Presentation is loading. Please wait.

Presentation is loading. Please wait.

Moving forward with combined assurance

Published byRudolph Palmer Modified over 8 years ago

Similar presentations

Presentation on theme: "Moving forward with combined assurance"— Presentation transcript:

1 Moving forward with combined assurance
Moving forward with combined assurance IMFO Audit & Risk Indaba 28 October 2011

2 Discussion topics The source of the combined assurance concept
Objectives and tangible benefits The challenges The models to consider A five step practical approach Where to from here………….. Combined assurance and corporate governance October 2011

3 Combined assurance model
1. The Source - King III introduces combined assurance as a recommended governance practice Combined assurance model “3.5. The audit committee should ensure that a combined assurance model is applied to provide a coordinated approach to all assurance activities” “ Internal audit should form an integral part of the combined assurance model as internal assurance provider.” Combined assurance and corporate governance October 2011

4 2. The objectives A combined assurance model aims to optimise the assurance coverage obtained from management, internal assurance providers and external assurance providers on the (key) risk areas affecting the company. The combined assurance provided by internal and external assurance providers and management should be sufficient to satisfy the audit committee that significant risk areas within the organisation have been adequately addressed and suitable controls exist to mitigate and reduce these risks. What are we often faced with? Risks not being covered/ covered too much Audit fatigue Limited assurance budget (especially for internal audit?) Combined assurance and corporate governance October 2011

5 2. Combined assurance offers tangible benefits that extent beyond compliance
Coordinated and relevant assurance efforts focusing on key risks Comprehensive and prioritised tracking of remedial actions Minimised business/operational disruptions Improved reporting to the board and committees, including reducing the repetition of reports Possible reduced assurance costs or expansion in scope The use of combined assurance to support the audit committee and board in making their control assessment statements in the integrated report (IFC’s and systems of internal control) Combined assurance and corporate governance October 2011

6 3. The challenges and critical success factors
Executive sponsor Combined Assurance champion – the driver Relevant and accurate risk information – ERM Maturity Agreeing on a framework, methodology, risk language, enabling technology Evaluating the quality of assurance provided and to whom Deciding on the desired level of assurance from which assurance provider (link to risk appetite and tolerance) Communication and training throughout the organisation Clear understanding of the plan, its objectives, processes, and outputs Combined assurance and corporate governance October 2011

7 3. The challenges and critical success factors
Combined assurance and corporate governance October 2011

8 4. Market Models – What we see…
New market challenge IFC’s and overall controls Who drives the combined assurance initiative Combined assurance and corporate governance October 2011

9 5. Combined assurance is one the biggest challenges in adopting King III
A practical five-step approach to implementing an effective combined assurance approach Establishing the business case Assess the actual assurance provided – Reality check Detailed mapping of risks to assurance providers Design Combined Assurance blueprint Make Combined Assurance a reality Combined assurance and corporate governance October 2011

10 1. Gain high-level understanding of the current Assurance Profile
Assurance is provided by 3 Lines of Defence: Line#1 - Management oversight e.g. performance measurement, risk management, control self-assessment. Line#2 - Enterprise risk management, legal, compliance, health and safety, quality assurance. Line#3 - Internal audit, external audit and other credible assurance providers. Management oversight will be factored into combined assurance where no second and third lines of defence are considered appropriate in the combined assurance model The business case is established through getting an overview status of the assurance profile Combined assurance and corporate governance October 2011

11 Example Assurance Profile
Processes Three lines of defence assurance providers First line of defence - Management Second line of defence – Risk and legal based assurance Third line of defence – Independent assurance Control self assess Mgt review Special project ERM SOX Compliance External audit Internal audit Strategic Funding Sustainability Growth Operational Treasury Products and services Finance Extensive assurance Moderate assurance Inadequate assurance Not applicable Combined assurance and corporate governance October 2011

12 2. The assurance reality check
Identify the assurance providers Internal and external audit ― Human Capital Risk Management ― SOX Compliance Compliance ― ISO Information security ― Insurance Assessment of the assurance providers Skill and experience levels Scope and frequency of work will address the risks Acceptable approach/methodology Conflict of interest Quality reviews Combined assurance and corporate governance October 2011

13 2. The assurance reality check
Example of ranking of assurance Combined assurance and corporate governance October 2011

14 2. The assurance reality check
Assess quality of assurance: Interviews with the recipients of the assurance Identify the assurance sponsors for forward consultation Assessment of current state of assurance reporting: Assurance may not reach appropriate forum Some forums do not receive any assurance Certain governance committees are overburdened Certain agenda items are debated in multiple forums INTERNAL AUDIT CAN DO THIS ! Combined assurance and corporate governance October 2011

15 Example – Current state of assurance reporting
Combined assurance and corporate governance October 2011

16 3. Detailed mapping of risks to assurance providers
Establish the universe for Combined Assurance: A consistent risk assessment approach should exist – ERM Maturity Profile Use strategic and key business unit risk profiles (start top 20 inherent?) Map the different lines of defence to the detailed risks and controls Determine the desired level of assurance Identify the gaps and the “excess assurance” Use risk management software to allow analysis and reporting INTERNAL AUDIT CAN LEAD THIS PROCESS !! Combined assurance and corporate governance October 2011

17 Scope excludes detailed configuration
Example Risk Map Example IT risk Associated controls Three lines of defence assurance providers First line of defence - Management Second line of defence – Risk and legal based assurance Third line of defence – Independent assurance Control self assess Mgt review Special project ERM SOX Compliance External audit Internal audit Operational - Network Network perimeter security breach Secure firewall configuration Secure remote access design Security monitoring service contracted with supplier Network downtime Service level agreement with supplier Disaster recovery plan P P O O Scope excludes detailed configuration O P P P P P P P P P O P P Currently providing assurance Should provide assurance Quality of assurance acceptable P Quality of assurance unacceptable O Combined assurance and corporate governance October 2011

18 4. Design Combined Assurance blueprint
Convince all stakeholders of the future approach: Agree the common risk universe What assurance is to be provided and to whom Agree on methodology to assess assurance providers Combined Assurance blueprint: Risk based assurance coverage Analysis by assurance provider Management / governance committee responsible Frequency and extent of assurance required Combined assurance and corporate governance October 2011

19 5. Make Combined Assurance a reality
Executive sponsor and Audit Committee support Combined assurance champion driving day-to-day activities Needs to be driven actively Consistent reporting structure and feedback Regular assessment of quality of delivery Combined Assurance Forum Initial planning 3 to 6 monthly assessment Combined assurance and corporate governance October 2011

20 6. What do I do when I leave here?
Find your Executive sponsor Assess the level of maturity of your ERM process Determine who is best placed to drive this initiative Liaison with the AC Chair What are their expectations Reporting requirements GET STARTED ! Combined assurance and corporate governance October 2011

21 www.pwc.com/za That’s the theory – the rest is up to you!
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers Inc, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2011 PricewaterhouseCoopers (“PwC”), a South African firm, PwC is part of the PricewaterhouseCoopers International Limited (“PwCIL”) network that consists of separate and independent legal entities that do not act as agents of PwCIL or any other member firm, nor is PwCIL or the separate firms responsible or liable for the acts or omissions of each other in any way. No portion of this document may be reproduced by any process without the written permission of PwC.

Download ppt "Moving forward with combined assurance"

Similar presentations

Organizational Governance

Organizational Governance
Efficiency of recruitment process: trends based on PwC Saratoga HR Effectiveness Survey Anna Kozlova October 7, 2011 www.pwc.com/ru.

Efficiency of recruitment process: trends based on PwC Saratoga HR Effectiveness Survey Anna Kozlova October 7,
Calderdale Children & Young Peoples Service

Calderdale Children & Young Peoples Service
Control System for the Credit Accounts and Guarantees (SCCCyG) regarding VAT Certification Conference given by the Tax Authority (SAT) on October 6th,

Control System for the Credit Accounts and Guarantees (SCCCyG) regarding VAT Certification Conference given by the Tax Authority (SAT) on October 6th,
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.

Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.
Washington State Transit Insurance Pool Preliminary Discussion Funding Strategies and Metrics www.pwc.com.

Washington State Transit Insurance Pool Preliminary Discussion Funding Strategies and Metrics
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
Higher Apprenticeship and Graduate Recruitment Complementary Approaches to Expanding the Talent Pool – A Professional Services Example Sara Caplan Partner,

Higher Apprenticeship and Graduate Recruitment Complementary Approaches to Expanding the Talent Pool – A Professional Services Example Sara Caplan Partner,
Housing Delivery Vehicle Option Appraisal Joe Reeves Director www.pwc.co.uk Cornwall Council February 2011.

Housing Delivery Vehicle Option Appraisal Joe Reeves Director Cornwall Council February 2011.
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
Meeting the requirements of IAS 16 - Componentisation

Meeting the requirements of IAS 16 - Componentisation
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Held in partnership with Creating Connections This document has been prepared for general guidance on matters of interest only, and does not constitute.

Held in partnership with Creating Connections This document has been prepared for general guidance on matters of interest only, and does not constitute.
PAINTING THE FULL PICTURE

PAINTING THE FULL PICTURE
Retail and Consumer Roadmap to Retailing in the Digital Era Strictly Private and Confidential 17 June 2015.

Retail and Consumer Roadmap to Retailing in the Digital Era Strictly Private and Confidential 17 June 2015.
Opportunities & Implications for Turkish Organisations & Projects

Opportunities & Implications for Turkish Organisations & Projects
Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.

Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.

Similar presentations

Ads by Google