Vendor Selection Controls

Purpose: This is the testing worksheet for the respective control objective and activity / activities.
Site Audited
Audit Type
If Not a Standard Audit Type, Explain Purpose of Review
Review Stage
Cycle Expenses
Testing performed by
Date of test
Testing reviewed by
Date of review
Control Objective EX-020-010 Purchasing Approvals - All purchases are approved by management.
Risk Addressed: Inventory related purchases are not approved appropriately.
The Purchasing function procures inventory, supplies, and services to satisfy production requirements and to maintain the
Guidance / Risk Addressed facilities and equipment The purchasing function should not acquire goods or services for which a proper management
approval has not been obtained.
Activity
Control Activity # Control Activity Description SOX or OKC
Scope
Materials management has a process to review that customer's finished goods

demand is loaded into the ERP system (MPS - Master Production / Planning
Control Activity EX-020-010-030 OKC
Schedule) from forecasts or firm orders provided by the customer.
Process Owner (Contact Person @ Site for This Control Objective)

Process Owner Job Position
The test for EX-020-010-030 requires, through discuss with relevant materials management, reviewing the procedures / process
Prescribed Test(s) of converting customers forecast or orders into raw material purchasing requirement.
Frequency (select closest value)
Sample Size (per sample size guideline / prescribed audit test)
Additional Samples Selected (based on testing exceptions)
Base Data For Sample Selection Provided By
Name & Title of Person Providing Base Data (If Not ARMS)
Date Range / Period(s) of Base Data Used For Sample
System That Sample Selection Data Was Obtained From
Company Number(s) - if applicable
Was The Prescribed Test Performed?
If The Prescribed Test Was Not Performed, Or Was Only Partially

Performed, Explain Why And What Was Tested Instead
Attributes Detailed Test Procedures (Attributes)

A There is a process in place to convert customers forecasts or orders into raw material purchasing requirement.
B
C
D
E
F
Sample Table (please add / delete rows as necessary, based on the frequency)
Material Attribute Testing Performed (use tickmarks) Testing

# Management Exception Comments
Process Identified? (Y/N)
A B C D E F
Customer's
1 Finished Goods
Demand Process.
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Other Notes / Additional Documentation of Work Performed or

Process Details / Significant changes to the process / system in use
since previous year audit (Only If Deemed Necessary)
Examples of Deficiencies / Other Documentation (attach samples of

deficiencies or other documents as deemed appropriate)
Control Effectiveness EX-020-010-030

(choose from drop-down list)
Control Deficiency Description EX-020-010-030

Control Objective PDM-010-010
Materials are not purchased in the com

may lead to unfavorable terms for the c
If Materials are not purchased using me

service, and could be paying based on
Guidance / Risk Addressed
Additionally in situation when independ
Supplier Qualification Procedure GPO-G

Supplier Selection and Management Po
Control Activity #
Control Activity PDM-010-010-010

The test for PDM-010-010-010 requires:

I) Obtaining and reviewing local Direct P
Discussion should also include proces
lists of such.
II) Obtaining the list of purchased mater

a. Checking for items purchased from
analyzing the split between the sources
Prescribed Test(s)
b. Checking weather material sourced b
In situation of the presence of the case

vendor/material selection process has
III) By interview and data analysis chec

case of such, review is required of the a

Attributes
A
Local direct material policy is valid and
B
Policy coveres all non-routine situation
C There are instances were material is us
D There are instances were material is ob
E There are instances were material is us
F Material Sourced by one of the Custom
Sample Table (please add / delete row
Attribute Testing Performed (use tickmarks)

# Test Instances
A B C
1 Direct Material Policy
Items purchased from
2
different sources
Material Sourced By
3
clients
4
# Sample material code

E F
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Other Notes / Additional Documentation of Work Performed or Process

Details / Significant changes to the process / system in use since previous
year audit (Only If Deemed Necessary)
Control Effectiveness
Control Deficiency Description

Direct Materials are sourced in the best interests of the Company only and Vendor Selection process is in line with
s are not purchased in the company's best interests, Vendors are not selected in line with the corporate guidance which can c
d to unfavorable terms for the company, fraud or kickbacks.
als are not purchased using methods to determine the companys best interest, the company could pay higher prices, could
and could be paying based on unfavorable terms - it all can result with company losses.
ally in situation when independent review is not part of the process there is a risk of potential fraud and kickbacks.
Qualification Procedure GPO-GPO-3-033-00

Selection and Management Policy GPO-GPO-1-016-00
Control Activity Description SOX or OKC
Materials are purchased at the most competitive terms - i.e. best price, quality,
service, and delivery lead time. The site has a documented process to ensure
that the most competitive terms are realized and maintains the back-up
documents to support the selection of the supplier. Additionally, it is ensured OKC
that materials bought from vendors mandated by customers are bought only for
that customer's production. Otherwise, the suppliers have to meet all of the
requirements of all other common material vendors.
for PDM-010-010-010 requires:

ing and reviewing local Direct Procurement policy and performing discussion with local Procurement manager on direct mate
on should also include process of material coding, potential reasons and situations for same material having different system
uch.
ning the list of purchased material for period allowing proper analysis of the process (at least last 3 months) and by data analy
king for items purchased from few different sources
g the split between the sources.
ing weather material sourced by clients is used for other clients production
on of the presence of the cases listed above (including I) checking is required whether purchase of material and supplier split
/material selection process has a proper background and is based on market analysis/quotation required in PDM-010-020-010
erview and data analysis checking whether there are instances of purchases from vendors/brokers which are not regular sup
such, review is required of the available evidence of vendor selection, taking into account list of brokers approved by Corpora
Detailed Test Procedures (Attributes)
ect material policy is valid and compliant with corporate requirements
overes all non-routine situations of multiple material coding for same items, or common components for programs
e instances were material is used for different clients and is sourced by one of them
e instances were material is obtained from multiple sources
e instances were material is used for different clients and is sourced by one of them
Sourced by one of the Customers is not used for another one.
e Table (please add / delete rows as necessary, based on the frequency)
ng Performed (use tickmarks) Testing

Exception Comments
Identified? (Y/N)
D
ng Performed (use tickmarks)
Testing
Exception Comments
Identified? (Y/N)
election process is in line with corporate guidance
orporate guidance which can cause quality issues and
could pay higher prices, could receive inferior quality /
raud and kickbacks.
Activity Scope
ement manager on direct material purchasing.

material having different system codes and obtaining
st 3 months) and by data analysis:
se of material and supplier split has proper reasoning

n required in PDM-010-020-010.
kers which are not regular suppliers to the site. In

f brokers approved by Corporate.
nents for programs
Comments
Comments



Control Activity #


Through discussion with relevant mana
people. The review should include exam
Further the test requires - basing on the

different suppliers (including suppliers
trace to:
1. Competitive bidding/quotations
- Determine whether the site has obtain

Prescribed Test(s)
with the Supplier Qualification Procedu
- Determine whether the site has an ade
- Review all quotations. Check that unit
vendor, i.e. quality, service or delivery l
- If the supplier was selected by Global
- Ensure that the POs are not approved
Note: Select only vendors which are no
2. Suppliers invoice
Match PO/PR price, quantity and item to
Through discussion with relevant mana
people. The review should include exam
Further the test requires - basing on the

different suppliers (including suppliers
trace to:
1. Competitive bidding/quotations
- Determine whether the site has obtain

Prescribed Test(s)
with the Supplier Qualification Procedu
- Determine whether the site has an ade
- Review all quotations. Check that unit
vendor, i.e. quality, service or delivery l
- If the supplier was selected by Global
- Ensure that the POs are not approved
Note: Select only vendors which are no
2. Suppliers invoice
Match PO/PR price, quantity and item to

Attributes
A
Competitive quotations obtained
B
Quotation Documentation is retained an
C Justification of vendor selection is clea
D Is Vendor Selected by GPO
E Vendor is selected by different person t
F Invoice price matches PO/PR price
G Quantity on Invoice matches PO/PR qu
H

# Supplier Selected
A B C
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Suppliers Invoice
# Suppliers Invoice
G H
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25




Vendors are qualified in-line with Corporate guidelines and in the Company's
best interest. Any exception to Company guidelines has adequate support and is OKC
properly documented and approved

discussion with relevant management to determine whether the criteria for supplier selection is defined and communicated to
The review should include examples of the selection criteria used and reviewing for compliance to the Supplier Qualification P
he test requires - basing on the Sample Size guidelines and professional judgment - obtaining samples of Purchase Orders/R
suppliers (including suppliers in Approved Vendor List, Preferred Supplier List, contractual, etc.) not introduced/controlled by
etitive bidding/quotations
ine whether the site has obtained competitive quotations from more than one supplier, and determine whether the number of q
Supplier Qualification Procedure GPO-GPO-3-033-00.
ine whether the site has an adequate process to retain past quotations for reference and audit purposes.
all quotations. Check that unit price on PO is the lowest of available quotations, if not, check that approver indicates justificat
.e. quality, service or delivery lead time. Ensure that this justification is adequately documented.
upplier was selected by Global Procurement, obtain evidence from respective GP personnel.
that the POs are not approved by personnel also approving the selection of the particular vendor.
lect only vendors which are not demanded/selected by customer (in such case site cannot decide to select cheaper supplier).
ers invoice
O/PR price, quantity and item to suppliers invoice to ensure accuracy of billing.
discussion with relevant management to determine whether the criteria for supplier selection is defined and communicated to
The review should include examples of the selection criteria used and reviewing for compliance to the Supplier Qualification P
he test requires - basing on the Sample Size guidelines and professional judgment - obtaining samples of Purchase Orders/R
suppliers (including suppliers in Approved Vendor List, Preferred Supplier List, contractual, etc.) not introduced/controlled by
etitive bidding/quotations
ine whether the site has obtained competitive quotations from more than one supplier, and determine whether the number of q
Supplier Qualification Procedure GPO-GPO-3-033-00.
ine whether the site has an adequate process to retain past quotations for reference and audit purposes.
all quotations. Check that unit price on PO is the lowest of available quotations, if not, check that approver indicates justificat
.e. quality, service or delivery lead time. Ensure that this justification is adequately documented.
upplier was selected by Global Procurement, obtain evidence from respective GP personnel.
that the POs are not approved by personnel also approving the selection of the particular vendor.
lect only vendors which are not demanded/selected by customer (in such case site cannot decide to select cheaper supplier).
ers invoice
O/PR price, quantity and item to suppliers invoice to ensure accuracy of billing.
tive quotations obtained
n Documentation is retained and available for review

tion of vendor selection is clear and properly justified
r Selected by GPO
s selected by different person to one issuing PO's
price matches PO/PR price
on Invoice matches PO/PR quantity

Exception Comments
Identified? (Y/N)
D E F

Testing
Exception Comments
Identified? (Y/N)
Testing
Exception Comments
Identified? (Y/N)
raud and kickbacks.
Activity Scope
s defined and communicated to the appropriate

e to the Supplier Qualification Procedure.
samples of Purchase Orders/Requisitions from

c.) not introduced/controlled by the customer and
ermine whether the number of quotations is in line
purposes.
hat approver indicates justification for selection of
d.
or.
de to select cheaper supplier).
Comments
Comments
Comments



Control Activity #


Obtaining the list of Vendors selected b
1. For the reasonable sample of vendo
recommended) obtain the documentatio
2. Ensure that vendor selection was com
3. Ensure that all business factors are t
Prescribed Test(s) a. Market analysis for the given materia
b. Global sourcing strategy,
c. Supply risk management;
d. Price comparisons across all regions
e. MOQ in agreements against the actua
f. Pricing agreements in comparison to


Attributes
A
Qualification process documentation is
B
Vendor selection was compliant with th
C All important business factors are taken
D Was the business factor taken into con

# Vendors selected
A B C
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Business factors in
# selection of vendors
process D
Market analysis for the

given
1 material/commodity
with pricing trends and
existing parties;
Global sourcing
2
strategy,
Supply risk
3
management;
Price comparisons
4 across all regions
involved;
MOQ in agreements
5 against the actual
demand;
Pricing agreements in
6 comparison to the
market prices.
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25




FOR GPO ONLY: Vendor qualification process used by the GPO organization is
fully compliant with the Supplier Selection and Management policy GPO-GPO-1-
016-00. It covers all critical areas for the Company - i.e. market analysis for the
given material/commodity with pricing trends and existing parties; global OKC
sourcing strategy, supply risk management; price comparisons across all
regions involved; MOQ in agreements against the actual demand; pricing
agreements in comparison to the market prices, etc.

g the list of Vendors selected by the GPO and:
e reasonable sample of vendors selected basing on the Sample Size Guidelines and professional judgment (if auditing resour
ended) obtain the documentation from the qualification process.
e that vendor selection was compliant with the Supplier Selection and Management Policy GPO-GPO-1-016-00.
e that all business factors are taken into account when vendor was selected. These are:
t analysis for the given material/commodity with pricing trends and existing parties;
l sourcing strategy,
y risk management;
comparisons across all regions involved;
n agreements against the actual demand;
g agreements in comparison to the market prices.
ation process documentation is retained and available for review
election was compliant with the Supplier Selection and Management Policy GPO-GPO-1-016-00
rtant business factors are taken into account when vendor was selected
business factor taken into consideration for selected vendors

Exception Comments
Identified? (Y/N)
Testing
Exception Comments
Identified? (Y/N)
raud and kickbacks.
Activity Scope
nal judgment (if auditing resources allow 100% is
-GPO-1-016-00.
Comments
Comments

Vendor Selection Controls

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vendor Selection Controls

Uploaded by

Copyright:

Available Formats

Purpose: This is the testing worksheet for the respective control objective and activity / activities.

Risk Addressed: Inventory related purchases are not approved appropriately.

Materials management has a process to review that customer's finished goods

Process Owner (Contact Person @ Site for This Control Objective)

Frequency (select closest value)

Sample Size (per sample size guideline / prescribed audit test)

Additional Samples Selected (based on testing exceptions)

Base Data For Sample Selection Provided By

Date Range / Period(s) of Base Data Used For Sample

System That Sample Selection Data Was Obtained From

Company Number(s) - if applicable

Was The Prescribed Test Performed?

If The Prescribed Test Was Not Performed, Or Was Only Partially

Attributes Detailed Test Procedures (Attributes)

Material Attribute Testing Performed (use tickmarks) Testing

Other Notes / Additional Documentation of Work Performed or

Examples of Deficiencies / Other Documentation (attach samples of

Control Effectiveness EX-020-010-030

Control Deficiency Description EX-020-010-030

Materials are not purchased in the com

If Materials are not purchased using me

Supplier Qualification Procedure GPO-G

Control Activity PDM-010-010-010

Process Owner (Contact Person @ Site for This Control Objective)

The test for PDM-010-010-010 requires:

II) Obtaining the list of purchased mater

In situation of the presence of the case

III) By interview and data analysis chec

Sample Size (per sample size guideline / prescribed audit test)

Additional Samples Selected (based on testing exceptions)

Base Data For Sample Selection Provided By

Date Range / Period(s) of Base Data Used For Sample

System That Sample Selection Data Was Obtained From

Company Number(s) - if applicable

Was The Prescribed Test Performed?

If The Prescribed Test Was Not Performed, Or Was Only Partially

Sample Table (please add / delete row

Attribute Testing Performed (use tickmarks)

# Sample material code

Other Notes / Additional Documentation of Work Performed or Process

Control Deficiency Description

Qualification Procedure GPO-GPO-3-033-00

Control Activity Description SOX or OKC

for PDM-010-010-010 requires:

ect material policy is valid and compliant with corporate requirements

e Table (please add / delete rows as necessary, based on the frequency)

ng Performed (use tickmarks) Testing

orporate guidance which can cause quality issues and

could pay higher prices, could receive inferior quality /

raud and kickbacks.

ement manager on direct material purchasing.

st 3 months) and by data analysis:

se of material and supplier split has proper reasoning

kers which are not regular suppliers to the site. In

Materials are not purchased in the com

If Materials are not purchased using me

Supplier Qualification Procedure GPO-G

Control Activity PDM-010-010-020

Process Owner (Contact Person @ Site for This Control Objective)

The test for PDM-010-010-020 requires:

Further the test requires - basing on the

- Determine whether the site has obtain

Further the test requires - basing on the

- Determine whether the site has obtain