About Sally
Sally is a CIPE-Certified Independent Compliance Assessor (CIPE-ICA), World Bank-IFC trained Corporate Governance and Board Evaluation Professional, member of Institute of Directors (IOD) Nigeria, Former Director at PricewaterhouseCoopers Nigeria and Manchester United Kingdom helping organizations to find gaps in their Corporate Governance, Enterprise Risk Management, Internal Control, Internal Audit and Regulatory Compliance systems and providing the right solutions to meet the business needs.
Sally currently works with Platinum Edge Consulting Limited as an Executive Director driving risk and control assurance and advisory solutions and holds BSc. Computer Science from University of Nigeria Nsukka (UNN), MSc Computer Science and Engineering from Enugu State University of Science and Technology (ESUT), Postgraduate Diploma in Business Administration from University of Nigeria Nsukka Enugu Campus and a number of professional certifications on Risk and Control Assurance Solutions from United States of America/USA and United Kingdom/UK.
Sally writes the blog posts based on her accumulated knowledge and field work experience across many projects and geographic regions.
Estimated reading time – 5 to 10 minutes.
Introduction
Every organization has vision, mission, goals and objectives that drive the purpose for the establishment. Achieving these elements requires effective management of the myriad of complexities and risk exposures facing the organizations.
Every authority level in the organizations requires credible information and reports that are essential for the individuals to performing their roles. These information and reports include risk management reports which should highlight on how well the complexities and risk exposures are being managed and the impacts on the achievement of the corporate goals and objectives. The users of these reports want assurance that the information being provided are complete, accurate, valid and relevant.
Consequent to the above, different risk assurance functions are established at different levels in the organizations to monitor and review all the business activities and provide independent and unbiased opinion on the findings and actionable recommendations to addressing the observed gaps. The management, boards and board committees rely on the assurance reports to gain comfort and confidence to trust the quality and strength of their organization’s risk management capabilities and also guide them to take risk informed decisions and actions that will not hurt the achievement of the corporate goals and objectives.
While each of the assurance functions should have distinct roles and responsibilities and provide their own unique reports to the target audience, they should have common understanding of the business needs and priorities and serving as a single source of the truth without compromising quality, independence and objectivity. They should be interacting closely with other assurance providers and be more transparent in sharing information and each other’s reports. These positive actions will culminate in showcasing greater visibility of the key risk exposures and impacts in all sections of the business, and better support for quick risk informed decisions and actions.
Sadly, the above expectations have not been the case as many of the assurance providers have demonstrated knowledge gaps. The general lack of clarity of their roles and responsibilities, and limited understanding of the differences between the assurance functions, operational boundaries and common areas of interfaces are pervasive. A large number of the end users of the assurance reports, particularly, the executive management, board and board committees perceive most assurance reports from Internal Audit, Compliance, Risk Management and Compliance functions to be repetitive and provide inconsistent views and opinions of the truth. These issues have led to the following problems:
- relationship and quality performance issues amongst the assurance functions,
- high tension for boundary protection and expansion,
- silo mentality behaviors and practices,
- duplication of duties or work efforts,
- poor-quality assurance reports and
- Multiplication of cost overhead hitting the bottom lines.
The Executive management, boards and board committees who depend on the assurance reports to make risk informed strategic decision are concerned about these negative developments and want the multiple reports harmonized and quality much improved before being communicated to them.
However, it is important to note that a few other board committee members feel that the issues on work duplication, inconsistent and repetitive reports do not really matter because they provide them with strong signs and opportunities to dig deeper into the events in the organization. This viewpoint sounds logical, but the big question is, will it be ok for example the HR and Admin department repeats the same processes and business transactions that the procurement or finance and accounts department has completed? It is certain that everyone will consider this practice a waste of the company resources – personnel time, efforts, money, space, facilities, etc. why then should the same waste be tolerated for the assurance functions?
My perspective is that multiplication of cost overheads in any system, no matter the circumstance, does not add value as the effects will aways hit the bottom lines. Both the viewpoints of those that see the duplications and inconsistencies as issues and those that do not see them as issues are clear indications that the assurance providers, particularly, the internal audit, compliance, risk management and internal control functions need to do more to raise their credibility higher in order to win the greater trust, confidence and respect of the end users of the assurance reports, particularly the executive management, boards and board committees and auditees. What is required of the assurance providers is to inject agility driven by innovation, creativity, proactiveness and well-coordination in the conduct of assurance work delivery. This well help to eliminate the root causes of the redundancies and inconsistencies, optimize productivity, cost savings, boost inter-personal relationships and quality of reporting.
Combined assurance model provides the mechanisms and solutions to help address the above relationship and performance reporting issues in the assurance delivery.
Very insightful!
A Combined Assurance Model (CAM, if properly deployed will eliminate waste of resources, optimise assurance cost and ultimately a plus to the bottom line!
I totally agree with you. You are perfectly correct.