Introduction

This appendix presents a comprehensive case study of Buy and Large Corporation, a prominent retail chain in Canada, illustrating a systematic approach to strategic risk management and internal auditing. The case study will offer insights into the practical aspects of managing operational, financial, compliance, and technological risks in a complex business environment.

The appendix outlines the company’s operational framework, emphasizing its structure, market presence, and strategic challenges. This sets the stage for a detailed risk assessment, where the top 25 risks are identified and categorized into four main types: financial, operational, compliance, and technology. Each risk is described with its potential impact on the company, providing a foundation for prioritizing these risks based on their likelihood and potential severity. Following the risk assessment, the focus shifts to strategic mitigation through internal auditing—an essential component of corporate governance. The multi-year audit plan for 2024 through 2026 outlines a structured approach to addressing the prioritized risks. The plan is segmented annually, specifying critical audits and consulting projects designed to tackle the most significant risks identified. Each year includes a mix of large, medium, and small audits and consulting engagements to enhance existing processes and systems. Lastly, for 2024, a detailed resource schedule is presented, breaking down the specific audits and projects into manageable activities with allocated hours, personnel assignments, and scheduled timelines. This schedule includes the audits themselves and accounts for administrative tasks and continuous professional education, ensuring that the audit team remains skilled and effective.

This case study will explore how Buy and Large integrates risk management with internal audit functions to control its operations and make informed strategic decisions. It provides a real-world application of theoretical concepts such as risk identification, impact assessment, audit planning, and resource allocation. It also highlights the importance of adapting audit plans to meet the changing needs of the business and the external environment. This case study not only enhances the understanding of audit and risk management frameworks but also prepares students for their application in real-world scenarios, equipping them with the knowledge and skills necessary for risk assessment, internal auditing, and corporate governance careers.