Presentation on theme: "PAINTING THE FULL PICTURE"— Presentation transcript:
1 PAINTING THE FULL PICTURE COMBINED ASSURANCEINTEGRATING THE DIFFERENT ROLE PLAYERSINTERNAL AUDIT RETREAT – MPUMALANGAAUGUST 2013
2 Our Approach Today!!! Defining combined assurance Classes of assurance providersKey objectives of a combined assurance frameworkEffectiveness on current assuranceDesigning a modelAchieving the GoalStrengths to build onWhat can we improve upon?Linking Assurance to performance? – if any.
3 Combined assurance per the standard... King III defines Combined assurance as follows:Integrating and aligning assurance processes in a organisation to maximise risk and governance oversight and control efficiencies, and optimise overall assurance to the audit and risk committee, considering the company’s risk appetite.Role of the audit committee:The audit committee should ensure that a combined assurance model is applied to provide a coordinated approach to all assurance activitiesThe audit committee should ensure that the combined assurance is received is appropriate to address all the significant risks facing the company.The relationship between the external assurance providers and the company should be monitored by the audit committee.Role of Internal Audit:King recommends that Internal audit should form an integral part of the combined assurance model as internal assurance provider.
4 Classes of Assurance Providers Those who report to management Executive Committee Management functions, Over sight Committee Preventative and Detective Control Control Self Assessments Enterprise risk Management External Auditors Heath and Safety Internal Audit Legal and Compliance SABS – Quality Assurance Company Secretary Providers etcManagementExternalInternal
5 What is combined assurance? Integrating assurance processes in a company to:maximise risk and governance oversight and control efficiencies, andoptimise overall assurance to the audit and risk committee,considering the organisation's risk appetiteASSURANCECorporate strategyControlRiskRisk AppetiteStrategic Objectives
6 SO combined Assurance is Nothing more than formalising the process to assess and provide assurance over the adequacy and effectiveness of the control environment to manage risks resulting from the overall business strategyORA co-ordinated approach that ensures that all assurance activities provided by management, internal assurance providers and external assurance providers adequately address significant risks facing the company and that suitable controls exist to mitigate these risks
7 Key Objectives of the Framework Coordinating the efforts of management, internal and external assurance providersOptimise Assurance CoverageExtent to which risks have been fully identified and responded to based on an organisation or Departments objectiveSystematic assessment of Key risks associated with strategic objectivesAssurance to the executive authority or board in making their statements on internal control in the integrated report.Support the audit committee in assessing the effectiveness of internal financial controlProvide context of the impact of inadequate and ineffective controlQuantitative and qualitative impact of control breakdown on the overall control environment.
8 Effectiveness of Assurance Legal and GovernanceEXCOBoard and ACRight Forum?Right Information?Repetition?Too much Information?Stakeholder Com - TreasuryRisk ComCFO BRANCHMAN CO – E.G BudgetProject Com
9 DESIGNING A MODELAgree on a common universe and acceptable methodology to ensure credibilityIdentify who provides what on which risks?Analyse the different roles and quality of assurance and GAPSWhat assurance to be provided – and by whom?Identify key risk
10 BLUE PRINT Who is the risk champion? Who in this scenario can present to top management?BLUE PRINT = Risks coverage, per assurance provider to the right governance structureNational Treasury Model
11 Questions to ponder? – achieving the goal Develop a combined assurance frameworkAlign the existing governance model to leading practiceAssess the effectiveness of the risk management framework and processes and enhance risk governance, infrastructure and ownership (risk governance, risk framework and methodologies, risk appetite and tolerance, risk assessments, risk mitigation and control remediation)Assess the overall effectiveness of assurance providers including External audit, Internal AuditRegulatory compliance, and Risk management (role, position, people, processes, and performance)Identify key risks across the businessIntegrating and aligning the Internal controls framework in an organisationAssess the design, implementation and effectiveness of entity level controlsDocument processes and assess the design and implementation of key controlsTest the effectiveness of key controlsDevelop the overall assurance and related materiality framework and approach for Internal Audit in supporting it’s overall level of assurance to the Audit CommitteeSupport Internal Audit in assessing the level of assurance in its written assessment to the Audit Committee
12 strengths to build onA combined assurance approach is mostly already in place – to an extent – which is a good starting point. The approach typically requires some further tweaking and embedding into the day to day business activities.A three lines of defence assurance model is typically already established, where the first, second and third line assurance providers are already involved in the business with their roles being fairly mature (except perhaps for the management self-assessments).An ERM framework is mostly already in place. This integrates the business objectives with business processes and key risks.A Financial control framework and IT governance is often already in place, however not tied into the ERM and expanded to also cover non-financial controls, and not necessarily integrated
13 What can we improve upon? Enhancing transparency in terms of overall (combined) assurance results (data vs information for decision making)The combined assurance scope mainly covering financial risks, should cover all material risks.Structuring of the combined assurance team, oversight.Overall combined assurance framework not always in place or not integrated.Management Self Assessments (MSA’s) not always in place - this may be an efficient way of bedding accountability down and establishing a stronger risk / control culture.
14 Linking Assurance to performance Golden thread between strategy, risks, conrol and performanceRisk control – relationshipWhat are the risks to and of the strategy?How do we control/manage those risks?Effective risk management = a better chance of achieving objectives.Achieving Objectives (EEE) = PerformanceProviding PoE is only 1 measure of success.