WHAT ARE THE OTHER ASSURANCE PROVIDERS? Internal or External Audit Departmental Internal Audit function, Office of the Auditor General (OAG), Office of the Comptroller General (OCG), Privacy Commissioner, etc. Evaluation Management Independent Assessment MAF Management Self-Assessment Control Self-Assessments, Questionnaires, etc. No assurance coverage
NOT ALL ASSURANCE COVERAGE IS CREATED EQUALLY Rank assurance providers according to level of assurance gained in general Determine frequency of assurance gained Match specific assurance activities with general processes Establish weightings and method to map activities
COMPLETE ASSURANCE PICTURE Highest levels of assurance are sometimes highly focused Assurance map is only one tool; complements other value-added activities Cannot determine sufficient assurance coverage without knowing the whole picture
THE CHERRY ON TOP Different assurance maps for different audiences: Deputy Minister/Board/CEO/ Partners External stakeholders/shareholders
THE GREAT COMMUNICATION TOOL Assurance mapping should be used: by corporate review functions when prioritising activities; to feed monitoring discussions with management; as a continuous reference point to show where risks might pop up throughout a fixed cycle or period of time.
CONCLUSION Ultimately, assurance mapping gives stakeholders: An overview of which risk areas are being covered and which are not; A medium-term view of risk management in the organisation; A clearer understanding of what assurance providers can do – and what they can’t.