1 / 17

Session 2: Combined Assurance Mapping

Session 2: Combined Assurance Mapping. Presented by: Wayne Gorrie KPMG. INTERNAL AUDIT SERVICES. Combined assurance Mapping. October 2010. ADVISORY. Outline. Combined assurance mapping Assurance providers Coordination of assurance coverage Five stage process

sanne
Download Presentation

Session 2: Combined Assurance Mapping

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session 2: CombinedAssurance Mapping Presented by: • Wayne Gorrie KPMG

  2. INTERNAL AUDIT SERVICES Combined assurance Mapping October 2010 ADVISORY

  3. Outline • Combined assurance mapping • Assurance providers • Coordination of assurance coverage • Five stage process • Assessment of assurance coverage

  4. Drivers • Focus on • Directors/Boards • Confidence in the assurance provided over key organisational risks • Informed in simple yet effective manner on effectiveness of the assurance provider MANAGE RISKS: Sound risk governance based on the three lines of defense model, puts Risk as part of the daily conversation and views Risk from an enterprise-wide perspective.

  5. Combined assurance mapping • Considers the extent of assurance over business processes and business risks • Assurance provided by management and other assurance providers including internal audit, external audit, and third parties • A systematic way of allocating internal audit and other assurance effort • Identification of gaps and duplication of resources within a combined assurance framework

  6. Assurance providers Internal Audit Third Parties Management External Audit The focus and extent are largely discretionary; leading practice internal audit facilitates all aspects of assurance Specialist input, eg Health & Safety The primary source of assurance and the first line of defence Largely driven by legislation but part of the approach is variable

  7. Coordination of assurance coverage The Problem Unless the coverage of the four providers of assurance is coordinated there may be gaps or duplication Combined assurance mapping Combined ssurance mapping enables a systematic approach to assurance that is readily visible to the Board and Management

  8. Five stage process 1. Plot processes 4. Assess assurance coverage 2. Overlay risks 3. Ascertain assurance types 5. Actions

  9. Five stage process Operations BU 1 BU 2 Corporate Financial IT Stakeholder Relations Value alignment Organisation effectiveness 1. PLOT PROCESSES • Involves determining all processes and sub-process (financial and non-financial) at all locations. • This can be summarised at a high level as follows:

  10. Five stage process 2. OVERLAY RISKS BU 1 BU 2 Corporate N/A Operations Financial IT N/A N/A Stakeholder Relations Value alignment Organisation effectiveness Key Low risk Extreme risk Medium risk High risk • Involves drilling down from the risk profile the strategic and operating risks to the sub-processes which are impacted by those risks

  11. Five stage process 3. ASCERTAIN ASSURANCE TYPES BU 1 BU 2 Corporate N/A M, 3 M, 3 Operations M, I, E M, I, E M, I Financial M, I M M IT M N/A N/A Stakeholder Relations M M, I M Value alignment M, E M, I, 3 M, 3 Organisation effectiveness Key M I E Internal audit External audit Management 3 Third party • Involves a high level look at sub-processes to ascertain who provides assurance, if any

  12. Five stage process 4. ASSESS ASSURANCE COVERAGE BU 1 BU 2 Corporate Operations N/A M, 3 M, 3 Financial M, I, E M, I, E M, I IT M, I M M Stakeholder Relations M N/A N/A Value alignment M M, I M Organisation effectiveness M, E M, I, 3 M, 3 Key Low coverage Medium coverage High coverage • Involves assessing the extent of the assurance coverage of each sub-process:

  13. Five stage process 5. ACTIONS • Involves interpreting results and taking action. • Potential results include: • This may represent an assurance gap over a particular high risk process so actions could include: • Refocus of internal audit work • Specific management sign-offs in the certification process M • This may represent duplication of resources so actions could include: • Refocus of internal audit work • Reducing management involvement M, I, E • This may represent undue reliance by management on third parties so actions could include: • Increasing management involvement • Formalising third party assurance framework 3

  14. Assurance coverage 5. ACTIONS Coverage Description Low All aspects of the table are Low Medium All aspects of the table are neither Low nor High High All aspects of the table are High

  15. Consideration of coverage 5. ACTIONS %'s relate to the total number of processes 25% 52% 23% Assurance High 20% tolerance ? Medium 50% Assurance Level ? Low 20% ? None 10% Low Medium High Risk Level Actions: Immediate - assurance levels in all red boxes to be raised ? Consider - do assurance levels in orange boxes need to be raised Resourcing - why is there high assurance over some low risk processes

  16. Discussion

  17. Wayne Gorrie Senior Manager KPMG +61 7 3233 9381 wgorrie@kpmg.au www.kpmg.au

More Related