Control Frameworks

Reynabelle Morente
 OVERVIEW

Control Framework 1
The COSO Frameworks: ICF and Control Environment
ERM
2 Risk Assessment
Control Activities

Information and 3 IT and Its Impact on Organizational

Success
Communication
COBIT and GTAG
Monitoring Activities
4 ISO
ITIL
CMMI
You can’t win just by
playing defense.
Control Framework
A control framework is a data structure that organizes and categorizes an
organization's internal controls, which are practices and procedures established to
create business value and minimize risk.
 The COSO Frameworks: ICF and ERM

• An internal control framework is a structured guide that organizes and

categorizes expected controls or control topics. ... When an organization uses a
control framework effectively (typically in audit risk assessments and risk
management), management designs internal control processes with the
framework as a baseline.
• Enterprise risk management in business includes the methods and processes
used by organizations to manage risks and seize opportunities related to the
achievement of their objectives. 
 The COSO Frameworks: ICF and ERM

• COSO’s goal was to improve the quality of financial reporting through a focus on
corporate governance, ethical practices, and internal control.
• The 2013 COSO IC-IF contains 17 principles representing the fundamental
concepts associated with each component. COSO states that an entity can
achieve effective internal control by applying all principles, which apply to
operations, reporting, and compliance objectives.
The COSO cube
is a diagram that shows the
relationship among all parts of an
internal control system. Aside
from showing how these parts are
connected, it also identifies a
number of principles an
organization should follow to
meet their internal control
objectives.
 17 Principles
• Control Environment
1. Commitment to integrity and ethical
values
2. BOD exercises oversight responsibility
3. Establish structure, authority, and
responsibility
4. Commitment to competence
5. Enforce accountability
• Risk Assessment
6. Set suitable objectives
7. Identify and analyzes risks
8. Assess risk of fraud
9. Identify and analyze significant
change
 17 Principles

• Control Activities • Information and Communication

10. Select and develop control activities 13. Use relevant information
11. Select and develop IT GCCs 14. Communicate internally
12. Mobilize through policies and 15. Communicate externally
procedures
 17 Principles

• Monitoring Activities

16. Conduct ongoing/separate evaluations

17. Evaluate and communicate deficiencies
Talking about and acting ethically
carries financial benefits
Control Environment
 Control Environment

This refers to the workplace environment, characterized by the way the

organization is structured, the manner of leadership, the degree of openness,
management’s operating style, having and practicing the tenets of its code of
ethics and statement of values.
It is important to remember that culture plays a key role defining the control
environment. It includes the norms, values, rules, climate, and symbols.
Organizational culture refers to the sum of perceptions that develop within an
organization
 3 KEY ELEMENTS IN ORGANIZATIONAL CULTURE

1. The general relationship between employees and their organizations

2. The vertical or hierarchical system of authority defining superiors and
subordinates
3. The general views of employees about the organization’s destiny, purpose, and
goals, and their place in it
 Following are some examples of unethical behavior
that auditors should be on the lookout for:

• Undue emphasis on bottom-line performance

• High-pressure sales tactics
• Kickbacks or bribes

Two key elements:

1. Forbids paying bribes, personal payments, or rewards to foreign government
officials
2. Requires accounting transparency and record keeping to verify that illicit
payments were not made
 Communication, Consistency, and Belief in the Message

It is very important for management to communicate clearly, consistently, and

often what is allowed and what is not. By setting clear expectations there is a better
chance that they will be followed.
 Form over Substance

This consists of the management practices whereby on the surface it appears as

though an essential activity has been performed, when in fact that is not so. This
includes signatures that suggest transaction review and approval, when in fact the
individual did not review the relevant documents as expected.
 Principles underlying the control environment are:
1. The organization should demonstrate a commitment to integrity and ethical values:
2. The board of directors demonstrates independence from management and exercises
oversight of the development and performance of internal control:
3. Management establishes, with board oversight, structures, reporting lines, and
appropriate authorities and responsibilities in the pursuit of objectives:
4. The organization demonstrates a commitment to attract, develop, and retain
competent individuals in alignment with objectives:
5. The organization holds individuals accountable for their internal control
responsibilities in the pursuit of objectives:
 Entity Level Controls

Entity level controls are used to determine if an organization’s values, systems,

policies, and processes would enable or dissuade fraud and encourage proper
conduct. They refer to the entity’s management style, as reflected in the corporate
culture, values, philosophy, and operating style, the organizational structure, and
policies and procedures in place.
 Tone in the Middle

Deciding who becomes a manager is one of the most important organizational

actions because employees judge their organization as ethical or not based on what
they think their boss does. So when it comes to ethics, deciding who become
managers is of critical importance.
Risk Assessment
The second component of the COSO framework relates to the identification,
quantification, analysis, and management of organizational risks. Risks are those
events that can jeopardize the organization’s ability to achieve its objectives.
 Risks are typically assessed along two dimensions:

1. Likelihood, or the probability that these events occur

2. Impact, or the consequence if these events occurred

Establishing objectives is a precondition to risk assessment. A risk assessment is the

process of identifying, assessing, and measuring risks to
the organization, program, or process under review.
 Management specifes objectives within three
separate but related categories:

Reporting: Reporting considerations are arranged in four broad categories:

internal/external and fnancial ancial/non-financial.
Compliance: Tese are related to adherence to laws and regulations to which the
organization is subject.
Operations: These pertain to the effectiveness and efficiency of the organization’s
operations.
 Example

An employee’s objectives have a focus on cost reduction. As such, the employee

decides to postpone equipment maintenance and this reduces costs. While this
provides a short-term success, the equipment breaks down prematurely and the
organization suffers from two outcomes: (1) the need to perform more expensive
repairs including parts replacement and (2) the loss of revenues due to unplanned
downtime.
 Business and Process Risk

This is the risk that the organization’s processes are not effectively obtaining,
managing, and disposing their assets, that the organization is not performing
effectively and efficiently in meeting customer needs, is not creating value or is
diluting value by suffering the degradation of financial, physical, and information
assets.
 Business and Process Risk

◾ Capacity risk ◾ Cycle time risk

◾ Execution risk ◾ Health and safety risk
◾ Supply chain risk ◾ Leadership risk
◾ Business interruption risk ◾ Outsourcing risk
◾ Human resources risk ◾ Competitor risk
◾ Product or service failure risk ◾ Catastrophic loss risk
◾ Product development risk ◾ Industry risk
 Business and Process Risk

◾ Planning risk ◾ Data integrity

◾ Organization structure risk ◾ Infrastructure risk
◾ Integrity and fraud risk ◾ Commerce risk
◾ Trademark erosion risk ◾ Access risk
◾ Reputation risk ◾ Availability risk
 Technological and Information Technology Risks

These risks relate to conditions where IT is not operating as intended, the integrity
and reliability of data is compromised, and significant assets are exposed to
potential loss or misuse. It also relates to the inability to maintain critical systems
and processes. It includes
◾ Data and system availability risk
◾ Data integrity risk
◾ Infrastructure risk
◾ System capacity risk
◾ Commerce risk
◾ Data integrity
◾ Access risk
 Personnel Risks
Personnel risks relate to conditions that limit the organization’s ability to obtain,
deploy, and retain sufficient numbers of suitably qualified and motivated workers.
◾ Availability risk
◾ Competence risk
◾ Judgment risk
◾ Malfeasance risk
◾ Motivation risk
 Financial Risks
Financial risks can result in poor cash flows, currency and interest rate fluctuations,
and an inability to move funds quickly and without loss of value to where they are
needed. Examples include
◾ Resources risk
◾ Commodity prices risk
◾ Foreign currency risk
◾ Liquidity risk
◾ Market
 Environmental Risks
Environmental risk relates to the actual or potential threat of negative effects on
the environment by emissions,wastes, and resource depletion. This can be caused
by an organization’s activities and it influences living organisms, land, air, and water.
Examples include
◾ Energy and other resources risk
◾ Natural disaster risk
◾ Pollution risk
◾ Transportation risk
◾ Pandemic risk
 Political
This is a type of risk faced by organizations, investors, and governments. It refers to
the effects that political decisions, events, or conditions can cause when they affect
the profitability of a business, or the ability to operate freely. It has to do with the
complications organizations may encounter as a result of political decisions.
Examples include
◾ Regulations and legislation risk
◾ Public policy risk
◾ Instability risk
 Social Risk
Social risk relates to dynamics where an issue affects stakeholders who can form
negative perceptions that can cause some form of damage to the organization.
Social risk can be influenced by strategic and operational decisions management
makes that affect issues stakeholders care about.
◾ Demographics risk
◾ Privacy risk
◾ CSR
◾ Mobility
 “In planning the engagement, internal auditors must
consider:

◾ The objectives of the activity being reviewed and the means by which the activity
controls its performance.
◾ The significant risks to the activity, its objectives, resources, and operations and
the means by which the potential impact of risk is kept to an acceptable level”
(Standard 2201).
 Specific
By being specific, goals become clearer and they avoid the ambiguity that can often impair
goalsetting. Managers and employees know what they are expected to do and can focus
their energy, resources, and priorities accordingly to accomplish them.

◾ What has to be to be accomplished?

◾ Who is involved in getting this done?

◾ What is its importance to me and the organization?

◾ Where must this happen, if applicable?

◾ Which requirements or restrictions apply, if any?

 Measurable

When goals are measurable it is easier to link their completion to the performance
monitoring and rewards mechanism.
◾ What must be done to demonstrate progress?
◾ What is the quantitative and qualitative evidence that will show we achieved the
goal?
 Achievable
Impossible goals do not motivate workers; they demotivate them. When the
workers’ viewpoint is that goals are unrealistic and unachievable, they feel
impotent because the goal cannot be reached. Unachievable goals may also lead
employees to fabricate financial and operational results in their attempts to appear
to achieve their goals.
◾ Does the goal carry specific parameters so it is tangible?
◾ Are there adequate resources available to work on the necessary task?
◾ Is there a strategy and/or plan to get this goal accomplished?
◾ Is there enough motivation propelling this endeavor?
 Relevant

Goals should also be aligned with the mission and strategy of the organization, the
process, and the individual.
◾ How does this activity help to meet the needs of the customer?
◾ Is this activity essential?
◾ Is this the best way to perform this activity in terms of time, effort, and related
tools (e.g., forms and data input)?
◾ What is the significance of this goal to my career and those of my team?
 Time-Bound

“A goal without a deadline is nothing but a dream” is an expression often heard. It

is quite simple, yet it is the root cause why many items on people’s to-do lists never
get completed.
◾ Are there milestone dates that must be met in the interim to show we reached a
significant change or stage of development in our work?
◾ When must the goal be achieved and what evidence is needed to prove it was
done?
◾ What is the most efficient way of achieving the goal so we can accomplish it as
quickly asssible?
 Evaluated

Goals must be evaluated to determine if they meet the SMARTER elements, but
also to determine if they meet ethical and ecological considerations.
◾ Are the metrics associated with this goal evaluated? How frequently?
◾ Does the goal infringe on my values, the organization’s, and society’s?
◾ Will there be negative environmental impacts while pursuing this goal?
◾ Who has to evaluate the appropriateness, timeliness, and other attributes of the
goal?
 Rewarding

The rewards received should be commensurate with the effort exerted and the
outcome achieved. If the amount of effort is greater than the reward, chances are
that workers will eventually lower the amount of sacrifice made.
What are the benefits to my customers for achieving this goal?
What are the benefits to the organization for achieving this goal?
What emotional, financial, and professional benefit will I enjoy?
 Effects of Risk
• Loss of assets

• Negative publicity

• Erroneous decisions

• Customer dissatisfaction

• Fraudulent financial or operational reporting

• Erroneous record keeping and accounting

• Noncompliance with rules and regulations

• Purchase of resources uneconomically

• Failure to accomplish established goals

 In general, when discussing risks with operations
management, the following are some useful
questions:
◾ What would constitute failure and how do you look out for its indicators?
◾ Are there any liquid assets (e.g., cash) that are susceptible to loss?
◾ What assets need to be protected, including personally identifiable
information (PII)?
◾ What must go right for this operation to succeed?
◾ How do we know whether the process is achieving its objectives?
 In general, when discussing risks with operations
management, the following are some useful
questions:

◾ Where are the people, processes, systems, or assets vulnerable?

◾ On what information do you rely the most?

◾ What items constitute the largest expenditures?

◾ What activities are the most complex?

◾ What activities are regulated and where is the greatest legal exposure?

◾ What decisions require the most judgment?

Assessing risk on a formal and informal basis is essential for organizational success, and
internal auditors can help to raise awareness merely by highlighting some exposures
Control Activities
Done once, done
right
 Control Activities

Controls are actions established through policies and procedures that mitigate the
likelihood and/or impact of risks. Controls are performed at all levels of the
organization, at various stages within processes and over the technological
infrastructure of the organization.
Controls can be manual, which means they are performed by individuals and often
using “hard, tangible” items, such as paper and locks. Whereas automated controls
are performed by computer and electronic systems often without direct or
exclusive human interaction.
Some controls are a combination of manual and automated, requiring both a
system component and human follow-through.
 Control activities can be categorized as:
Preventive: Preventive controls are those activities that act before the error or
omission can occur and reduce the likelihood and/or impact of the event.
Detective: Detective controls identify errors or anomalies after they have occurred
and alert the need for corrective action.
Directive: Directive controls are temporary controls that are implemented to
redirect employee actions.
Compensating: Compensating or mitigating controls are those that are put in place
when a control is not where it is expected as proper design would stipulate
Internal auditors are generally tasked with verifying that processes, programs, and
their related controls have been designed appropriately, and that those controls
are operating as intended. When confronted with nonperforming controls, the
natural question to ask is “why?” Reasons vary, but the following are some of the
most common answers to that question:
◾ Inadequate knowledge: Organizational effectiveness is the result of realistic
goals, sound process design, sufficient resource allocation, and effective planning
and execution.
◾ Sabotage: Disgruntled employees can act in ways that are very negative to their
organizations.
◾ Emotional and physical reasons: Apathy, depression, inability to pay attention to
detail, or fatigue can hamper an individual’s ability to perform the duties assigned
to him.
The Result of Excessive Risks and Controls
Excessive Risks Excessive Controls
Excessive Controls Bureaucracy
Loss of assets Reduced productivity
Loss of grants Increased complexity
Poor business decisions Increased cycle time
Noncompliance Increase in no-value activities
Increased regulations
Public scandals
Inability to achieve objectives
Information and Communication
 Information and Communication

The fourth component in the COSO IC/IF model refers to the flow of information in
an organization. Ideally, there are clear, consistent, timely, and purposeful
directions emanating from the top of the organization providing direction and
establishing the criteria to measure performance results.
Communication is one of the most important activities in organizations. At the most
basic level, relationships grow out of communication, and the effective functioning
and even survival of organizations is based on having effective relationships.
 Bruce Berger states that internal communication occurs
on multiple levels.

1. Interpersonal or face-to-face (F-T-F) communication occurs between individuals.

2. Group-level communications occur within and among teams, units, and interest
groups.
3. Organizational-level communications focus on company vision and mission,
policies, new initiatives such as strategic plans, and organizational knowledge and
performance.
 Three broad types of risks that outsourcing creates:

Operational risks: Often manifested as slippages of time, cost, and quality, usually
due to breakdowns in the transfer of work processes or repetitive processes likely
to succumb to human error.
Strategic risks: Generally caused by deliberate and opportunistic behavior by
service providers or their employees.
Composite risks: This occurs when the client loses its ability to implement the
process for itself because it has outsourced the process for a long time.
 Three types of SOC reports:
SOC 1—Report on Controls at a Service Organization Relevant to User Entities’
Internal Control over Financial Reporting (ICFR): These reports are intended to
meet the needs of the managements of user entities and the user entities’
auditors.
SOC 2—Report on Controls at a Service Organization Relevant to Security,
Availability, Processing Integrity, Confdentiality, or Privacy: Tese reports are
intended to meet the needs of a broad range of users that need to understand
internal control at a service organization as it relates to security, availability,
processing integrity, confdentiality, and privacy.
 Three types of SOC reports:
For SOC 1 and 2 reports, there are two types of report for each: Type 1 is a
report on management’s description of a service organization’s system and the
suitability of the design of controls. Type 2 is a report on management’s
description of a service organization’s system and the suitability of the design
and operating efectiveness of controls.
SOC 3—Trust Services Report for Service Organizations: SOC 3 reports are
designed to meet the needs of users who want assurance on the controls at a
service organization related to security, availability, processing integrity,
confdentiality, or privacy but do not have the need for or the knowledge
necessary to make efective use of a SOC 2 report.
Monitoring Activities
 Monitoring Activities

Monitoring activities consist of ongoing, separate or a combination of evaluations

used to determine whether each of the five components of internal control is
present and functioning. Ongoing evaluations are built into business processes at
different levels of the organization and provide timely information on how well or
poorly these activities are performing.
 Monitoring Activities
Control environment: The control environment is concerned with ethics in the
organization, but what is the state of ethics in the organization? How can we find out
and how can we monitor it? One approach is to conduct employee surveys. These are
great tools to collect information and begin to assess the condition of ethics in the
workplace. This entails, among other things, asking employees. Themes of interest are
◾ Their opinions and impressions about the tone at the top
◾ Management’s efforts to promote ethics
◾ Asking whether there is employee agreement that ethics are important and are
rewarded, while unethical behavior is punished promptly, fairly, consistently, and
universally?
 Monitoring Activities
Risk assessment: The risk landscape is constantly changing, and as such, a risk
assessment performed at one point in time may be inaccurate a few months, weeks, or
even days later. This can be the case with inventory shrinkage. While cyclical counts are
designed to compare the amount of inventory on accounting records to warehoused
amounts, variances require monitoring as well. It is certainly possible that warehouse
personnel are performing cycle counts, but the management team is not monitoring
the size and frequency of deviations. By monitoring variances and inventory write offs,
management can intervene promptly when the pattern begins to emerge and the
theft, damage misplacement, or short-shipment of merchandise begins to become
evident.
 Monitoring Activities

Information and communication: Information flows are essential to keep

employees and managers aware of business dynamics. If employees are filing
complaints with the Human Resources department that a supervisor is
unresponsive, displays favoritism toward selected individuals, and is abusive in the
treatment of staff, management would be well served to research the matter right
away.
IT and Its Impact on
Organizational Success
 IT and Its Impact on Organizational Success

IT increasingly plays a pivotal role in organizational success. Organizations should

think of, or transform it if it isn’t yet, to be a business service partner, instead of just
a back-end support unit. It is important to align IT actions and expenses to business
needs and revise them as the business grows or changes direction.
 COBIT and GTAG

-refers directly to IT General Computer Controls (GCCs) in Principle 11. Tis principle
states that the organization selects and develops general control activities over
technology to support the achievement of objectives.
 Critical managerial and accounting/financial activities
such as:

Establishing IT direction: Today it is imperative that organizations establish and

communicate their strategic direction, get all levels of management involved, and
get employee buy-in so they support those initiatives.
Project management: Since many activities within IT involve system development,
and the acquisition and implementation of software and hardware solutions,
project management has gained a great deal of attention.
 Critical managerial and accounting/financial activities
such as:

Purchases: While project management often refers to the conversion of ideas into
deliverables over a period of time, these activities often require the purchase of
hardware, software, and the payment for technical know how.
Training end users: Since IT projects often have a hefty price tag, take a substantial
amount of time to develop and implement, and their scope is often critical to the
long-term success of the organization, it is essential for the organization to make
sure that end users are trained thoroughly, promptly, and cost-effectively.
 ISO (International Organization for Standardization)

ISO is an independent, nongovernmental organization. Through its 162 national

standards groups, it brings together experts to share knowledge and develop
voluntary standards that support innovation and provide solutions to global and
business challenges.
Popular standards include:

ISO 9000 Quality management

ISO 14000 Environmental management

ISO 3166 Country codes

ISO 26000 Social responsibility

ISO 50001 Energy management

ISO 31000 Risk management

ISO 22000 Food safety management

ISO 27001 Information security management

ISO 45001 Occupational health and safety

ISO 37001 Anti-bribery management systems

 ISO (International Organization for Standardization)
ISO 9000—Quality Management and related standards address various aspects of
quality management and provides guidance and tools for organizations that want to
ensure that their products and services consistently meet customer’s requirements,
and that quality is improved continuously. It consists of the following:
◾ ISO 9001:2015—Requirements of a quality management system
◾ ISO 9000:2015—Basic concepts and language
◾ ISO 9004:2009—Guidance on how to make a quality management system more
efficient and effective
◾ ISO 19011:2011—Guidance on internal and external audits of quality management
systems
 ISO (International Organization for Standardization)

If we turn our attention to risk management, we see a similar pattern. In general, risks
affect organizations in many ways and can cause damage in terms of business
performance, reputation, environmental impact, and stakeholder safety, among
others. As a result, it is imperative to identify, assess, and manage risks effectively.
ISO 31000 is comprised of:
ISO 31000:2009—Principles and guidelines
ISO 31000:2009—Risk assessment technique
ISO 17799 provides guidelines and general principles for identifying, initiating,
deploying, and maintaining an organization’s information security infrastructure.
 ITIL (Information Technology Infrastructure Library) 

ITIL defines the organizational structure and skill requirements of an IT organization

and standard management procedures and practices to manage an IT operation.
 The five ITIL 2011 volumes

1. ITIL service strategy: Understanding organizational objectives and customer

needs
2. ITIL service design: Turning the service strategy into a plan for delivering the
business objectives
3. ITIL service transition: Developing and improving capabilities for introducing new
services into supported environments
4. ITIL service operation: Managing services in supported environments
5. ITIL continual service improvement: Enhancing service delivery and making large-
scale improvements
 Major goals and characteristics

◾ Provides a process-driven approach

◾ Improves resource utilization
◾ Helps organizations become more competitive
◾ Decreases rework
◾ Eliminates redundant work
◾ Helps to improve project deliverable quality and turnaround time
 Major goals and characteristics

◾ Improves availability, reliability, and security of mission critical IT services

◾ Justifies the cost of service quality
◾ Provides services that meet business, customer, and user demands
◾ Integrates central processes
◾ Documents and communicates roles and responsibilities while providing services
◾ Provides performance indicators
 CMMI(Capability Maturity Model Integration)

The CMMI is a process improvement appraisal program administered and marketed

by Carnegie Mellon University. It is widely used in project management, software
development, process assessment, and performance improvement within a
project, division, or an entire organization.
 Five characteristic maturity levels

Level 1—Initial: Unpredictable, undocumented, and poorly controlled, typically ad

hoc, in a state of constant change with the reactive handling of activities and events
Level 2—Repeatable: The process is understood sufficiently so that repeating the
same steps may be attempted by workers. Activities are consistent and there may
be consistent results
Level 3—Defined: Process is sufficiently defined and confirmed through
documentation so that it is the standard business process
 Five characteristic maturity levels

Level 4—Managed: Processes are measured and controlled quantitatively based on

agreedupon metrics. Management is typically able to control the process by
adjusting and adapting the process based on the established metrics.
Level 5—Optimized: The focus is on process improvement and the pursuit of best
practices. The process is in a state of continuous performance improvement
involving incremental and innovative process and technological changes
 ……

THANK YOU
Enter title

1 2 3

Enter title Enter title Enter title

Enter your text here, Enter your text here, Enter your text here,
or paste your text or paste your text or paste your text
here. here. here.
 Enter title

Enter title Enter title Enter title Enter title

Enter your text Enter your text Enter your text Enter your text
here, or paste your here, or paste your here, or paste your here, or paste your
text here. text here. text here. text here.
 Enter title

Enter your text here, or paste

your text here.

Title

Title Enter your text here, or paste

Enter your text here, or paste Title your text here.
your text here.
 Enter title

25% 25% 25% 25%

Enter title Enter title Enter title Enter title

Enter your text here, or Enter your text here, or Enter your text here, or Enter your text here, or
paste your text here. paste your text here. paste your text here. paste your text here.
Enter title

80% 70%
60%

Enter title Enter title Enter title

Enter your text here, Enter your text here, Enter your text here,
or paste your text or paste your text or paste your text
here. here. here.
 CONTENTS

Enter title
Control Frameworks

Enter title Enter title

 Enter title

100

750

500

250

202X 202X 202X 202X 202X 202X 202X 202X 202X

Enter title

month 4-6 month 10-12

Enter your text here, Enter your text here,
or paste your text or paste your text
here. here.

Enter your text here, Enter your text here,

or paste your text or paste your text
here. here.

month 1-3 month 7-9

 Enter title

Enter title Enter title Enter title Enter title

Enter your text here, Enter your text here, Enter your text here, Enter your text here,
or paste your text or paste your text or paste your text or paste your text
here. here. here. here.
 Enter title

Enter title Enter title

Enter your text here, or paste Enter your text here, or paste
your text here. your text here.

Enter title
Enter your text here, or paste your
text here.
 LOREM IPSUM DOLOR

Enter your text here, or paste

your text here.

Enter title
Enter your text here,
or paste your text
here. Enter title

Enter your text here, or paste

your text here.
Enter title