In March, IRMSA hosted a series of breakfast talks in Durban, Cape Town and Johannesburg. The keynote speaker was Dr John Hendrikse who presented on the Role of Risk Management in the Combined Assurance Model.
Hendrikse started by exploring the factors that led to the collapse of major organisations during the economic meltdown of 2008. These factors are: a lack of risk governance; Executive and board remuneration structures which were out of alignment; ineffective boards and lack of shareholder engagement. In addition, he added that inadequate risk based systems and lack of proper risk management processes were other major contributing factors in the fall of these organisations.
He explains that the traditional assurance model has failed because it has not effectively contributed to reduced corporate misgovernance. The reason is that the traditional model is historically focused, with a narrow and fragmented focus which is unable to prevent business failure.
Furthermore, the current Risk Management approach has a reduced degree of authority, power because and potential gaps. Due to these shortfalls Risk Management is often not sufficiently strategically focused.
Applied correctly, the combined assurance model has a number of benefits. Firstly, it provides integrated assurance service, enhanced accountability and authority. Secondly, with improved checks and balances it creates a high assurance standard benchmark.
Thirdly, a combined assurance model it lays a platform where absolute assurance can be achieved. This is done by looking at the big picture, identifying catastrophic risks and mitigating against them. But most importantly, this model requires a combined assurance mission control which manages the entire process ensuring quality and credibility.
There are some key features of combined assurance. Firstly, it is based on analysis of the (current) situation. Secondly, by its nature it is a collaborative and synergistic model. Lastly, not only is it a performance based and facilitates conformance, it is value based and drives business to operate in the best interest of the company.
Whilst acknowledging the definitions of combined assurance as given by King 3 and other best practice models, Hendrikse argues that the superordinate goal of combined assurance is “to prevent business and corporate failure and to contribute to business success and value creation”.
With this in mind, he defines combined assurance process as “a holistic and strategic focused assurance model, that integrates assurance activities based on the business model and risk profile, matched with the effectiveness of systems, controls and reporting structures to preserve, protect and grow company value, whilst minimising risk exposure and optimising opportunities and returns for best long term interest of the company, its shareholders and stakeholders and performance and results based”.
Hendrikse insists that the Risk Management function must play the lead role in combined assurance for three reasons: New Companies Act, King 3 and Risk Management. For it to play this lead role successfully, there are key dimensions that must be carefully managed, these are: A combined assurance plan; appropriate assurance activities and standards; competent assurance service providers; the combined assurance process and a combined assurance report.
On the other hand, the challenge is implementation. The starting point is getting the plan approved by the board. This should be followed by audit committee taking ownership and responsibility of the plan, closely followed by the appointment of the assurance champion.
An assurance champion should then ensure that there is a combined assurance charter. One of the ways to develop a charter and find ideas to enhance the process is to regularly host combined assurance plan strategy workshops. All these steps, should be supported by a mix of relevant business model matrices and analytical tools as well as proper objectives and timelines.
Implementation of a successful combined assurance process often faces obstacles which need to be managed. Often, there is no buy in from the board and/or audit committee. Other times, there isn't sufficient commitment by all assurance providers to the combined assurance charter. Rivalries and conflict between the key role players is another possible obstacle. Appointment of the correct champions, challenges with reporting and lack of synergies and commitment of service providers are among other challenges. The biggest challenge though is the management of the combined assurance mission control and engagement of the total organisation.
Applied correctly, a combined assurance model is a certain way to create value and guarantee success of any business.
Do you agree that a Combined Assurance model can guarantee that an organisation will not fail?
Is the Combined Assurance model practical and realistic?
This post has not been tagged.