Limited functionality available
Assurance is defined as an outcome – you do not do assurance, you get assurance – confidence that you are meeting objectives and managing risks
Large, complex organisations are investing more in various forms of assurance activity but are getting less confident around business outcomes - an integrated model strikes the balance between coverage and cost effectiveness. Integrated assurance is the coordinated planning, execution and reporting of assurance activity, often aligning governance, capability and technology.
An Integrated Assurance Model can:
- Reduce costs
- Improve speed of business
- Deliver more reliable business outcomes
- Focus your assurance activities on what matters
- Provide more insights and less contradiction in reporting to Management and the Board
What are the current challenges?
Key issues are around accountability and priority
Accountability: Many organisations have complex Operating Models with multiple accountability dimensions. As a result, we have certain activities where:
a) Many stakeholders feel accountable for objectives and risks
b) No-one feels accountable for the objectives and risks
Both of these scenarios are dangerous because they lead to assurance gaps or overlaps that create a burden on the business
Priority: Governance, when not integrated, can direct business time and attention on activities that do not matter. Organisations need visibility of governance effort (risk, control and assurance) so that leaders can make collective decisions on where governance effort (resources and dollars) needs to be redirected based on where the greatest risks lie.
How can we solve the problem?
Deloitte describes six levers an organisation can pull to deliver a more integrated assurance model
1. Purpose: Are accountabilities for objectives and risks clear within the Org Design?
2. Coverage: Do we have a clear assurance universe and assurance drivers?
3. Coordination: How do we coordinate assurance activity?
4. Methodology: How do we align and uplift assurance activities?
5. Capability: Do we establish a risk or assurance ‘skill pool’ or business partners?
6. Ownership: Is it clear who owns the integrated assurance model and how success is measured?
Before we start this journey towards improved efficiency and business value, Deloitte recommends:
Designing and implementing integrated or combined assurance models requires advice from Integrated Assurance experts. Make sure you have the right team around you.
Tom has spent 10 years helping Energy & Resources and Infrastructure clients to deliver better value from governance, risk and assurance. He has also supported broader successful Operating Model transformation projects. He is passionate about developing systems of governance that support organisational objectives and manage risk as efficiently as possible. He understands that governance is not effective if you continually add accountabilities, business rules and assurance activities. To drive better outcomes and greater confidence, the hard question is how do we simplify - what must we stop doing.