There are many different assurance providers, all working in silos, making a complete risk picture difficult to obtain—but combined assurance can help.
Global business risks are growing in complexity, requiring organizations and boards to intensely focus on the risk agenda in order to stay competitive and steer clear of negative news headlines.
The board is responsible for ensuring that risks are adequately managed—an enormous challenge for any organization, but especially difficult for larger ones. One effective (yet under-utilized) solution is combined assurance, which helps strengthen independent assurance reporting to the board and senior management.
Yet senior management and boards are often missing this accurate and holistic picture of the biggest risks to their organizations. This is mostly because the business areas and functions involved are all siloed. And this results in inefficiencies, duplicated functions, wasted resources, and unnecessary complications.
Combined assurance is an effective solution because it’s based on coordinating the activities of all the assurance providers and streamlining their work and reporting.
“Combined assurance is about effectively coordinating management and internal and external assurance providers, increasing collaboration, and developing a more holistic view of the organization’s risk.”
So, what is combined assurance?
According to the Institute of Directors, South Africa, it “incorporates and optimises all assurance services and functions so that, taken as a whole, these enable an effective control environment; support the integrity of information used for internal decision-making by management, the governing body and its committees; and support the integrity of the organization’s external reports.”
That’s a mouthful! But what it basically means is that it’s about effectively coordinating management and internal and external assurance providers, increasing collaboration, and developing a more holistic view of the organization’s risk. It’s about assurance providers (internal and external) working more closely together to:
- Determine key outcomes of combined assurance
- Get assurance in the right areas
- Make sure resources are used effectively
- Obtain risk assurance in the most cost-effective way.
How does it help meet organizational objectives?
Combined assurance doesn’t just provide the board and senior management with peace of mind—it can totally adjust and improve operating efficiencies within an organization by:
- Improving reporting and accountability
- Aligning everyone on a common risk landscape and prioritizing assurance efforts by the risks that matter most
- Increasing the coordination of assurance providers, resulting in better planning, resource allocation, and cost reductions
- Reducing the number of risks that could potentially be overlooked
- Enhancing the organization’s control environment and getting the right reports to the right people at the right time
- Increasing executive management and audit committee confidence
- Significantly reducing operational failures and mitigating risk.
How do you get started?
Obviously, combined assurance adds a lot of business value. But getting started with this model means a big shift in thinking. And there are a lot of questions that you’ll need to answer before you get started. Specifically, which tools, systems, and people should coordinate and lead it?
As the board usually delegates this responsibility to the audit committee, which acts through the chief audit executive, it’s generally considered that internal audit is the right business area to lead coordination.
By strategizing and planning to keep disruption to a minimum, and rolling out change slowly, you can take steps toward combined assurance. Here are a few considerations:
- Think about your stakeholders. Who requires assurance within your organization?
- Identify how the assurance is delivered to each stakeholder. What is the method and timing?
- How many different teams or people are involved in delivering that assurance?
- Identify the crossover or duplication within the reports.
- Where can the work be streamlined?
- Do you have the people, processes, and technology to do the streamlining?
To find out more about combined assurance, its role within integrated risk management, how it works within the Three Lines of Defense model, and tips for implementation, read our white paper What is combined assurance?
What is combined assurance?
This white paper answers the questions:
- What is the combined assurance model?
- Who are the main assurance providers?
- How does the combined assurance model fit within and compliment the Three Lines of Defense model?
- How do organizations implement the combined assurance model?