An effective assurance programme not only helps provide certainty around an organisation’s risk management, but it can also improve efficiencies and create a more unified business.
Here we break down three key considerations when building an integrated assurance programme, taken from a private meeting with several of our network’s risk leaders as part of a series of meetings on aligned assurance (the full write up of which can be found by members in the Intelligence platform).
1. Think ahead
When it comes to planning an integrated assurance programme, organisation is key. Try to combine complementary programmes together in order to minimise disruption and improve overall efficiencies.
By combining programmes with similar scope, you can reduce the need for multiple interviews on the same topic, or limit the amount of time an area needs to be closed.
Likewise, it is always best to separate conflicting assurance programmes, such as tactical and strategic-based activities, with tactical programmes best carried out first to allow the conformance-based intelligence to inform the performance-based analysis.
2. Engage stakeholders
Integrated assurance programmes can follow a three-two-one-one delivery method to improve stakeholder engagement:
Three months out – notify the site about the assurance activity being organised, with a focus on collaboration
Two months out – carry out a scoping session with the on-site team which actively engages the general manager and relevant members of their team to ensure their key areas are considered and incorporated into the scope of the programme
You should record findings from an assurance programme on one system, but where this is not possible, the exceptions need to be made clear so people are not under the impression that they are working with a complete dataset.
It is also useful to coordinate programme reporting across the entire line of defence using three key metrics:
Delivery – has the plan been delivered in line with the approval that was directionally given by the risk management committee?
Acceptance – this looks into how accepting management is of a programme’s finding, and whether or not it has been difficult or time-consuming for that report to be accepted.
Gap closure – are the gaps being closed in line with the agreed plan of action?