CLC-Tyronco COSO Case Study Template The case study used this assignment is being used with permission from Internal Auditing Foundation (IIA). Directions: After reviewing "The Tyronco Foundation COSO" case study, use this template to complete the Topic 1 assignment. Requirements The audit programs that you will develop should have two sections to facilitate a top-down audit approach: 1. Organization COSO Evaluation 2. Purchasing COSO Evaluation This approach is suggested because the organization's evaluation of risk, controls, and corporate governance are the foundation for the audit of the purchasing function. Part 1: Develop a COSO-Based Audit Program Based on the background information provided in the case study document, develop a COSO-based audit program. The audit program should address the following COSO objectives as applicable: 1. Operational: Effectiveness and efficiency of operations. 2. Financial: Reliability of information. 3. Compliance: Compliance with applicable laws and regulations. The organization audit program should be classified to align with the five COSO components: 1. Control Environment 2. Risk Assessment 3. Control Activities 4. Monitoring 5. Information and Communication To provide a consistent framework for comparing solutions, use the following component subsections: 1. Control Environment Integrity and ethical values A. Mission statement Simple straight to the point statement that declares the organizations purpose Example: "Tesla's mission is to accelerate the world's transition to sustainable energy" (About Tesla, n.d.). B. Tone at the top Companies management and board of directors commitment of being ethical and legal A. B. - Commitment to competence Organization needs to commit to the ethical framework established by the company. The chairman selects the board members and then need to be approved by the majority of the board. If they are all well friends and/or acquantinces it could be an easy way of doing unethical things and even illegal actions. B. Board and audit committee A. Management philosophy and operating style A. B. Organization structure A. B. Assignment of authority and responsibility A. Assignment of authority and responsibility A. B. Human resource policies and practices A. B. 2. Risk Assessment Companywide objectives A. B. Process-level objectives A. B. Risk identification A. B. Managing change A. B. Safeguarding assets A. B. 4. Information and Communication Quality of information A. B. Effectiveness of communication A. B. 5. Monitoring Ongoing monitoring A. B. Evaluation process A. B. Reporting control and process deficiencies A. B. Change management process A. B.