Risk Assessment in Virtual Enterprise Networks: A Process-Driven Internal Audit Approach

Risk Assessment in Virtual Enterprise Networks: A Process-Driven Internal Audit Approach

Nikolaos A. Panayiotou (National Technical University of Athens, Greece), Stylianos Oikonomitsios (CIA, Consultant, Greece), Christina Athanasiadou (Ernst & Young, Greece) and Sotiris P. Gayialis (National Technical University of Athens, Greece)
Copyright: © 2011 |Pages: 23
DOI: 10.4018/978-1-60960-587-2.ch401
OnDemand PDF Download:
$37.50

Abstract

In today’s business environment, supply chains involve a number of autonomous organizations. Agility, effectiveness and efficiency of these supply chains can be achieved by forming virtual enterprise networks. The nature of supply chain processes with inter-organizational activities, involving different enterprises in a virtual enterprise network, increases the need for control in a well-designed and structured manner. Internal Audit activities and controls can help virtual organizations to improve and operate in a more efficient manner. This chapter proposes a methodological approach for the design of the Internal Audit function for risk assessment and control identification of inter-organizational supply chain processes, using business process modelling techniques and an internal audit–oriented enterprise modelling tool. A case study in the auditing of the supply chain processes in a virtual enterprise network demonstrates the application of the suggested methodology and tool.
Chapter Preview
Top

Introduction

According to recently formulated definitions of the Institute of Internal Auditors (IIA) (IIA, 2009; Bou-Raad, 2000), Internal Audit is an independent, objective assurance and consulting activity designed to help the organization to improve and operate in a more efficient manner. Although the role of Internal Audit in business process improvement is emphasized in the aforementioned definitions, common business practice shows a partial orientation towards financial and accounting analysis and control (Fadzil et al., 2005), while the application of Internal Audit to deal with efficiency and effectiveness is often overlooked. Internal Audit, in both its assurance and its consulting roles, contributes to the management of risk in a variety of ways. Its core role with regard to enterprise risk management is to provide objective assurance to the board on the effectiveness of risk management. Indeed, research has shown (IIA, 2004) that board directors and internal auditors agree that the two most important ways that internal audit provides value to the organization are in providing objective assurance that the major business risks are being managed appropriately and that the risk management and internal control framework is operating effectively.

The ever-increasing complexity of business processes and services demands business supply chains which involve a number of autonomous organizations. Competitive markets require that these supply chains are agile, effective and efficient. This can be achieved by forming dynamic virtual enterprise networks. Difficulties with deploying these networks are immense and organizations may not be prepared to cope with the changing nature of risk arising from such a strategic shift. The nature of supply chain processes with inter-organizational and cross-functional activities, involving different enterprises in a virtual network, increases the need for efficient and effective control in a well-designed and structured manner.

The evolution of internal auditing provides a basis for risk mitigation efforts within the supply chain processes. No longer focused on providing a check over accounting transactions, the internal auditor now applies risk-based auditing methods to management activities that span the enterprise. This enterprise-wide view makes internal auditing primed to analyze risk associated with operating highly interconnected supply chain networks (Hallikas & Varis, 2009). Internal auditors can identify problems that cross organizational boundaries. They can take the responsibility to provide objective assurance in the evaluation and improvement of risk management, identifying and reporting problems that can impact the economic health of the members of a virtual enterprise network (Fike, 2005).

Complete Chapter List

Search this Book:
Reset