1 / 15

PAINTING THE FULL PICTURE

PAINTING THE FULL PICTURE. COMBINED ASSURANCE INTEGRATING THE DIFFERENT ROLE PLAYERS. INTERNAL AUDIT RETREAT – MPUMALANGA AUGUST 2013. Defining combined assurance Classes of assurance providers Key objectives of a combined assurance framework Effectiveness on current assurance

dinh
Download Presentation

PAINTING THE FULL PICTURE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PAINTING THE FULL PICTURE COMBINED ASSURANCE INTEGRATING THE DIFFERENT ROLE PLAYERS INTERNAL AUDIT RETREAT – MPUMALANGA AUGUST 2013

  2. Defining combined assurance • Classes of assurance providers • Key objectives of a combined assurance framework • Effectiveness on current assurance • Designing a model • Achieving the Goal • Strengths to build on • What can we improve upon? • Linking Assurance to performance • ? – if any. Our Approach Today!!!

  3. Combined assurance per the standard... King III defines Combined assurance as follows: Integrating and aligning assurance processes in a organisation to maximise risk and governance oversight and control efficiencies, and optimise overall assurance to the audit and risk committee, considering the company’s risk appetite. Role of the audit committee: The audit committee should ensure that a combined assurance model is applied to provide a coordinated approach to all assurance activities The audit committee should ensure that the combined assurance is received is appropriate to address all the significant risks facing the company. The relationship between the external assurance providers and the company should be monitored by the audit committee. Role of Internal Audit: King recommends that Internal audit should form an integral part of the combined assurance model as internal assurance provider.

  4. Those who report to management Executive Committee Management functions, Over sight Committee Preventative and Detective Control Control Self Assessments Enterprise risk Management External Auditors Heath and Safety Internal Audit Legal and Compliance SABS – Quality Assurance Company Secretary Providers etc Classes of Assurance Providers Management External Internal

  5. Integrating assurance processes in a company to: • maximise risk and governance oversight and control efficiencies, and • optimise overall assurance to the audit and risk committee, • considering the organisation's risk appetite What is combined assurance? ASSURANCE Corporate strategy Control Risk Risk Appetite Strategic Objectives

  6. SO combined Assurance is Nothing more than formalising the process to assess and provide assurance over the adequacy and effectiveness of the control environment to manage risks resulting from the overall business strategy OR A co-ordinated approach that ensures that all assurance activities provided by management, internal assurance providers and external assurance providers adequately address significant risks facing the company and that suitable controls exist to mitigate these risks

  7. Key Objectives of the Framework Coordinating the efforts of management, internal and external assurance providers Optimise Assurance Coverage Extent to which risks have been fully identified and responded to based on an organisation or Departments objective Systematic assessment of Key risks associated with strategic objectives Assurance to the executive authority or board in making their statements on internal control in the integrated report. Support the audit committee in assessing the effectiveness of internal financial control Provide context of the impact of inadequate and ineffective control Quantitative and qualitative impact of control breakdown on the overall control environment.

  8. Effectiveness of Assurance Legal and Governance EXCO Board and AC Right Forum? Right Information? Repetition? Too much Information? Stakeholder Com - Treasury Risk Com CFO BRANCH MAN CO – E.G Budget Project Com

  9. DESIGNING A MODEL Agree on a common universe and acceptable methodology to ensure credibility Identify who provides what on which risks? Analyse the different roles and quality of assurance and GAPS What assurance to be provided – and by whom? Identify key risk

  10. BLUE PRINT Who is the risk champion? Who in this scenario can present to top management? BLUE PRINT = Risks coverage, per assurance provider to the right governance structure National Treasury Model

  11. Develop a combined assurance framework • Align the existing governance model to leading practice • Assess the effectiveness of the risk management framework and processes and enhance risk governance, infrastructure and ownership (risk governance, risk framework and methodologies, risk appetite and tolerance, risk assessments, risk mitigation and control remediation) • Assess the overall effectiveness of assurance providers including External audit, Internal Audit • Regulatory compliance, and Risk management (role, position, people, processes, and performance) • Identify key risks across the business • Integrating and aligning the Internal controls framework in an organisation • Assess the design, implementation and effectiveness of entity level controls • Document processes and assess the design and implementation of key controls • Test the effectiveness of key controls • Develop the overall assurance and related materiality framework and approach for Internal Audit in supporting it’s overall level of assurance to the Audit Committee • Support Internal Audit in assessing the level of assurance in its written assessment to the Audit Committee Questions to ponder? – achieving the goal

  12. A combined assurance approach is mostly already in place – to an extent – which is a good starting point. The approach typically requires some further tweaking and embedding into the day to day business activities. • A three lines of defence assurance model is typically already established, where the first, second and third line assurance providers are already involved in the business with their roles being fairly mature (except perhaps for the management self-assessments). • An ERM framework is mostly already in place. This integrates the business objectives with business processes and key risks. • A Financial control framework and IT governance is often already in place, however not tied into the ERM and expanded to also cover non-financial controls, and not necessarily integrated strengths to build on

  13. Enhancing transparency in terms of overall (combined) assurance results (data vs information for decision making) • The combined assurance scope mainly covering financial risks, should cover all material risks. • Structuring of the combined assurance team, oversight. • Overall combined assurance framework not always in place or not integrated. • Management Self Assessments (MSA’s) not always in place - this may be an efficient way of bedding accountability down and establishing a stronger risk / control culture. What can we improve upon?

  14. Golden thread between strategy, risks, conrol and performance • Risk control – relationship • What are the risks to and of the strategy? • How do we control/manage those risks? • Effective risk management = a better chance of achieving objectives. • Achieving Objectives (EEE) = Performance Providing PoE is only 1 measure of success. Linking Assurance to performance

  15. ? THANKYOU FOR LISTENING

More Related