How can organisations be getting better value for their assurance dollar?

Assurance is defined as an outcome – you do not do assurance, you get assurance – confidence that you are meeting objectives and managing risks

Large, complex organisations are investing more in various forms of assurance activity but are getting less confident around business outcomes - an integrated model strikes the balance between coverage and cost effectiveness. Integrated assurance is the coordinated planning, execution and reporting of assurance activity, often aligning governance, capability and technology.

An Integrated Assurance Model can:

-        Reduce costs
-        Improve speed of business
-        Deliver more reliable business outcomes
-        Focus your assurance activities on what matters
-        Provide more insights and less contradiction in reporting to Management and the Board

What are the current challenges?

Key issues are around accountability and priority

Accountability: Many organisations have complex Operating Models with multiple accountability dimensions. As a result, we have certain activities where:

a)      Many stakeholders feel accountable for objectives and risks

b)     No-one feels accountable for the objectives and risks

Both of these scenarios are dangerous because they lead to assurance gaps or overlaps that create a burden on the business

Priority: Governance, when not integrated, can direct business time and attention on activities that do not matter. Organisations need visibility of governance effort (risk, control and assurance) so that leaders can make collective decisions on where governance effort (resources and dollars) needs to be redirected based on where the greatest risks lie.

How can we solve the problem?

Deloitte describes six levers an organisation can pull to deliver a more integrated assurance model

- Integrated Assurance model

1. Purpose: Are accountabilities for objectives and risks clear within the Org Design?

2. Coverage: Do we have a clear assurance universe and assurance drivers?

• Universe – Do we have a clear management framework that covers all business activities and is it clear who looks after what?
• Drivers - Do we have clear drivers for assurance (including a single view of the organisation’s critical risks)?

3. Coordination: How do we coordinate assurance activity?

4. Methodology: How do we align and uplift assurance activities?

5. Capability: Do we establish a risk or assurance ‘skill pool’ or business partners?

6. Ownership: Is it clear who owns the integrated assurance model and how success is measured?

Before we start this journey towards improved efficiency and business value, Deloitte recommends:

• Identify ownership for assurance across the organisation (who owns the accountability for the assurance ecosystem)
• Seek executive- and board-level buy-in for change
• Bring together management systems and risks – create a single source of truth of ‘what we do’ and ‘what is important’, aligned to the enterprise strategic objectives
• Develop a clear 3LOD model applied to the functional structure of the organisation (do not design a theoretical model that the business needs to interpret)

Designing and implementing integrated or combined assurance models requires advice from Integrated Assurance experts. Make sure you have the right team around you.