Skip to main content
Perspective:
Perspective
28 Mar 2023
5 minute read

Mobilising an Aligned Assurance Framework: Common Challenges for Asset Managers

This blog details how an Aligned Assurance Framework can help Asset Managers address some common challenges faced with their existing Risk Management Frameworks and operating models, as well as key considerations and actionable items that can be carried out to alleviate the identified challenges.

Growing Importance of an Aligned Assurance Framework for Asset Managers

Financial services firms are facing challenging operating conditions, including high inflation, market volatility, slowing economies, increasing regulatory demands and an evolving risk landscape. Asset Managers in particular, are facing increased pressures to upgrade their technology and optimise their operating models and resourcing structures. Effective risk management has never been more important.

As discussed in the first blog in this series (“A Roadmap to Aligned Assurance”), mobilising an Aligned Assurance Framework is a key method for effective risk management. The Aligned Assurance Framework can provide a more cost-effective approach in managing risks and controls through evaluating and streamlining the overarching Risk Management Framework and interlink between sub-frameworks.

Key challenges and how the Aligned Assurance Framework can help

Whilst the level of risk maturity across individual Asset Managers varies across the industry, an Aligned Assurance Framework could help to solve some common challenges that drive inefficiencies, including:

  • Overcomplication in Risk Management Frameworks and existing operating models

Demands on the 2LoD and 3LoD continue to increase with emerging risks and regulatory pressures, such as ESG and Consumer Duty. There is a growing expectation for Risk, Compliance, and Internal Audit, to “do more with less”, and this coupled with a potential lack of clarity between the overarching Risk Management Framework and associated sub-frameworks, can result in duplication in assurance efforts across the 3LoD.

Mobilising an Aligned Assurance Framework reinforces the need to evaluate and streamline the overarching Risk Management Framework and associated sub-frameworks in place. For example, leveraging Operational Resilience stress testing to support overall stress testing activities, and integrating capabilities across Risk and Compliance, such as aligning risk assessments and controls testing capabilities. What is needed to create stronger alignment between the assurance functions will vary firm by firm. This may include greater risk ownership within the 1LoD, a “1b” function, streamlined risk roles and responsibilities across the 1LoD and 2LoD, co-ordinated and consolidated planning between Risk, Compliance and Internal Audit, and embedded Centres of Excellence.

  • Inadequate or inconsistent risk reporting to senior management

Operating several risk management sub-frameworks can result in varying reporting requirements across the 3LoD, particularly when there are different teams involved. A lack of consolidation between multiple inputs and data streams can lead to “assurance fatigue” within the business due to the lack of unified risk reporting. More importantly, it can open gaps in the quality of risk reporting that is presented to Boards and Committees and ultimately hinder their oversight of the firm’s risk profile and level of risk appetite.

Leveraging technology is becoming increasingly crucial to optimise firms’ approaches to risk management, risk monitoring, risk oversight and risk governance. Areas of focus extend beyond the traditional GRC tools and consideration should be given to opportunities where technology can provide both proactive and predictive analytics and reporting, and targeted monitoring and testing.

  • Inability to test the effectiveness of Risk Management Framework(s)

Risk management capabilities must be flexible enough to navigate emerging risks and unpredictable scenarios. The established Risk Management Framework in place must be overseen, tested, and quality assured, with senior management on an ongoing basis to determine whether their needs are being met. In some cases, limited team capacity may prevent framework and controls testing to be carried out regularly and this can hinder how well senior management are equipped to anticipate and assess threats using quality data.

Current and future testing needs across the 3LoD should be made clear to provide an understanding of any overlaps or gaps in risk management. Consideration should be given to scalable and repeatable tech-enabled controls testing which can reduce the time, effort, and cost, spent on the total cost of controls and compliance, and can enable firms to reallocate resources to more strategic and valuable tasks.

  • A risk culture that requires strengthening

A strong risk culture must be embedded across the firm, with individuals having a strong understanding of the drivers of value for the firm and why they are responsible for managing risk, particularly within the 1LoD. Features of a weak risk culture can include, amongst many, viewing risk management and risk monitoring as overly burdensome or to be managed by the 2LoD, which can result in an improper adoption by the wider business.

Part of mobilising an Aligned Assurance Framework may include adopting Risk Steward or Lead roles to help promote a strong risk culture. Whilst a degree of flexibility is required, having such roles sitting within the 1LoD can have a positive effect in strengthening risk culture.

Key Takeaways

  • Financial services firms are facing challenging operating conditions, including high inflation, market volatility, slowing economies, increasing regulatory demands, and an evolving risk landscape. Effective risk management has never been more important.

  • Mobilising an Aligned Assurance Framework is a key method for effective risk management. The Aligned Assurance Framework can provide a more cost-effective approach in managing risks and controls through evaluating and streamlining the overarching Risk Management Framework and interlink between sub-frameworks.

  • What is needed to create stronger alignment between Assurance functions will vary firm by firm. This may include greater risk ownership within the 1LoD, a “1b” function, streamlined risk roles and responsibilities across the 1LoD and 2LoD, co-ordinated and consolidated planning between Risk, Compliance and Internal Audit, and embedded Centres of Excellence.

  • Achieving Aligned Assurance is not simple and there is no “one size fits all” solution. Leveraging technology is becoming increasingly crucial to optimise firms’ approaches to risk management, risk monitoring, risk oversight, and risk governance. Areas of focus extend beyond the traditional GRC tools and consideration should be given to opportunities where technology can provide both proactive and predictive analytics and reporting, and targeted monitoring and testing.

How Deloitte can help

Senior management are increasingly looking for the 3LoD to collaborate more cohesively to provide a more consistent and up to date view of the organisation’s risk profile, control weaknesses, and risk performance. Deloitte can support with aligning Risk Management Frameworks and streamlining operational efforts across assurance functions, to create efficiencies in overseeing and managing risk. Please get in touch to discuss how we can help.

Get in touch

Stephen Lucas

Partner

Christopher Taylor

Director

Recommendations

Developing scenarios for the future of money | Deloitte UK

What will value storage, transfer and exchange look like in 2035?
Perspective
7 minute read

Made to measure in 2023: A key step towards Net Zero for the insurance industry | Deloitte UK

Recent developments in emissions measurement and Net Zero target setting methodologies for the insurance industry mean the time to take credible action on climate change is now.
Perspective
5 minute read