Do you know if there are gaps or duplications in your assurance strategy over your current and emerging risks?
This white paper describes what an assurance map is and the process to develop your own assurance map to gain assurance efficiencies, avoid duplication and help focus on critical risks.
Our clients have found it useful to conduct assurance mapping to gain awareness of the way in which they are receiving assurance in relation to key areas of operations and over significant risks. It also supports the ability for these stakeholders to direct assurance activities into areas of higher risk, whilst ensuring both appropriate coverage and efficiency in the broader assurance activities across the enterprise.
What is an assurance map?
An assurance map is a:
- Visual and easy to read illustration that provides an overview of the scope and coverage of your assurance activities;
- Holistic approach to risk and assurance that allows for dynamic and effective risk management; and,
- Consolidated representation of the assurance provided by the ‘four lines of defence’ which helps to identify the range of assurance sources available to an entity.
- By identifying and outlining the assurance activities undertaken by each line of defence for your principal risks, you will be able to:
- Determine those risks which require further monitoring and management;
- Identify instances where certain risks have been subject to duplicated assurance activities; and,
- Make informed and focussed decisions with respect to your short, medium and long term assurance strategy over your principal risks.
Why use assurance mapping?
There are various drivers for an assurance map, including but not limited to, changing business environments, major transformation programs and need to ensure appropriate coverage of principal risks in an efficient manner.
Where your triggers are… |
…and the benefits you stand to gain. |
|---|---|
Laws and regulations will demand unprecedented levels of assurance. |
Building an integrated view of your assurance framework, and areas where you aim to strengthen, is a robust first step to respond to new legal or regulatory requirements that have an impact on assurance needs. |
Pressures exist to provide a better view of the assurance landscape to your Board and Audit Committee. |
Integrating assurance information through leveraging technology and dash boards enables comprehensive assurance reporting to your stakeholders. An optimised assurance framework gives comfort to your stakeholders that the principal risks are managed within the appetite. |
Business transformations are the perfect opportunity to re-think how assurance is delivered. |
Assurance mapping will show where assurance duplications and gaps exist, enabling you to optimise your assurance structure. It also allows you to better respond to business transformation and changes in the risk landscape, as a constantly evolving assurance shows where new assurance capabilities are required. |
Forward-looking assurance frameworks have Internal Audit in the driving seat, but no longer as the sole agent of assurance. |
Assurance mapping will show you if your multiple assurance agents (internal and external) are delivering true value over your principal risks in a collaborative and efficient manner. The mapping will give you an integrated view of assurance activities across the four lines of defence, including where new capabilities are required, and enable informed decision-making. |
Get in touch
If you have any queries relating to the report above, please contact our Internal Audit team. We'd be delighted to hear from you.
Patrick Farrell
Partner
KPMG in Ireland
Colm Laird
Director
KPMG in Ireland
Maria McAnearney
Manager
KPMG in Ireland
Luke Moynihan
Senior Associate
KPMG in Ireland
