Combined assurance
Control enhancement through combined assurance.
What is Combined Assurance?
Combined assurance is about assurance providers (internal and external) working more closely together to ensure the following:
- Key outcomes of combined assurance
- Assurance in the right areas is obtained
- Assurance is obtained from the right resources
- Assurance is obtained in the most cost-effective way possible
The 'right amount of assurance’ depends on the risk appetite of the organisation. There should be alignment of control validation/assurance approaches and efforts across the organisation, driving efficiency and the right levels of comfort. Risk management is the foundation of the combined assurance process and organisations should establish risk-based criteria for dealing with control failures on a consistent and strategically aligned basis to ensure organisational objectives and goals are achieved.
King requirements
- Principle 3.5 of the King III Report introduced combined assurance as a recommended governance practice. The recommendation was made following a general understanding that more can be done to improve assurance coverage and quality through better coordination of assurance providers.
- King IV expands on this concept by indicating that a combined assurance model incorporates and optimises all assurance services and functions so that, taken as a whole, these enable an effective control environment, support the integrity of information used for decision-making by management, the governing body and its committees; and support the integrity of the organisation external reports. King IV recommendations do not prescribe the design of the model, but allow for the governing body to exercise its judgement in this regards.
Benefits of combined assurance
- Coordinated and relevant assurance efforts are directed to the risks that matter most.
- Commitment to enhance controls is demonstrated.
- Dashboards that provide an integrated, insightful view.
- Assurance activities produce valuable, integrated data, based on collaboration and not silos.
- Reduction in assurance costs through elimination of duplication and better resource allocation.
- Resources are not wasted on unnecessary duplication.
- A reduction in the repetition of reports by different committees, resulting in improved and more efficient reporting.
- A comprehensive and prioritised approach in tracking of remedial actions on identified opportunities/weaknesses.
- Clarity on risk and audit.
Role players
- Board and board sub-committees
- Executive
- Management and staff
- Internal assurance providers
- External assurance providers
How we can help
- Develop and implement a flexible and dynamic combined assurance model.
- Develop a combined assurance framework and plan that define the roles, responsibilities and accountability for the combined assurance process.
- Support audit and risk committees in making their control statements in the integrated report regarding the effectiveness and efficiencies of their control environment.
- Develop dynamic reporting that provides insights into assurance of top risks and key mitigating controls, and their impact on achieving the organisation’s objectives and performance.
- Share insights on where assurance works well.
We can help provide Assurance (confidence) that:
- Risks are adequately mitigated (i.e. the control environment is adequate and effective)
- Operational and business disruptions are minimised
- Relevant regulations and standards are complied with
- Reliable integrated reporting (financial and nonfinancial)
- Strategic objectives are met
- Assurance costs in total are as low as possible
