Integrated risk assurance

Integrated assurance is much like an orchestra, collectively achieving a symphonic masterpiece under the direction of a conductor that individual musicians are unable to create regardless of their proficiency.

This guidance looks at the concept of integrated assurance and why it can fall to the Chief Audit Executive (CAE) to facilitate it. It is timely to think about this long-standing issue and raising the profile of internal audit's value whilst the board is working through the impacts of the BEIS consultation white paper: Restoring Trust in Audit and Corporate Governance.

What is meant by integrated assurance?

Assurance sits at the heart of internal audit. It is the objective examination of evidence for the purpose of providing an independent assessment on governance, risk management and control processes for the organisation.

The board, especially non-executives/trustees have limited visibility of the day to day running of an organisation and are reliant upon the assurances they receive to make decisions and steer strategy. With increasing risk maturity, focus on governance and general organisational evolution, the assurance role has become progressively more dispersed across entities.  It can be particularly challenging when information conflicts, who should be believed? How many blocks are in the picture opposite - four or three? Depending on your perspective you could clearly argue the case for what you see! 

Integrated assurance is the concept of creating a single enterprise view of assurance derived from all the various sources. Information provided to the board must be complete, relevant, accurate and most of all easily digestible. Imagine attending a concert where each accomplished musician played a piece of music of their own choice, no set score, no conductor, it would simply be a cacophony of noise. Is this not what a board is subjected to without integrated assurance?

There are three phases…

"The whole is greater than the sum of its parts"

- Aristotle