Do the other Assurance functions such as Internal Control, Risk Management and Compliance need quality assessment to be performed on their functions?
Yes, all assurance providers from the first line to the third lines of defense need to be measured based on the same quality measurement principles adopted for the internal audit function. The second and third lines of assurance functions are already covering the performance assessment of the first line of defense through the continuous risk and control monitoring and periodic audit activities. However, the second line and third lines are the most neglected particularly on the area of internal and external assessments. External assessments are mostly driven by mandatory regulatory compliance requirements and when done, they are mostly by ticking the box approach.
The major difference between the conduct of quality assessment on the internal audit function and that of the other assurance functions in the second and third lines are the applicable quality measurement standards and tools deployed.
The quality measurement principles, standards and tools for assessing the performance of the internal control function has been prescribed by the COSO Internal Control) (COSO IC) Integrated Framework while that for conducting the Enterprise Risk Management Function is the COSO Enterprise Risk Management Framework (COSO ERM) or COSO Enterprise Risk Management Framework Integrated with Strategy (COSO Strategy). The ISO 31000 Enterprise Risk Management Standard (ISO 31000) is another quality measurement standard that can be deployed to conduct ERM function performance assessment. The COSO ERM framework was introduced in 2014 and updated in 2017 as COSO Strategy. Although the use of COSO Strategy appears better since it is an upgrade of the COSO ERM, organisations have a choice to choose what they use but articulate the business case for the decision.
The ISO 37301 (previously ISO 19600:2014) is the common standard is that is globally used for conducting quality assessment of the Ethics and Regulatory Compliance function. The performance assessment of the Compliance function is more demanding and wider in scope due to the many different legal and regulatory frameworks and standards required to cover a typical good compliance universe such the Anti-Money Laundering, Counter Terrorism Financing (AML/CT), Anti-Bribery and Corruption (ABC) standards. The ISO 3701 is applicable only to assess the performance of the Compliance function at the enterprise level and during the review, the quality assessor will obtain high level information on how the Compliance function is managing the organization’s regulatory exposures such as the money laundering, terrorism, bribery and corruption risks y reviewing certain reports and asking questions. A separate comprehensive performance assessment can be done specifically for each of the legal and regulatory compliance areas contained in the Compliance Universe such as the AML/CTF or ABC using the specific standards for the area. The frequency of the external assessment reviews for the compliance function and the specific industry focus areas are driven by regulations while the internal assessment is driven by the company’s preferences and priorities.
Thank you for investing your time and effort to read my post. Please leave your comments at the end of the page to help me improve my writing skills.
To access my other posts, click https://www,sallyogwookeyumahi.com//blog/
Please, contact sally on contactus@platinumedgeconsultingltd.com or visit our website https://www.platinumedgeconsultingltd.com If you need more information on Corporate Governance Principles, Boards and Board Committees Effectiveness Tool Kits or need help to support your organisation provide solutions on the following:
- Board induction.
- Corporate governance framework design and implementation and post-implementation handholding support,
- Assessment of corporate governance framework, Board evaluation and Board Directors peer reviews for regulatory compliance.
- Training on how to design corporate governance framework and implementation, conduct assessment of corporate governance framework, Board evaluation and Board Directors peer reviews.
More information about sally:
Sally facilitates training on Risk governance and assurance for Company Board Directors, Executive Management and also Senior and Middle Level Managers aspiring to be Company Board Directors. Some of the organizations where Sally has facilitated training programs include: Lagos Business School (LBS), West African Institute for Financial and Economic Management (WAIFEM, established by Central Banks of The Gambia, Ghana, Liberia, Nigeria and Sierra Leone), The Institute of Directors (IOD) Nigeria, Nigeria Deposit Insurance Corporation (NDIC), Financial Institutions Training Centre (FITC), Chartered Institute of Bankers of Nigeria (CIBN), The Society for Corporate Governance Nigeria (SCGN), Microfinance Agricultural Learning & Development Centre (MLDC) , FirstBank of Nigeria, Access Bank PLC, Guaranty Trust Bank (GTB), Jaiz Bank, Daily Trust and Leadway Pensure PFA.
Sally authored the books on “Corporate Governance “and “Professional Conducts” for Bankers. The books have been adopted by the Chartered Institute of Bankers of Nigeria (CIBN) as Study Packs for the student members of the institute.
Sally is widely travelled and have executed client projects for big and medium scale brands in many geographical locations including UK, USA, UAE, Netherlands, South Africa, Kenya, Zambia, Mauritius, Ghana, Togo, Sierra Leone, Zanzibar, Tanzania and Nigeria.
#Sallyogwo #Sallyokey #business #consulting #risk #governance #control #internal #report #reward #digital #solution #quality #performance #assessment #tool #IIA #IPPF #GAINS #Quality #Intelligent #intelligenc #Model #Standard #framework #saving #cost #business #process $account #finance