Assurance is defined as an outcome – you do not do assurance, you get assurance – confidence that you are meeting objectives and managing risks
Large, complex organisations are investing more in various forms of assurance activity but are getting less confident around business outcomes - an integrated model strikes the balance between coverage and cost effectiveness. Integrated assurance is the coordinated planning, execution and reporting of assurance activity, often aligning governance, capability and technology.
An Integrated Assurance Model can:
- Reduce costs
- Improve speed of business
- Deliver more reliable business outcomes
- Focus your assurance activities on what matters
- Provide more insights and less contradiction in reporting to Management and the Board
What are the current challenges?
Key issues are around accountability and priority
Accountability: Many organisations have complex Operating Models with multiple accountability dimensions. As a result, we have certain activities where:
a) Many stakeholders feel accountable for objectives and risks
b) No-one feels accountable for the objectives and risks
Both of these scenarios are dangerous because they lead to assurance gaps or overlaps that create a burden on the business
Priority: Governance, when not integrated, can direct business time and attention on activities that do not matter. Organisations need visibility of governance effort (risk, control and assurance) so that leaders can make collective decisions on where governance effort (resources and dollars) needs to be redirected based on where the greatest risks lie.
How can we solve the problem?
Deloitte describes six levers an organisation can pull to deliver a more integrated assurance model
- Integrated Assurance model
1. Purpose: Are accountabilities for objectives and risks clear within the Org Design?
2. Coverage: Do we have a clear assurance universe and assurance drivers?
3. Coordination: How do we coordinate assurance activity?
4. Methodology: How do we align and uplift assurance activities?
5. Capability: Do we establish a risk or assurance ‘skill pool’ or business partners?
6. Ownership: Is it clear who owns the integrated assurance model and how success is measured?
Before we start this journey towards improved efficiency and business value, Deloitte recommends:
Designing and implementing integrated or combined assurance models requires advice from Integrated Assurance experts. Make sure you have the right team around you.