JUST NEED HELP WITH Part 2: Purchasing Department and Part 3: Audit Steps
CLC – Tyronco COSO Case Study Template
The case study used this assignment is being used with permission from Internal Auditing Foundation (IIA).
Directions: After reviewing “The Tyronco Foundation COSO” case study, use this template to complete the Topic 1 assignment.
Requirements
The audit programs that you will develop should have two sections to facilitate a top-down audit approach:
1. Organization
COSO Evaluation
2. Purchasing
COSO Evaluation
This approach is suggested because the organizations evaluation of risk, controls, and corporate governance are the foundation for the audit of the purchasing function.
Part 1: Develop a COSO-Based Audit Program
Based on the background information provided in the case study document, develop a COSO-based audit program. The audit program should address the following COSO objectives as applicable:
1. Operational:
Effectiveness and efficiency of operations.
2. Financial:
Reliability of information.
3. Compliance:
Compliance with applicable laws and regulations.
The organization audit program should be classified to align with the five COSO components:
1. Control Environment
2. Risk Assessment
3. Control Activities
4. Monitoring
5. Information and Communication
To provide a consistent framework for comparing solutions, use the following component subsections:
1. Control Environment
Integrity and ethical values
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Commitment to competence
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Board and audit committee
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Management philosophy and operating style
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Organization structure
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Assignment of authority and responsibility
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Human resource policies and practices
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
2. Risk Assessment
Companywide objectives
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Process-level objectives
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Risk identification
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Managing change
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
3. Control Activities
Policies and procedures
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Segregation of duties
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Periodic reconciliation
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Proper authorization
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Transactions recorded
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Safeguarding assets
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
4. Information and Communication
Quality of information
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Effectiveness of communication
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
5. Monitoring
Ongoing monitoring
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Evaluation process
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Reporting control and process deficiencies
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Change management process
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Part 2: Purchasing Department
Identify the five major risks in the purchasing department. List the controls you would expect to find to mitigate the risks and the audit steps that would be utilized to ascertain that the control mitigates the risk.
Purchasing
Risk
At Risk
Control
COSO Classification
Audit Step
1.
2.
3.
4.
5.
Part 3: Audit Steps
List one or two audit steps that you would perform in each of the six listed sections:
Procurement Audit
General
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Requisitioning
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Purchasing
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Receiving
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Invoice Processing
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Accounts Payable, Encumbrances, or Obligations
A. ________________________________________________________________________
________________________________________________________________________
B. ________________________________________________________________________
________________________________________________________________________
Part 4: Risks Related to Tyronco
List five major risks specifically related to Tyronco. What would be your five major areas of concern as an internal auditor?
1. ________________________________________________________________________
________________________________________________________________________
2. ________________________________________________________________________
________________________________________________________________________
3. ________________________________________________________________________
________________________________________________________________________
4. ________________________________________________________________________
________________________________________________________________________
5. ________________________________________________________________________
________________________________________________________________________