1 October COMBINED ASSURANCE: IS YOUR ORGANISATION ADEQUATELY ASSURED? (2019-10-01) October 1, 2019 Combined Assurance, General combined assurance, lines of defense, board of directors, assurance By Glen Talbot(CA)SA, Travers Cape (CA)SA and peer viewed by Jene’ Palmer CA(SA): CGF Lead Independent Consultants If we have both internal and external auditors, we have combined assurance, right? Wrong! For the board of directors to claim that they have discharged their obligations to implement a Combined Assurance Model requires much more than just the appointment of internal and external auditors. Critical questions As a director (executive or non-executive), can you confidently answer the following questions: Do you have a clear picture of your organisational structure? This includes the legal entity structure of the organisation (or group of companies) as well as the operational structures including business units, divisions and departments. Do you have a clear understanding of the business processes being engaged by the various entities and business areas within your organisation? Has your organisation identified and assessed its key risks (strategic and operational) which impact the business processes? Do you know what lines of defense have been applied to mitigate these business risks? Are you satisfied that the lines of defense collectively provide adequate comfort to your stakeholders that the organisation’s control environment is being optimally managed? Lines of defense King III referred to three (3) lines of defense, however, King IV™ has expanded this concept to include six (6) lines of defense as depicted below: King III (2009) King IV™ (2016) Management assurance The organisation’s line functions that own and manage risks The organisation’s specialist functions that facilitate and oversee risk management and compliance Internal assurance providers Internal auditors, internal forensic fraud examiners and auditors, safety and process assessors and statutory actuaries External assurance providers Independent external assurance service providers such as external auditors Other external assurance providers such as sustainability and environmental auditors, external actuaries and external forensic fraud examiners and auditors Regulatory inspectors Defining Combined Assurance Many boards appear to grapple with the meaning of the term “Combined Assurance” and see it as something which is delegated (relegated) to the finance department. Simply put: “Combined” refers to the combination of all the assurance providers as set out in the six lines of defense; and “Assurance” refers to the level of confidence derived from the work performed by various assurance providers. King IV™ defines “assurance” as: “The diligent application of mind to evidence, resulting in a statement or declaration concerning an identified subject matter or subject matter information, and that is made for the purpose of enhancing confidence in that subject matter or subject matter information”. It therefore stands to reason that the objective of a Combined Assurance Model is to provide comfort to stakeholders that an effective control environment is in place to address key business risks arising from business processes, including “non-finance” related business processes such as outsourced IT services. King IV™ defines a “Combined Assurance Model” as one which : “incorporates and optimises all assurance services and functions so that taken as a whole, these enable an effective control environment; support the integrity of information used for internal decision-making by management, the governing body and its committees; and support the integrity of the organisation’s external reports”. Whilst the above appears quite daunting, the Combined Assurance Model recognises that organisations are constrained by limited resources and that it is not practical, nor desirable, for all lines of defense to provide assurance on all “subject matter or subject matter information”. The key to achieving the best possible level of assurance within defined cost constraints lies in: establishing and approving a comprehensive risk register which forms the foundation for determining which business risks need to be mitigated; identifying the different assurance providers and mapping the coverage they provide in respect of the risks contained in the risk register; and using the Combined Assurance Mapping to identify gaps in assurance as well as areas where there is a duplication of effort (and costs). Key role players The board (as the governing body) is ultimately accountable for ensuring that an effective and efficient system of internal controls is designed and implemented within the organisation. In many instances, the board will delegate this responsibility to the audit committee who will approve a Combined Assurance Framework and oversee that the outcomes of the Combined Assurance Model provide adequate comfort that the organisation’s control environment is effective and that it underpins the integrity of the organisation’s internal and external reporting. Business benefits By leveraging the Combined Assurance Model to achieve an optimal level of assurance, the board can realise the following tangible business benefits: renewed focus on business and operations; enhanced risk management; better coordination of efforts between internal and external assurance providers with those of management to optimise assurance coverage; reduced costs through the elimination of unnecessary duplication of assurance efforts; improved integrity of the organisation’s internal and external reporting; improved tracking of remedial actions; and improved organisational credibility and reputation. Reporting obligations Full disclosure of the application of the Combined Assurance Model in the Annual Integrated Report will underpin the implementation of a Corporate Governance Framework® and demonstrate the board’s commitment to good corporate governance. To simply state in the Annual Integrated Report that “we adopt a combined assurance approach” is simply not sufficient. In compliance with governance best practice and in order to provide stakeholders with a good understanding of how the organisation applies the principles of Combined Assurance, the following information should as a minimum, be disclosed in the Annual Integrated Report: the process of risk management; and information about the organisation’s implementation of its Combined Assurance Model, including details of the overall assurance measures, providers and reports obtained to verify and substantiate the integrity of internal and external reports relied on by stakeholders for decision-making. The Combined Assurance Model can help to reduce siloed thinking within an organisation and force an integrated approach to developing and implementing an effective control environment. It promotes a shared understanding of risk and control information and will enable the board to confidently assess whether controls are really addressing critical business risks. ENDS Words: 1,009 For further information contact: CGF Research Institute (Pty) Ltd - Tel: +27 (11) 476 8264 / Web: www.cgfresearch.co.za Glen Talbot (CGF Lead Independent Consultant) - Cell: 082 545 4425 / E-mail: [email protected] Travers Cape (CGF Lead Independent Consultant) - Cell: 082 816 7841 / E-mail: [email protected] Jené Palmer (Lead Independent Consultant) - Cell: 082 903 6757 / E-mail: [email protected] Follow CGF on Twitter: @CGFResearch Click below to read more... Attached Files 20191001-Combined-assurance-Is-your-organisation-adequately-assured.pdf 223.11 KB Related Articles WHY ALL ORGANISATIONS SHOULD PUBLISH A MEANINGFUL INTEGRATED REPORT (2018-03-26) Most modern, well-governed organisations are acutely aware of the need for their businesses to be run in an ethical and socially-conscious manner and for this ethos to be communicated to their stakeholders. This being the case, it is well documented that the influential set of so-called Millennials -- unlike their older generational ‘Baby Boomers’ and Xennials -- actively support organisations whose tenets are based upon transparency, including the preservation of society and the environment. INTERNAL AUDITORS PLAY AN IMPORTANT ROLE IN STRENGTHENING THE GOVERNANCE OF AN ORGANISATION (2020-08-12) People who occupy positions of authority include not only executive and non-executive directors of the board, but also managers who have the means of influencing or causing material changes in the organisation. The latter, according to the South African Companies Act of 2008, are known as ‘prescribed officers’ and together with the organisation’s directors and internal auditors, can all be held liable for not ensuring that the interests of the organisation are being adequately served and protected. A DIGITISED GOVERNANCE FRAMEWORK SUPPORTS A DECENTRALISED AUTONOMOUS ORGANISATION (DAO) (2024-04-10) Traditional governance reporting With the age of digitalisation firmly entrenched -- and a global economy on the cusp of the Fifth Industrial Revolution -- forward-thinking organisations worldwide have embraced the notion of equipping their workforce for greater meaning and purpose. Considering how organisations have the technological means to streamline their business processes, which often has negative implications upon mundane and/or highly repetitive job functions, these organisations understand the importance of a more ‘human-centered’ approach to conducting their business which is fundamental to their future and sustainability. Given the focus on human empowerment -- being one of the 6-capitals cited by the King Report IV™ for Corporate Governance -- the importance of collective governance assessments made by a much broader stakeholder group of the organisation could not be more important. TANGIBLE BENEFITS OF A CORPORATE GOVERNANCE FRAMEWORK® Article by Jene’ Palmer Forward-thinking organisations have realised that corporate governance does not merely fall into the portfolio of the Company Secretary. Indeed, the draft King IV Report on Corporate Governance for South Africa 2016 (‘King IV’), describes corporate governance as “the exercise of ethical and effective leadership by the governing body” of an organisation. Why then is corporate governance still viewed by many organisations as a process which increases bureaucracy and drives a ‘tick box’ exercise? Perhaps the explanation lies in not understanding and appreciating the value which can be unlocked by implementing a purpose-built Corporate Governance Framework® which is tailored to the organisation. Empirical research supports the fact that good corporate governance translates into tangible and sustainable benefits for the organisation. Some of these benefits are set out below. SUSTAINABILITY DEPENDS ON A STRONG GOVERNANCE FRAMEWORK Article by Terrance M. Booysen Corporate governance is one of the key elements many investors consider when they reflect upon the organisation’s success, as well as when deciding upon their investment choices. But when the organisation’s governance system shows signs of stress or failure, not only do astute investors understand the unsettling impact it has upon the organsation’s supply chain, they also become wary about its sustainability which may give rise to them re-considering to ‘weather the storm’ or ‘bail out’ so to speak. Over the years so much has been written about failures of corporate governance within organisations, including the financial, social and political consequences which are typically found in its trail. Yet in spite of numerous regulation to improve the overall conduct of organisations, including the various King Codes of Corporate Governance written in South Africa, even more organisations are becoming affected by poor governance. ACCOUNTABILITY IN GOVERNANCE: WHO IS RESPONSIBLE WHEN AN ORGANISATION FAILS TO COMPETE? (2025-01-21) Good governance is critical for an organisation’s ability to thrive in a competitive environment. It ensures that the organisation operates with transparency, efficiency and ethical integrity, while also enabling the executive management to execute strategic decisions effectively. However, when an organisation fails to adopt a robust digitised governance framework to bolster the board’s oversight capabilities, the consequences can be significant, especially if it cannot compete with its peers. Comments are closed.