VIRGIN ERUDITE CO. RISK ASSESSMENT ANALYSIS A. Audit Approach Our audit strategy starts at the same point as First Gen Corporation–with its strategies and objectives. Through discussions with management, we understand their objectives and risks. We then focus our approach on those risks that may materially impact financial statements. Our “top-down”management discussions not only identify the business objectives and risks, but also key controls in place to manage those risks. We test those management controls. We then determine how we will substantively test significant account balances and classes of transactions. VIRGIN ERUDITE C o. |CREATIVITY.PASSION.ASSURANCE 1 B. Audit Plan Risk Analysis Our audit approach is risk based. Assessment and identification of risk is performed throughout the audit process in coordination with senior financial management. We focus on risks that have a potential impact on financial reporting and the financial accounting systems and controls that mitigate those risks. Risk Area that could materially affect the Financial Statements Management Controls Audit Approach Cash and Cash Equivalents- most liquid of all assets of client accounts for about 13.53% of conso assets -The risk of overstatement -misappropriation thru fraud -incorrect balances There are specific authorizations required for cash transactions. As a key control, cash counts are required to take place, and to be reconciled against cash book records, at least once a week and when responsibility for the cash is transferred between staff members. Cash counts are to be countersigned by a nonfinance manager To audit “Cash and Cash equivalents”, you will need to get a clear idea about the bank accounts, types of bank accounts, number of bank accounts, purpose of each bank account, banking facilities arrangements and agreements, overdraft facilities, bank guarantees, Authorized signatories, Authorization matrix, bank payment process, bank receipt process, petty cash payment process and petty cash top up process., daily petty cash holding limit as well as performed cash analytical procedures. Receivables •Are not properly categorized. •Do not exist. •Are not properly valued or collectible. Receivables are subject to review at year end for collectibility. Overdue accounts are We review a sample of accounts receivable for collectibility issues. We review the reconciliation VIRGIN ERUDITE C o. |CREATIVITY.PASSION.ASSURANCE 2 investigated. Capital Assets( Inventories and PPE)- There are specific constituting 49% of conso assets authorizations required for capital Are not properly initially recorded at projects. Accounts are cost. subject to monthly •Do not exist. reconciliations. •Are not appropriately depreciated. Capitalization thresholds, depreciable life guidelines are in place. Periodic inventories are performed of moveable equipment. Risk Area that could materially affect the Financial Statements Management Controls to detail and perform analytical reviews. We obtain an understanding of the policies and procedures over capital assets. We vouch a sample of capital asset additions and review year end reconciliations. We recompute depreciation on a test basis and perform analytical procedures over depreciation expense. We review results of physical inventories and reconciliation of the subsystem to the general ledger. Audit Approach VIRGIN ERUDITE C o. |CREATIVITY.PASSION.ASSURANCE 3 Accounts Payable and Accrued Expenses •Are not complete or accurate. Other Assets and Liabilities •Are not appropriately stated. •Are not reconciled or properly Accounts are reconciled on a monthly or quarterly basis. A year end cutoff is performed to ensure that significant payables are captured. We perform analytical procedures on balances and review year end reconciliations for all accounts over a given threshold, as well as a sample below the threshold. We perform a search for unrecorded liabilities. Reconciliations are subject to monthly monitoring and review. Large fluctuations are investigated. We perform analytical procedures on balances and review reconciliations for all accounts over a set threshold,as well as a sample of those below the threshold. deferred. Risk Area that could materially affect the Financial Statements Management Controls Audit Approach Revenues and Expenses Accounts are reviewed monthly for unusual trends. Budget to actual is monitored. We vouch selected revenues and expenses in connection with other audit areas. We perform analytics of changes in accounts and consider the work completed by internal audit. •Are not appropriately categorized. •Are not complete. VIRGIN ERUDITE C o. |CREATIVITY.PASSION.ASSURANCE 4 Shareholders’ Equity •Are not in the appropriate category. •Are not supported by appropriate detail. Fraud •Misappropriations. •Fraudulent billings to contracts. •Reporting of performance. Management produces a year end detail of net assets by category and ensures that this detail reconciles to the financial statements. We perform analytical procedures on balances and review year end reconciliations. We review a sample of balances to ensure proper categorization. Policies, procedures and controls to ensure segregation of duties, compliance with national and local regulations, and oversight of managers. We consider incentives and pressures, have and will continue to expand our interviews, and consider the possibility of fraud in every audit. We also review internal audit reports and are alert for matters that are indicators of fraud. C. Perspectives on Fraud Risk VIRGIN ERUDITE C o. |CREATIVITY.PASSION.ASSURANCE 5 D. E. F. D. Fraud Risk Analysis Factors Degree Considerations VIRGIN ERUDITE C o. |CREATIVITY.PASSION.ASSURANCE 6 Incentive/Pressure External Moderate to High ● No imposed pressure from investors to meet expectations or maintain financial results ● No expectation to exceed competitors’ performance ● Compliance to liquidity and financing requirements ● Compliance to Power Utilities sector regulations and standards ● Compliance to ISO certifications Internal ● Stringent monitoring of Parent Company through monthly submission of reports ● Procedures are in place to prevent fraud from being perpetuated such as whistleblower program, Employee Manual Code of Conduct ● Performance bonus is based on individual employee performance and 13th month pay is tied up to results of operation (EBITDA) Opportunity Low In relation to material misstatement ● There are significant accounting estimates applied by the company, being part of the Power Utilities sector( specialized industry) ● Stringent process on financial and management reporting as evidenced by significant involvement of the General Manager in financial and management reporting ● Significant transactions are accompanied by contracts or supported by board resolutions. In relation to misappropriation of assets ● CCTVs and other monitoring contraptions are employed and installed at power production sites and office areas. ● Inventory items (spare parts and preforms) are less likely to be misappropriated due to their VIRGIN ERUDITE C o. |CREATIVITY.PASSION.ASSURANCE 7 specialized nature Rationalization or Attitude Low ● Client is open to recommendations on improvements of existing controls that will mitigate exposure to risk of fraud or error. ● Existence, communication and consistent update on Employee Manual for Code of Conduct ● There were no indicators noted that management has the tendency to perpetrate fraud. ● Management is always in a strong position to be compliant to relevant reporting standards and government regulations. In our discussions with management there were no instances when management expressed interest to minimize taxes paid to the relevant government agencies and instrumentalities Special Considerations for Fraud Risk Analysis of a firm from the Energy Industry: In the energy industry, fraud can take place in a number of activities such as energy trading procurement, project management, commercial management, etc., though some of the fraud in this industry is related to energy theft - the non- billing of energy that has been used (more than 80% of fraud events are related to misappropriation). Here, it is worth mentioning that one of the main problems affecting efficiency and security in energy companies is the loss associated with the process of energy distribution and supply to consumers. This loss can be split into two categories: a. Technical loss. Relates to the loss naturally occurring on the network due to phenomena such as power dissipation on transmission lines, etc. b. Non-technical loss. Associated with energy fraud and caused by actions external to the energy supply system. It consists mainly of energy theft, non-payment on the part of customers and loss due to errors in the invoicing process. Identifying and differentiating the percentage of energy lost in distribution from non-technical causes is a challenge that companies in the industry need to face and resolve. There are three categories: VIRGIN ERUDITE C o. |CREATIVITY.PASSION.ASSURANCE 8 a. Actions that affect the distribution company’s network.Of particular note are the direct connections into the distribution network without the customer having entered into a contract for the supply of electricity and the channeling of electrical power towards other facilities not included in the contract. b. Actions that affect measuring and control devices such as the tampering of meters with the aim of reporting consumption levels below actual usage. c. Dishonest action by company employees in commercial processes. It can take place, for instance, if there is no proper segregation of duties and the same person records or modifies transactions and authorizes the associated payments or invoicing. These three types of fraud can constitute a breach or offense,sometimes punished by sanctions, whose amount depends on the volume of energy defrauded. As a general rule, energy distribution companies should detect and report to the authorities any network and equipment irregularities. G. Related Parties ● Current standards and practices require emphasis on auditing related party transactions and communicating with the Committee on Audit in this regard. The following are the significant transactions with related parties: a. Due to a related party represents noninterest-bearing U.S. dollar and Philippine pesodenominated emergency loans to meet working capital and investment requirements of certain entities in the Lopez Group. b. First Gen Group leases its office premises where its principal offices are located from Rockwell-Meralco BPO Venture, a joint venture of Rockwell Land Corporation (Rockwell), a subsidiary of FPH. c. Following the usual bidding process, EDC awarded to First Balfour, Inc. (First Balfour) procurement contracts for various works such as civil, structural and mechanical/ piping works in EDC’s geothermal, solar and wind power plants. EDC also engaged the services of Thermaprime Drilling Corporation (Thermaprime), a subsidiary of First Balfour, for the drilling services such as, but not limited to, rig operations, rig maintenance, well design and engineering. First Balfour is a wholly owned subsidiary of FPH. d. Parent Company During the February 27, 2014 meeting, the BOD of the Parent Company approved the confirmation, ratification and approval of the authority of the Parent Company, pursuant to Clause VIRGIN ERUDITE C o. |CREATIVITY.PASSION.ASSURANCE 9 (i) of the Second Article of the Parent Company’s Amended Articles of Incorporation, to act as a guarantor or co-obligor or assume any obligation of any person, corporation or entity in which the Corporation may have an interest, directly or indirectly, including but not limited to FNPC e. On January 22, 2020 and July 3, 2020, EDC entered into a surety agreement with GCGI and BGI, respectively, and the lenders whereby EDC, as a surety, guarantees the funding of the DSRA in accordance with the loan agreement for the benefit of GCGI and BGI, in lieu of the cash deposit standing in DSRA. VIRGIN ERUDITE C o. |CREATIVITY.PASSION.ASSURANCE 10