In today’s business environment, supply chains involve a number of autonomous organizations. Agility, effectiveness and efficiency of these supply chains can be achieved by forming virtual enterprise networks. The nature of supply chain processes with inter-organizational activities, involving different enterprises in a virtual enterprise network, increases the need for control in a well-designed and structured manner. Internal Audit activities and controls can help virtual organizations to improve and operate in a more efficient manner. This chapter proposes a methodological approach for the design of the Internal Audit function for risk assessment and control identification of inter-organizational supply chain processes, using business process modelling techniques and an internal audit–oriented enterprise modelling tool. A case study in the auditing of the supply chain processes in a virtual enterprise network demonstrates the application of the suggested methodology and tool.
TopIntroduction
According to recently formulated definitions of the Institute of Internal Auditors (IIA) (IIA, 2009; Bou-Raad, 2000), Internal Audit is an independent, objective assurance and consulting activity designed to help the organization to improve and operate in a more efficient manner. Although the role of Internal Audit in business process improvement is emphasized in the aforementioned definitions, common business practice shows a partial orientation towards financial and accounting analysis and control (Fadzil et al., 2005), while the application of Internal Audit to deal with efficiency and effectiveness is often overlooked. Internal Audit, in both its assurance and its consulting roles, contributes to the management of risk in a variety of ways. Its core role with regard to enterprise risk management is to provide objective assurance to the board on the effectiveness of risk management. Indeed, research has shown (IIA, 2004) that board directors and internal auditors agree that the two most important ways that internal audit provides value to the organization are in providing objective assurance that the major business risks are being managed appropriately and that the risk management and internal control framework is operating effectively.
The ever-increasing complexity of business processes and services demands business supply chains which involve a number of autonomous organizations. Competitive markets require that these supply chains are agile, effective and efficient. This can be achieved by forming dynamic virtual enterprise networks. Difficulties with deploying these networks are immense and organizations may not be prepared to cope with the changing nature of risk arising from such a strategic shift. The nature of supply chain processes with inter-organizational and cross-functional activities, involving different enterprises in a virtual network, increases the need for efficient and effective control in a well-designed and structured manner.
The evolution of internal auditing provides a basis for risk mitigation efforts within the supply chain processes. No longer focused on providing a check over accounting transactions, the internal auditor now applies risk-based auditing methods to management activities that span the enterprise. This enterprise-wide view makes internal auditing primed to analyze risk associated with operating highly interconnected supply chain networks (Hallikas & Varis, 2009). Internal auditors can identify problems that cross organizational boundaries. They can take the responsibility to provide objective assurance in the evaluation and improvement of risk management, identifying and reporting problems that can impact the economic health of the members of a virtual enterprise network (Fike, 2005).
In this chapter a specific methodological approach for the mitigation of risks in virtual enterprise networks is proposed. This approach assists the design of an Internal Audit process for risk assessment and control identification, using business process modelling techniques. Moreover, specific templates are suggested for risk assessment and control identification connected with the existing organizational and inter-organizational processes and activities of the supply chain in the enterprise network. An internal audit–oriented enterprise modelling tool is developed to support the risk assessment and the control identification. The proposed methodology tries to assist business process improvement and quality enhancement in the enterprise supply chain and supports the extended role of Internal Audit as a facilitator of change towards the enterprises network’s business objectives. It is intended to provide a structured set of methods and tools in order to maximize efficiency in virtual networks. A case study in the auditing for risk assessment and control identification related to risks of the supply chain processes in a virtual enterprise network demonstrates the application of the suggested methodology and tool.