Bracing consumers for looming supply chain disruptions has become a repetitive task for the news media in the wake of the COVID-19 pandemic. 仅2021年初, 消费者被告知要为从汽油到氯、从鸡肉到电脑芯片的各种短缺做好准备.
自然, organizations are looking to get a better handle on the risk factors that can affect their ability to receive and deliver the products and services that are critical to their business models, 他们正在寻找技术来帮助他们做到这一点. 软件工具在供应链风险管理领域正在激增,而且……
[N]现在人工智能的价值, 预测性分析和规定性分析都有很好的文档, 这项技术成为新标准只是时间问题.1
毫无疑问,深度, breadth and immediacy of insight into supply chains provided by high-tech tools can help organizations reduce unwanted surprises and gain precious time to respond to emerging risk. 同时, it may also cause organizations to consider how to get the best value out of the internal audit function where these tools are being used. 因此, 内部审计需要积极主动地断言其提供有用信息的能力, 对管理层设计和实施的控制措施提供客观保证和建议, 并对剩余供应链风险领域进行评估.
供应链中的社会责任
It may seem that areas such as environmental and social responsibility are natural places where human auditors are best suited to differentiate themselves from 监控 technologies in controlling supply chain risk. 然而, 德勤2019年的一项研究表明,即使在道德劳动实践和环境责任等领域, organizations are looking to tools and technology that can support and monitor socially responsible supply chain practices and environmental sustainability.2 此外, 研究指出,, 在某些情况下, organizations were de-emphasizing the traditional internal audit approach and seeking to repurpose audit resources into technology tools because audits, 虽然仍然是社会责任审计的主导做法, 是否由于各种因素而被认为是“不足和无效的”.3 这些因素包括范围限制, 多重审计给员工带来的负担, 以及审计和第三方认证系统腐败的可能性.
因此, 由于越来越重视监测技术, it is critical that internal audit position itself as an indispensable complement to these 监控 tools and technologies to remain relevant and deliver value in the supply chain risk management space. 内部审计有许多方法可以区分其价值.
分异点
尽管看起来监视工具执行的是审核过程的复制品, 监控, 符合性测试和识别不符合只是审核职能的一部分任务. 其核心是, 内部审计的目的是帮助组织实现其业务目标, 这与供应链风险有关, 内部审计可以通过多种方式区分其价值,同时与供应链监控流程产生协同作用.
分配的意义
随着供应链监控工具和技术的激增, 它们生成了大量关于组织供应链的信息. 组织的决策者需要帮助来理解这些信息的含义, 特别是在宏观层面上. 通过将其工作与技术支持的监测活动相结合, internal audit should be able to devote more of its resources to assigning meaning to 监控 data and converting meaning into actionable recommendations that support the organization’s strategy, 使命及核心价值.
凭借其独立性和与广泛利益相关者的接触, internal audit can impart value by ensuring that supply chain 监控 information is thoroughly and accurately disseminated to the appropriate stakeholders so they can make informed decisions.
评估组织策略
使供应链监控过程有效, 组织必须有适当的政策来定义什么是可取的,什么是不可取的,什么是可接受的,什么是不可接受的. 材料规格, delivery time frames and environmental impact thresholds are just a few examples of the many aspects of the supply chain for which parameters must be established. 这些参数必须随着时间的推移而更新, 根据市场情况和监管变化, and internal audit should also provide assurance to the organization that the criteria the supply chain 监控 tools are using are current, 准确、恰当.
INTERNAL AUDIT SHOULD HELP ENSURE THAT THERE IS WIDESPREAD UNDERSTANDING OF POLICIES AND PROCEDURES RELATED TO SUPPLY CHAIN FUNCTIONS ON THE PART OF INTERNAL PERSONNEL.
Internal audit should be engaged with management to ensure that supply chain 监控 processes are operating on the most up-to-date information about the organization’s needs, 约束和业务条件. 要做到这一点, 审核员向管理人员询问供应链各个方面的问题可能是有益的,例如:
- 相关的法规要求是否发生了变化?
- 组织是否增加或减少了供应商或第三方?
- 组织的监控、保证和审计资源能否支持现有的供应链?
- 政策是否仍然与业务模式保持一致, 战略目标, 客户/利益相关者的期望和核心价值?
- 现有的控制系统是否存在漏洞?
沟通
沟通是管理供应链风险的一个关键方面,它发生在几个层次上.
Internal audit should help ensure that there is widespread understanding of policies and procedures related to supply chain functions on the part of internal personnel. 面试, compliance testing and evaluation of training activities can provide a picture of how well employees understand their requirements.
内部审计还应考虑是否存在教育供应商的持续沟通活动, 潜在的供应商, 监管机构, 外部审计师, 公众和其他利益相关者了解组织的需求, 期望和质量保证活动.
例如, one of the difficulties cited by respondents who were interviewed in the Deloitte report was the number of audits that were being requested of them by various external stakeholders such as clients, 客户及规管机构, 各方都提出了不同的审计需求和期望.4 这可能导致组织内部的返工和审核疲劳. 然而, if supply chain 监控 tools and technology can be leveraged to efficiently answer certain requests and provide assurance to external parties, 然后是内部审计, 凭借其在审计流程和标准遵从方面的专业知识, 是否能够提供指导以确保审计工作的有效性.
问责制
它的独立性和对董事会的责任, internal audit performs a critical function in ensuring that management is accountable for effectively and responsibly managing supply chain risk. Internal audit can determine whether management is making effective use of information and insights gleaned from supply chain 监控 tools. 然后,内部审计可以贯彻旨在提高效率的审计建议, 供应链操作的可靠性和法规遵从性.
新兴风险
有效的供应链风险管理必须包括使组织能够驾驭新出现的风险的努力. 新兴风险包括新发展的风险领域,这些领域尚未得到充分评估,但可以得到充分评估, 在未来, 影响组织战略的可行性.5 根据毕马威(KPMG) 2020年发布的研究报告, identifying existing and emerging risk is perceived by executive stakeholders as a key part of internal audit’s role but not to the extent that internal audit perceives itself this way.6 The report states that “a modern IA function should understand the organization’s key risks and proactively identify emerging risks in order to add value to the organization.”7 要做到这一点, 内部审计必须足够大胆,从整体角度对现有的供应链假设提出质疑, 包括它的输入, processes and outputs; the policies and regulations that govern it; and the socioeconomic contexts in which it operates.
审计技术工具
尽管技术工具可以为供应链的效率提供强有力的见解, 安全性和遵从性, 他们不能审计自己. 如前所述,供应链监控工具和技术会产生大量数据. 像这样, 在供应链监控技术上建立一个有效的数据治理系统是至关重要的, 而内部审计应该在这方面提供有价值的保证. 内部审计可以洞察供应链监控数据是否安全, 技术是否按预期发挥作用,这些工具产生的数据是否被合乎道德和负责任地使用.
结论
大约二十年前, Protiviti的发表了一份报告,指出传统的, compliance-focused审计, “While as important as ever…alone cannot provide optimum value for supply chain and procurement leaders and other stakeholders in the procurement process.”8 今天, with supply chain disruption near the top of many organizations’ risk rankings and business leaders seeking new methods of supply chain control, 内部审计必须取得平衡. Internal audit must integrate its efforts with high-tech supply chain 监控 tools so that it is not seen as an alternative to such tools. 但, 同时, internal audit must distinguish its value from that of technology tools so that it is understood to be an essential complement to them. 通过这样做, internal audit can help ensure that senior management continues to perceive internal audit as a foundational function in supply chain risk management.
内部审计必须足够大胆,从整体角度对现有的供应链假设提出质疑.
尾注
1 邦纳,H.; “Managing Risk With Supply Chain Risk Management Software,” Riskpulse, 4 June 2020, http://riskpulse.com/blog/managing-risk-with-supply-chain-risk-management-software/
2 德勤监测研究所, 负责任的供应链工具:了解市场机会2019年4月 http://www2.deloitte.com/content/dam/Deloitte/us/Documents/about-deloitte/us-about-deloitte-humanity-united-responsible-supply-chain-tools.pdf
3 同前.
4 同前.
5 Protiviti的的, 董事会观点:风险监督,第23期2011年1月,美国; http://www.protiviti.com/US-en/insights/board-perspectives-risk-oversight-issue-23
6 毕马威(KPMG) 2020年前内部审计应考虑的20个主要风险2020年1月,瑞士; http://assets.kpmg/content/dam/kpmg/ch/pdf/key-risks-internal-audit-2018.pdf
7 同前.
8 Op cit Protiviti的
凯文·米. Alvero, CISA, CDPSE, CFE
是尼尔森公司内部审计、合规和治理的高级副总裁吗. 他领导内部质量审计计划和行业合规计划, 跨越澳门赌场官方下载的全球媒体产品和服务.