Global business risks are growing in complexity. Organizations and boards are intensely focused on the risk agenda to stay competitive and steer clear of negative news headlines.

The board is responsible for ensuring that risks are adequately managed—an enormous challenge for any organization. But one effective solution is combined assurance, which helps strengthen independent assurance reporting to the board and senior management.

Yet senior management and boards are often missing this accurate and holistic picture of the biggest risks to their organizations. This is mostly because the business areas and functions involved are all siloed. And this results in inefficiencies, duplicated functions, wasted resources, and unnecessary complications.

Combined assurance is an effective solution because it’s based on coordinating the activities of all the assurance providers and streamlining their work and reporting.

So, what is combined assurance?

According to the Institute of Directors, South Africa, it “incorporates and optimises all assurance services and functions so that, taken as a whole, these enable an effective control environment; support the integrity of information used for internal decision-making by management, the governing body and its committees; and support the integrity of the organization’s external reports.”

That’s a mouthful! But what it means is that it’s about effectively coordinating management and assurance providers, increasing collaboration, and developing a more holistic view of risk. It’s about assurance providers (internal and external) working more closely together to:

• Determine key outcomes of combined assurance
• Get assurance in the right areas
• Make sure resources are used effectively
• Obtain risk assurance in the most cost-effective way.

How does it help meet organizational objectives?

Combined assurance doesn’t just provide the board and senior management with peace of mind—it can totally adjust and improve operating efficiencies within an organization by:

• Improving reporting and accountability
• Aligning everyone on a common risk landscape and prioritizing assurance efforts by the risks that matter most
• Increasing the coordination of assurance providers, resulting in better planning, resource allocation, and cost reductions
• Reducing the number of risks that could potentially be overlooked
• Enhancing the organization’s control environment and getting the right reports to the right people at the right time
• Increasing executive management and audit committee confidence
• Significantly reducing operational failures and mitigating risk.

How do you get started?

Obviously, combined assurance adds a lot of business value. But getting started with this model means a big shift in thinking. And there are a lot of questions that you’ll need to answer before you get started. Specifically, which tools, systems, and people should coordinate and lead it?

As the board usually delegates this responsibility to the audit committee, which acts through the chief audit executive, it’s generally considered that internal audit is the right business area to lead coordination.

By strategizing and planning to keep disruption to a minimum, and rolling out change slowly, you can take steps toward combined assurance. Here are a few considerations:

1. Think about your stakeholders. Who requires assurance within your organization?
2. Identify how the assurance is delivered to each stakeholder. What is the method and timing?
3. How many different teams or people are involved in delivering that assurance?
4. Identify the crossover or duplication within the reports.
5. Where can the work be streamlined?
6. Do you have the people, processes, and technology to do the streamlining?

To find out more about combined assurance, its role within integrated risk management, how it works within the Three Lines of Defense model, and tips for implementation, read our white paper