Assurance is defined as an outcome – you do not do assurance, you get assurance – confidence that you are meeting objectives and managing risks
Large, complex organisations are investing more in various forms of assurance activity but are getting less confident around business outcomes - an integrated model strikes the balance between coverage and cost effectiveness. Integrated assurance is the coordinated planning, execution and reporting of assurance activity, often aligning governance, capability and technology.
An Integrated Assurance Model can:
- Reduce costs
- Improve speed of business
- Deliver more reliable business outcomes
- Focus your assurance activities on what matters
- Provide more insights and less contradiction in reporting to Management and the Board
What are the current challenges?
Key issues are around accountability and priority
Accountability: Many organisations have complex Operating Models with multiple accountability dimensions. As a result, we have certain activities where:
a) Many stakeholders feel accountable for objectives and risks
b) No-one feels accountable for the objectives and risks
Both of these scenarios are dangerous because they lead to assurance gaps or overlaps that create a burden on the business
Priority: Governance, when not integrated, can direct business time and attention on activities that do not matter. Organisations need visibility of governance effort (risk, control and assurance) so that leaders can make collective decisions on where governance effort (resources and dollars) needs to be redirected based on where the greatest risks lie.
How can we solve the problem?
Deloitte describes six levers an organisation can pull to deliver a more integrated assurance model
1. Purpose: Are accountabilities for objectives and risks clear within the Org Design?
2. Coverage: Do we have a clear assurance universe and assurance drivers?
- Universe – Do we have a clear management framework that covers all business activities and is it clear who looks after what?
- Drivers - Do we have clear drivers for assurance (including a single view of the organisation’s critical risks)?
3. Coordination: How do we coordinate assurance activity?
4. Methodology: How do we align and uplift assurance activities?
5. Capability: Do we establish a risk or assurance ‘skill pool’ or business partners?
6. Ownership: Is it clear who owns the integrated assurance model and how success is measured?
Before we start this journey towards improved efficiency and business value, Deloitte recommends:
- Identify ownership for assurance across the organisation (who owns the accountability for the assurance ecosystem)
- Seek executive- and board-level buy-in for change
- Bring together management systems and risks – create a single source of truth of ‘what we do’ and ‘what is important’, aligned to the enterprise strategic objectives
- Develop a clear 3LOD model applied to the functional structure of the organisation (do not design a theoretical model that the business needs to interpret)
Designing and implementing integrated or combined assurance models requires advice from Integrated Assurance experts. Make sure you have the right team around you.
Meet our author
Tom Rayner
Tom has spent 10 years helping Energy & Resources and Infrastructure clients to deliver better value from governance, risk and assurance. He has also supported broader successful Operating Model transformation projects. He is passionate about developing systems of governance that support organisational objectives and manage risk as efficiently as possible. He understands that governance is not effective if you continually add accountabilities, business rules and assurance activities. To drive better outcomes and greater confidence, the hard question is how do we simplify - what must we stop doing.
