INTERNAL AUDIT REPORT

Auditable Area: Asset Services Group

As of: 10 July 2015

 INDEX

AREA PAGE

I. Overview, Scope and Approach 1

II. Results and Conclusion 1

III. Observations, Risks, Recommendations, and Management Actions 2

IV. Definitions: Risk Ratings, Risk Types, and Internal Audit Opinions 3
 INTERNAL AUDIT REPORT: Rental Collection

To: Members of the Audit Committee of the Board of Directors

Date: 10 July 2015

I. Overview, Scope and Approach

ABC Corporation, Inc. (hereinafter referred to as “ABC” and/or the “Company”) is a

corporation duly organized and existing under the laws of Philippines, and engaged in the
business of providing real estate management, administrative, business process and consultancy
services. Pursuant to performance of said services, ABC organized the Asset Services Group
(ASG) whose main task to secure and monitor viability of the Company’s assets and to provide
long-term sustainability plans to achieve the Company’s purpose.
Among its services is the lease management of various properties. It has had collected
monthly rentals ranging from over Php 50 000 to Php 100 000 from clients.
This audit report serves to review accounting performance of ASG to collect monthly
rentals from clients for a period of 10 June to 11 July 2015.

The following table quantifies the number of key controls that were identified and reviewed:

Financial Reporting Related 2

Operational Only 3
Regulatory Only 3
Total Key Controls 8

II. Results and Conclusion

Internal Audit Opinion: _______(See Section VI. for definition)

As the Asset Services Group (ASG) Finance Head of ABC, my duties

include acting as head on ASG accounting matters, monitoring accounting work in
ASG, coordinating with the ASG business line leaders in monitoring and collection of
ASG accounts receivables, and performing related duties and responsibilities.
For a period of 10 June to 11 July 2015, it has come to my attention that there was
no record that the amount of FOUR HUNDRED THOUSAND NINE HUNDRED FIFTY-
TWO 88/100 (P400,952.88) representing the advanced monthly rentals were paid by DFE
Cortes Limited, ABC;s client. Upon verification, the same amount was supposedly
received by SUNSHINE P. CUARESMA, ABC’s Accounting Assistant, and who was in
charge of collecting lease rentals, deposits and other fees from ABC’s clients, including
DFE Cortes.
Ms. Cuaresma is hereby recommended to immediately offer a written explanation
regarding the matter upon receipt of this report.

Respectfully,

ALEXANDER SCOTT A. PAREJA

Asset Services Group Finance Head

cc:

1
III. Rental Collection
Observations, Risks, Recommendations, and Management Actions

Observation Risk Rating1, Type1, Recommendation Management Actions

Description and Due Dates
1
See definition Section
VI
No sufficient record of Medium Business, Compel company officers Such officers are given
payment of monthly Fraud in charge of collection to a period of August to
rentals covering 10 disclose the proper record October 2015 to offer a
June to 10 July 2015 as soon as possible. Offer written explanation.
them an opportunity to
explain themselves.

Control Environment Strengtheners:

2
VI. Risk Ratings, Types, and Definitions

High Risk: >50% likelihood of risk occurrence in the next 3 years AND/OR significant
financial (>$5 million) or non-financial (e.g. reputational, operational) impact
Medium Risk: 10%--50% likelihood of risk occurrence in the next 3 years AND/OR
material financial (>$1 million) or non-financial impact
Low Risk: <10% likelihood of risk occurrence in the next 3 years AND immaterial
financial (<$1 million) or non-financial impact

Risk Type Definition

Financial/Market The risk of impact to the Company's financial position resulting from the volume,
complexity, or materiality of cash and investment transactions.

The risk that investments, other assets, and liability values are illiquid or volatile
due to fluctuations in financial, credit, and real estate markets, interest rates, etc.
Business The risk of business loss or volatility from:
 damage to the Company's reputation in the community and agent/insured
relationships due to Company acts or decisions;
 economic environment;
 increased competition; and/or
 inappropriate market or corporate strategies.
Operational/Insurance The risk that Company operations are not designed or operating effectively and/or
efficiently, primarily resulting from inadequate:
 planning (e.g. strategic or contingency);
 funding, infrastructure;
 financial and management reporting;
 product design, pricing, distribution channels, underwriting;
 claim administration;
 third party administration;
 reserving, modeling; and
 (or overly aggressive) performance goals.
Systems The risk of electronic data integrity, privacy, and confidentiality being
compromised, lost or stolen.

The risk of reliance on systems and technology that cannot adequately support the
needs of the business.
Governance/Regulatory The risk of non-compliance with insurance-specific laws and regulations (e.g. DBR,
RI Workers' Comp, NAIC, licensing, capital, etc.) and other requirements (e.g.
payroll, employment, taxes, data confidentiality, etc.), resulting in punitive and/or
reputational damages.

The risk of inadequate Board and/or management oversight and monitoring to

effectively and efficiently govern the Company's financial reporting, operations,
and compliance functions.
Organizational The risk of the organizational structure, employee resources and skills, culture,
incentives, and change management agility are inadequate meet the Company's
financial, operating, and regulatory objectives.
Fraud The risk of fraud occurring undetected without mitigating controls or effective audit
testing, creating financial or reputational loss to the Company.
Maturity, Complexity The risk that formal management processes or controls are not designed or
of Controls/Processes operating effectively and/or sufficient evidence to validate does not exist, resulting
in unmitigated deficiencies or inefficiencies.

Internal Audit Opinions

 Effective—Effective system of internal control. Several low risks or a medium
risk control observation may exist and are adequately mitigated
 Effective—Management Actions Required. A high risk or multiple medium risk
control observations may exist, which are mitigated, but management should
address to increase controls effectiveness and/or efficiency.

3
 Ineffective—Unmitigated Significant Deficiency(s) or Material Weakness(es)
exists and require immediate attention by management