Committee Of Sponsoring Organizations COSO v The Committee

Committee Of Sponsoring Organizations (COSO) v The Committee Of Sponsoring Organizations’ Organizations (COSO) framework aims to provide thought leadership, through the development of comprehensive frameworks and guidance on enterprise risk management and internal control, designed to improve organizational performance and governance and to reduce the extent of fraud considerations in organizations.

COSO operates on the principles actively followed by the Superior Doctor. The COSO Framework Universe Establishes a sustainable, solid, self-evaluated environment to secure: § Operational Excellence § Merit based Decisions Making § Reporting through common language, based on predefined and accepted principles, and consistency. § Secured environment that promotes “Compliance”, ”Controls”, “Transparency”, ”Consistency”, and “check & balances” § Risk evaluation platform that promotes transparency, proactivity, and common language between the leadership of organizations. Strategy, Business Objectives and Performance Monitoring Mission, Vision & Core Values Alignment not reach Implications from the information and communication Risk to Strategy and Performance Enhanced Performance

The COSO Framework Universe Shareholder’s Interests (BOD) Leadership Operations Affiliates Customers / Consumers HOW COSO WILL HELP? COSO è Links è Informs è Aligns è Measures è Establishes Common Framework è Defines Decision Making Principles è Protects the Organization & Shareholder’s interests Environment (Market / Regulations)

Create a solid Control Environment, through Boards, Committees and Management and established target settings and performance management systems. WHY COSO FRAMEWORK IS NEEDED? Establish monitoring activities, to ascertain whether Policies and Procedures are present and functioning and deficiencies are timely reported. However these were not performed on the basis of a Risk Assessment, in order to ensure mitigation of risks related to the objectives of the company. Create Policies and Procedures that puts daily operations in action. Create systems enabling Internal and External Communication. Also, activities were not corelated under one framework principles, in order to ensure contribution to the objectives achievement.

COSO integrated Framework Components and it’s 17 Principles Control Environment HOW DOES COSO WORK 1. The entity demonstrates a commitment to integrity and ethical values. 2. Board of Directors independency from management – oversights development and performance of internal control 3. Assignment of Authority and The Committee of Sponsoring Organizations of the Treadway Commission COSO is a joint initiative of the five private sector organizations: 1. American Accounting Association 2. American Institute of Certified Public Accountants 3. Financial Executives International 4. The Association of Accountants and Financial Professionals in Business 5. The Institute of Internal Auditors Responsibility in the pursuit of objectives under clear reporting lines and Organizational Structure 4. Human Resources commitment to attract, develop, retain competent individuals in alignment with objectives 5. Individuals are accountable for their internal control responsibilities in the pursuit of Strategic Objectives and related Objectives Risk Assessment 6. The entity specifies objectives with sufficient clarity to enable the identification and assessment of related risks. (Factors influencing Objectives – Methodologies and Techniques – Event dependencies ) 7. Risks to the achievement of objectives, across company’s activities. Determine how should be management (Inherent and Residual Risk – Likelihood and Impact) 8. Potential for fraud in assessing risks to the achievement of objectives (Risk Appetite – Tolerance) 9. Identify Risk Responses and register Risk Management – how changes could significantly affect Control Activities 10. The organization selects and develops Control Activities contributing to the company’s objectives and mitigation of risks 11. Application of General Control Activities over technology (automated versus manual controls) 12. Deployment of control activities through Policies and Procedures that puts daily operations in actions. Information and Communication 13. Quality Information is used to support functioning of internal controls 14. Internal communication of information, including objectives and responsibilities 15. External communications regarding matters affecting the functioning of internal control. Monitoring 16. Separate or Ongoing evaluation to ascertain whether the components of internal controls are present and functioning 17. Control deficiencies are timely identified and communicated to those parties responsible to take actions, including senior management and Bo. D

COSO FRAMEWORK IMPLEMENTATION STEPS ARE 1. Assessment of Current Status – GAP Analysis COSO implementation steps Management can decide WHEN to implement the 17 COSO Principles, based on efforts / resources required for implementation and expected benefit. 2. Review and Approval of Remediation Actions – Assigned responsible We are here 3. Communication Plan of changes to assigned responsibles To be developed 4. Implementation of Remediation Actions – Assigned responsibles *In progress Current Project Status Phase I 1. Assessment of current status and Gap analysis is performed and completed. All Gaps or activities which require improvements are discussed and aligned with involved parties before presenting these to management for approval. 2. Proposed Remediation Actions along with proposed assigned responsible need to be reviewed and approved by the management. 3. There should be a clear Communication Plan explaining to each Process Owner / Control Owner, the changes and assignment of responsibility. Management should assign a Project Manager for this, responsible also to follow up on the Implementation of Remediation Actions agreed. 4. Policies and Procedures are adjusted in order to reflect the approved control activities and control owners. We have already done this work for you, using track changes functionality in all word documents provided for review. You only need to accept or reject the proposals.

COSO IS BOTH A TOOL AND PHILOSOPHY. FROM A BOARD OF DIRECTOR’S PERSPECTIVE, THE FOLLOWING ARE TANGIBLE BENEFITS THAT SHOULD BE CONSIDERED: v TRANSPARENCY. CONSISTENT, VALIDATED, AND TRANSPARENT INBOUND / OUTBOUND INFORMATION THROUGHOUT THE OPERATIONS, ENVIRONMENT, MARKET, CONSUMERS, REGULATORY AUTHORITIES. From a Board of Director’s v IMPLEMENTATION CLARIFY AND CASCADE OF DECISIONS. MANY DECISIONS Perspective REACHED AT BOD LEVEL GET DILUTED TILL THEY REACH THE ACTUAL IMPLEMENTATION PARTY. COSO PROVIDES THE FRAMEWORK OF SECURING PROPER CASCADE OF INFORMATION ACROSS ALL INVOLVED PARTIES. v OVERSEEING / CHECKS &. BALANCES. COSO FRAMEWORK PROVIDES CONTROLS, GOVERNANCE PLATFORM, AND SEGREGATION OF DUTIES / SYSTEMS TO SECURE A SAFE ENVIRONMENT FOR APPROPRIATE ACTIONS AND DECISION MAKING. v DECISION MAKING FRAMEWORK. VIA COSO, EVERYONE KNOWS THEIR CAPACITY TO MAKE DECISIONS AND THE FRAMEWORK OF HOW DECISION MAKING SHOULD TAKE PLACE. THE ORGANIZATION, FUNCTIONS AS ONE ALIGNED UNIT, WITH COMMON GOALS, VISION, AND OPERATIONAL CHARTER. v STRUCTURED AND PROACTIVE RISK MANAGEMENT. COSO HAS THE INFRASTRUCTURE TO OBJECTIVELY EVALUATE, PREVENT, AND/OR

IMPLEMENTING COSO FRAMEWORK WILL Contribute to a stronger, risk based control environment and will increase accountability, enabling the company to achieve it’s objectives! COSO implementation effect Management is flexible to select HOW, the 17 principles of COSO framework, can be implemented, based on a cost and benefit analysis. Identify all key control activities and address actions to the ineffective ones, in order to reduce risks and losses deriving from materialization of these risks. Put focus on preventive rather than detective controls and assign responsibility to each control owner, to ensure that the controls are working effectively. Classify manual versus automated control activities and assess options for automations in order to increase efficiency, based on cost & benefit analysis. Improve design of control activity to reduce cost in long term and enhance performance and communication. Enable monitoring of activities with clear sample and testing methodology of each control. Note: Detailed benefits and control objectives are analysed per control registered in the Matrix per business area.

CORPORATE GOVERNANCE - CHECKLIST 1. Are all relevant provisions of the UK Corporate Governance Code disclosed? v. Statements of compliance to the code 2. For any areas of non-compliance, is their an explanation that includes rationale, impact and indication as to when the board can expect to conform? 1. Is there reference to relevant information about the corporate governance practices applied beyond requirement? 2. Does the statement contain a description of features of internal control and risk management? Does the statement contain composition and operation of management, v. Corporate governance 3. supervisory and administrative bodies? statements 4. Does the statement contain a description of diversity policy, how this has been implemented and the results?

CORPORATE GOVERNANCE - CHECKLIST 1. Are the business’ purpose, values and strategies clearly established and understood by the board of directors? 2. Are workforce policies and practices consistent with the business’ values? 3. Does the business have the necessary resources in place to meet objectives and measure KPIs? v. Board leadership and company purpose 4. Is the chairperson regularly meeting with the businesses stakeholders/shareholders to understand their views on governance and performance? 5. Is there a policy in place for the workforce to address any concerns in confidence? 6. Are there any factors which may cause a conflict of interest or override the judgment of any independent directors?

CORPORATE GOVERNANCE - CHECKLIST 1. Does the business have the necessary resources it needs in order to function effectively and efficiently? 2. Do the board of directors have enough time to meet their requirements and responsibilities to the board? 3. Is there a clear division of responsibilities between the leadership of the board and the executive leadership of the business? v. Division of responsibilities 4. Do all directors have access to the advice of a company secretary? 5. Are the responsibilities of the chairperson, chief executive, senior independent directors, board and committees clear, set out in writing and made available to the public? 6. Are at least half the board (excluding the chairperson) comprised of independent board members? 7. Is there at least one independent director on the board that holds a senior title (Senior Independent Director)?

CORPORATE GOVERNANCE - CHECKLIST 1. Has the board completed an annual evaluation of its composition of directors, including gender and ethnic diversity, skillset and abilities? 2. Has the chairperson of the board been in place for 9 years or more? v. Composition, succession and evaluation 3. Does the board have a plan in place for creating a diverse pipeline of directors? 4. Is the chairperson acting on the results of the board evaluation with urgency? 1. Does the board have a formal and transparent procedure for developing policy on executive compensation? v. Compensation 2. Do compensation policies and practices support strategy and promote long termsustainable success? 3. Is executive compensation aligned to company purpose and values? 4. Does the compensation of board of directors reflect the time commitment and responsibilities required of them?

CORPORATE GOVERNANCE - CHECKLIST 1. Has the board established formal and transparent policies and procedures? 2. Does the board provide a fair, balanced and understandable assessment of the company’s position and prospects? v. Audit, risk and internal control 3. Does the board have procedures in place to manage risk and to oversee internal control functions? 4. Does the board have an audit committee in place comprised of independent directors? 5. Has the board completed a robust assessment of the business’ emerging and principal risks?