assessed and related risk
management measures should be set and kept in place to management the risk.

2) Similarly risks should be identified at operational level and related risk management measures
should be set or kept in place to ensure that operational objectives are achieved in effective
manner. If risk is management at operational level then entity's performance would be in
accordance with the set objectives.

ENTERPRISE RISK MANAGEMENT

MISSION, VISION AND CORE VALUES GOVERNANCE & CULTURE

STRATEGY DEVELOPMENT STRATEGY AND OBJECTIVE SETTING

BUSINESS OBJECTIVE FORMULATION PERFORMANCE

IMPLEMENTATION & PERFORMANCE REVIEW & REVISION

ENHANCES VALUES INFORMATION, COMMUNICATION & REPORTING

COSO - Enterprise Risk Management - Integrating with Strategy and Performance
COSO Component : Governance and Culture
COSO Principle # 3: Establishing Operating Structures
Function: Sales Management

COSO -2017 - Enterprise Risk Management - Integrating with Strategy and Performance, Risk influences an organization's strategy and performance throughout the process from strategic planning to
operational activities. So it is important to embedding the risk management across all organizational actives i.e. from setting mission, vision, strategic planning and operational activities.

Disclaimer:
The template is prepared to provide the guidance to the users to understand and enhance their knowledge in regards to the COSO Framework 2017 and apply their knowledge in accordance with the actual
scenario in their organization.

Process / Risk Mitigating Control / Internal Person Responsible for Last Review Next Review
Serial # Risk Remarks
Activities Control the Implementation performed Date

Management should regularly

monitor the progress of sales quotas
and strategies towards the success.
Weak monitoring of sales
1 Monitoring
strategies and quotas
Management should take into
account any variable that require the
strategy to be amended.

Management should develop a

mechanism through which valid
Trading Trading relationship may not
2 customers should be identified and
relationship be maintained
trading relationships should be
maintained for long-term success.
 Management should establish
Trading Trading relationship may not mechanism through which potential
3
relationship be established customers should be identified and
approached for business relationship.

Trading relationship may not Customers data should be

Trading
4 be established and maintained and recorded for both
relationship
maintained existing and potential customers.

Staffs involved in managing

Customers' data may not be customers' data should be contracted
Confidentiality of
5 secured and leaked to with confidentiality clauses in their
customer data
market competitors employment contracts.

Management should ensure to

restrict the research details from
Customers' data may not be unauthorized access.
Confidentiality of
6 secured and leaked to
customer data
market competitors Access logs should be maintained
and authorized personnel should be
defined.

Management should conduct due

Long credit terms may be
Customer diligence of major customers, to
7 allowed to financially
identification identify whether they are financially
insolvent customers
viable.

Individual customers' credit limits

Long credit terms may be
should be approved by management
8 Credit limits allowed to financially
on the basis of due diligence
insolvent customers
performed.
 Management should perform regular
Business opportunities may
market research to identify new
9 Market research not be identified through
business opportunities and potential
market research
target customers.

Management should ensure that

10 Training Sales staff may not trained sales staff are suitably trained and
knowledgeable.
Management should approve
unlawful, inappropriate and
unfeasible sales term.
Unauthorized sales term
11 Sales terms
may not be defined
Management should ensure that the
terms are appropriately
communicated to sales staff.

Name and Title of Department Director (please print)

Signature of Department Director

Date of Department Director's Signature