CLC – Tyronco COSO Case Study Template

  JUST NEED HELP WITH Part 2: Purchasing Department and Part 3: Audit Steps

CLC – Tyronco COSO Case Study Template

The case study used this assignment is being used with permission from Internal Auditing Foundation (IIA).

Directions: After reviewing “The Tyronco Foundation COSO” case study, use this template to complete the Topic 1 assignment.

Requirements

The audit programs that you will develop should have two sections to facilitate a top-down audit approach:

1. Organization

COSO Evaluation

2. Purchasing

COSO Evaluation

This approach is suggested because the organization’s evaluation of risk, controls, and corporate governance are the foundation for the audit of the purchasing function.

Part 1: Develop a COSO-Based Audit Program 

Based on the background information provided in the case study document, develop a COSO-based audit program. The audit program should address the following COSO objectives as applicable:

1. Operational:

Effectiveness and efficiency of operations.

2. Financial:

Reliability of information.

3. Compliance:

Compliance with applicable laws and regulations.

The organization audit program should be classified to align with the five COSO components:

1. Control Environment

2. Risk Assessment

3. Control Activities

4. Monitoring

5. Information and Communication

To provide a consistent framework for comparing solutions, use the following component subsections:

1. Control Environment 

Integrity and ethical values

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Commitment to competence

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Board and audit committee

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Management philosophy and operating style

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Organization structure

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Assignment of authority and responsibility

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Human resource policies and practices

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

2. Risk Assessment 

Companywide objectives

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Process-level objectives

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Risk identification

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Managing change

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

3. Control Activities 

Policies and procedures

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Segregation of duties

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Periodic reconciliation

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Proper authorization

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Transactions recorded

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Safeguarding assets

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

4. Information and Communication 

Quality of information

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Effectiveness of communication

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

5. Monitoring 

Ongoing monitoring

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Evaluation process

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Reporting control and process deficiencies

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

 

Change management process

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

 

 

Part 2: Purchasing Department 

Identify the five major risks in the purchasing department. List the controls you would expect to find to mitigate the risks and the audit steps that would be utilized to ascertain that the control mitigates the risk.

 

Purchasing

 

Risk

At   Risk

Control

COSO Classification

Audit Step

 

1.

 

2.

 

3.

 

4.

 

5.

 

Part 3: Audit Steps

List one or two audit steps that you would perform in each of the six listed sections:

Procurement Audit

General

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Requisitioning

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Purchasing

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Receiving

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Invoice Processing

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

Accounts Payable, Encumbrances, or Obligations

A. ________________________________________________________________________

________________________________________________________________________

B. ________________________________________________________________________

________________________________________________________________________

 

Part 4: Risks Related to Tyronco

List five major risks specifically related to Tyronco. What would be your five major areas of concern as an internal auditor?

1. ________________________________________________________________________

________________________________________________________________________

2. ________________________________________________________________________

________________________________________________________________________

3. ________________________________________________________________________

________________________________________________________________________

4. ________________________________________________________________________

________________________________________________________________________

5. ________________________________________________________________________

________________________________________________________________________