I.

ENVIRONMENTAL RISK CONTROL ACITIVITIES

A. Contamination of Waters
Control Activities:
1. Maintaining water quality of swimming pools
a. Improve pool filtration systems
- This is a preventive control activity that can either be done manually or
automatically. If manual, workers must always check the pools and filter out floating
dirt. The use of machine is an automatic way of filtering dirt and other unwanted
things in the pool.
b. Strict monitory of pH and chlorine levels daily and in case of hot weather pH and
chlorine level must be monitored twice daily.
- This is both a preventive and a detective control activity. The Plantation Bay already
implement a control activity which is similar to this but based on the reviews from
the guests, the quality of the water of the pool is not properly maintained. The
control activity by Plantation Bay must be changed and improved.
2. Public Education and Information
a. Putting signage on proper places
- This is a preventive control activity. Information can be conveyed by means of
prominently and appropriately located signs. These should provide concise
information and a single message. Signs can be used to inform people of hazards
and safe behaviors and also reinforce previous educational messages. Warning
signs, in particular, should be simple to understand and display a clear message. This
control activity will prevent people from doing things that will contaminate the
pools.
B. Sewage disposal can cause pollution an
C. d health implications.

Control Activities:

1. Monitoring and checking the disposal system.

- This is both a preventive and a detective control activity. By monitoring and
checking the disposal system of the resort it will prevent future malfunctions. Also,
 by monitoring and checking the system, the resort will be able to detect if there are
parts that needs to be changed or upgraded.
2. Wastewater treatment facility
- Sewage treatment can prevent pollution and any other health implications. Through
a wastewater treatment facility, the resort can reduce the risk of contaminating
their lagoons, pools and any other water facilities and will ensure their guests of
their safety from any disease or health implications.
D. Water Resources
Control Activities:
1. Installing toilet tank fill diverters.
- This is a preventive control activity done automatically because a machine is used in
order to save water. Installing this machine in older toilets can save about 3/4 of a
gallon of water per flush.
2. Making water stations.
- This is also a preventive control activity. With a water station, the resort can control
the usage of water of the employees and guests. Also, it can discourage the use of
bottled water.
3. Maintaining the water quality of pool.
- Plantation bay has 3 huge pools. Maintaining the quality of the water will prevent
extensive use of water sources.

Other Control activities that can reduce Environment Risk in Plantation Bay Resort and Hotel.

1. Encourage guests to be green by putting cards in each room asking guests to turn out the lights
when they leave, or reuse towels if possible. Make recycling bins readily available to guests and
make sure that they are aware of the green programs of the resort. This control activity can
prevent the risk of contributing to pollution.
2. Reduce waste generation by making an effort to only purchase environmentally-friendly
products, and purchasing locally can also reduce the impact on the environment and benefit the
community. This is also a preventive action to protect the environment.

II. INFRASTRUCTURE RISK CONTROL ACTIVITIES

A. Management Infrastructure
Control Activities

1. Create statement of motivation that ties objectives to a corporate, holistic, and performance-
based approach to achieving the missions

- To create uniformity in the rules of administration and management of the hotels and resort. To
raise the standard of the hospitality service by interchange of personnel, assistance in staffing of
hotels.

2. Use a software database tool to track the condition of facilities as well as the costs of repair and
replacement

- It is an effective way to prevent and detect certain problems within the resort. To create an
inventory of the supplies, number of machines, equipment, etc.

B. Physical Infrastructure

1. Provide transportation services at a lower rate.

- This will attract more customers and retaining workers, enhancing customer access to services,
expanding service hours, and also helping public transit. It will surely result to a greater income for
the resort.

2. Maintaining the strong foundation of the building

- Checking some possible damages of the structure and apply an effective remedy to for the
safety of the guests and workers. This includes the inspection of the drainage, structure of the
building, electrical wirings, condition of the machines and equipment, the water pipes and other
possible damages that may cause harm to people.

3. Providing Emergency Equipment

- This is for prevention purposes. Install fire sprinkler system; it is an active fire protection
consisting of water supply, fire extinguishers, life jackets since it is a resort.

III. HUMAN ERROR RISK CONTROL ACTIVITIES

 A. Resort staff lack knowledge and skill
1. Providing quality training and seminars to workers

-This can be a detective activity wherein the supervisor has foreseen that workers

lack the necessary knowledge and skills needed in order for them to perform their jobs. And with that, a
quality training and seminar is to be held so that workers will be equipped with the skills needed in
order to realize the resort’s goals.

B. Resort staff makes mistake in their works

1. Poka yoke

-Poka yoke is a Japanese concept which means “mistake-proofing”. With this mechanism, workers avoid
(yokeru) mistakes (poka). Its purpose is to eliminate product defects by preventing, correcting, or
drawing attention to human errors as they occur.

IV. TECHNOLOGY RISK CONTROL ACTIVITIES

A. Information Systems Controls: General Controls

To ensure secure operations of information systems and thus safeguard assets and the data stored
in these systems, and to ensure that applications achieve their objectives in an efficient manner, an
organization needs to institute a set of policies, procedures, and technological measures, collectively
called controls.

B. Administrative Controls

To ensure that the entire control framework is instituted, continually supported by management,
and enforced with proper procedures, including audits.

Administration controls include:

1. Published controls policy

2. Formal procedures

3. Screening of personnel

4. Continuing supervision of personnel

5. Separation of duties

C. Systems Development and Maintenance Controls

Internal IS auditors should be involved through the entire systems development process. They
should:

1. Participate in major milestones and sign off on the appropriate deliverables. They need to ensure
that the system is secure, and also auditable.

2. Participants in the postimplementation review that follows the system being placed in operation.

3. Must check that the appropriate system documentation is developed and maintained

4. During systems maintenance, ensure that only authorized changes are made to the system and
that the appropriate version of the system goes into operation

D. Hardware Controls

A computer's central processor contains circuitry for detection and, in some cases, correction of
certain processing errors. Some of these include:

1. Parity check in which each byte of data in storage contains an additional bit, called a parity bit,
which helps detect an erroneous change in the value of a single bit during processing.

2. Processor hardware usually has at least two states:

a. Privileged state - in which any operation can be performed. A user cannot enter privileged state,
as it is reserved for system software.

b. User state - in which only some operations can be done.

3. Fault-tolerant computer systems - these systems continue to operate after some of their
processing components fail. Fault-tolerant computer systems are built with redundant components;
they generally include several processors in a multiprocessing configuration. If one of the processors
fail, the other (others) can provide degraded, yet effective, service.

E. Identification, Authentication, and Firewalls: Controlling Access to Corporate Computer Systems

1. A user first identified themselves to the system, typically with a name or an account number
 2. The system then looks up the authentication information stored for the identified user and does a
double-check

3. The system requests the user to provide a password or another means by which they can be
authenticated.

A variety of security features are implemented to increase the effectiveness of passwords. The
features include:

1. Regular and frequent password changes

2. Use of a combination of letters and digits

3. Prevention of the use of a common word, easily associated with the user

Biometric security features are also implemented. These systems rely on using the personal
characteristics. Features include:

1. Voice verification

2. Fingerprints

V. REPUTATIONAL RISK CONROL ACTIVITIES

A. Unethical and/or incompetent management and personnel

Control Activities:

1. Form and incorporate core values and code of ethics

Having a clear set of values and rules helps prevent unwanted behavior from personnel that would
result to faulty customer service. When the management and personnel operate with a guide, they
would have a better idea of the right things to do and what is expected from them.

2. Create sanctions for possible wrong actions

Plantation Bay should make sure that there are policies and procedures that will be followed whenever
a wrong act is reported so that proper action and penalties can be undergone to control the damage and
further improve employee performance
B. Data breach

Control Activities:

1. Secure cyber protection policies and procedures

this preventive control activity can be executed through implementation of passwords, installation of
security softwares, and authorizing only a few number of people who can have access. with having a
safeguard that only a few people can access data, there is lesser risk that private information will be
mishandled. Should Plantation Bay suffer any breaches of data, at least investigation can be made
easier.

2.Educate employees on cyber safety practices

This preventive and detective control activity helps Plantation Bay employees identify and detect
whenever they would encounter an attempt that breaches data such as phishing emails. being
knowledgeable about cybercrimes help prevent employees being scammed.

C. Negative Customer Feedback

Control Activities:

1. Entask employees to professionally deal with complaints

This control activity helps plantation bay clarify the situation and rectify issues immediately. this makes
the complaining customer feel heard and entertained, and also this makes potential customers hear
both sides of the story.

2. Hire qualifying employees and provide proper training

this control helps build a community of personnel who are ready and are capable of dealing win
transactions and problems. having the right set of talented and empathetic employees creates a better
service and ensures that when problems arise, the employees can handle them professionally

D. Unhappy workforce

1Make sure that the employees enjoy their benefits and rights

2. Create communication systems that cater to employee's concerns and complaints

 University of San Carlos- Downtown Campus
P. Del Rosario St. Cebu City

A.Y 2018- 2019, Second Semester

A REQUIREMENT FOR AC 1204 (GOVERNANCE, RISK MANAGEMENT, AND

INTERNAL CONTROL)

“CONTROL ACTIVITIES PROJECT”

Submitted by:
Alfafara, Patricia Althea M.
Allequir, Kristine Mae A.
Dumaboc, Von Neltricia O.
Macasusi, Alea Mae P.
Migallos, Kirwill Mitchell
Tero, Jeda Marie E.
(Group 4- T, TH 10:30-12:00)

Submitted to:
Mrs. Marilyn Cortes