Driving continuous improvement across the assurance lifecycle
Assurance is critical to good governance of any business. But however solid and valid an assurance framework may be, with time comes change – meaning it is essential to keep assurance frameworks up-to-date and relevant. Gihan Mallawaarachchi, Principal Consultant at Sententia Consulting, outlines how to drive continuous improvement across the assurance lifecycle.
Defined as the flow of information that provides a level of confidence that objectives will be achieved within an acceptable level of risk, assurance is designed to provide confidence to decision makers that obligations are being met and risks are being managed effectively.
An assurance framework outlines how key assurance objectives are brought to life within an organisation, providing a clear structure and guidance to support the implementation of assurance at department or functional levels.
To be conducted effectively and efficiently, assurance policies need to planned and kept up-to-date. At Sententia Consulting, we recommend building a six-step assurance lifecycle into the assurance framework.
Phase 1: Identifying assurance needs
Organisations are complex. At any one time, there are likely many different services, programs, projects, business initiatives, and more being delivered. The purpose of this phase is to assess which of these activities are likely to benefit most from assurance. Some key criteria to consider in identifying areas of greatest assurance need include:
- Is the activity higher risk (e.g., large financial impact, public/media interest, political sensitivity, large impact on objectives, high consequence of failure)?
• Is it a defined area of focus for the leaders of the organisation?
• Are there known issues or weaknesses in this area?
• Is this a new activity or has it recently undergone a change?
Phase 2: Understand existing assurance
Once areas of assurance need are identified, existing assurance arrangements and controls need to be understood to identify ‘gaps’, ensure there are no overlaps, and recognise where existing assurance can be leveraged.
Key questions to ask in this phase include:
- What controls (if any) are in place that are relevant to the identified areas of assurance need? Have these been tested recently?
• What assurance activities (if any) have been conducted in that area in the past 12 months? Do they provide a satisfactory level of confidence?
• What assurance activities (if any) are planned for the next 12 months? Do they provide a satisfactory level of confidence?
• Have any similar projects/programs/functions got any relevant recent or planned assurance activities? Is there an opportunity to cooperate on or leverage these activities?
Phase 3: Prioritise through risk
Although there may be many areas identified that would benefit from assurance, it is generally not cost or time-effective to provide assurance over all of them. So, once assurance requirements have been identified, they must be prioritised to ensure resources are allocated to the assurance activities that will be of greatest value to the organisation.
A risk assessment using the organisation’s risk matrix will assist prioritisation.
Phase 4: Undertake assurance
The prioritised assurance requirements are then considered against different assurance approaches to identify the appropriate form(s) of assurance and the associated methodology to ensure the ‘right’ assurance is undertaken to achieve the desired level of assurance confidence.
Once these decisions have been made, it is time to start conducting the assurance.
Phase 5: Reporting and monitoring
For assurance to add value, the outcomes need to be captured and shared. Different types of assurance will require varying degrees of formality in reporting, ranging from simple checklists or dashboards, through to detailed formal reports.
Reporting should follow a format that best facilitates communication of the assurance information with relevant stakeholders to support timely decision making.
Phase 6: Implementing recommendations and continuous improvement
The true benefit of assurance comes from taking the findings, identifying improvement opportunities, and implementing them as soon as possible to continuously improve the organisation.
A continuous improvement approach is crucial for organisations to stay relevant and successful in our ever changing social, economic, political, and technological environment. It is important to allocate clear responsibilities and time frames for implementing recommendations so that assurance value is not lost.