Playing with Combined Assurance

Business Integrity, Insight and Beyond

28 June 2012

Pre-Game Warm Up

• King III was released on 1 September 2009 and represents a significant milestone in the evolution of corporate governance in South Africa. It brings with it significant opportunities for organisations that embrace its principles. • "The audit committee should ensure that a combined assurance model is applied to provide a coordinated approach to all assurance activities" • "Internal audit should form an integral part of the combined assurance model as internal assurance provider." • "King III recommends that every company/ organisation

adopts the disciplines inherent in combined assurance."

The Game Plan

If Combined Assurance is planned and implemented correctly, we should see the following outcomes: • Reduction in duplication of information and clutter • Cost savings in terms of resource allocation and greater coverage • A comprehensive perspective of issues based on input from multiple assurance functions • Optimised value from information gathered from management • Valuable, relevant data based on collaboration and not silos • Sufficient assurance to satisfy the audit committee that adequate controls exist to mitigate risks

The Opposition

Combined Assurance is a fundamental shift from existing Silo mentality that exists in organisations.

We can expect the following Opposition: • Initial investment in time, resources and money • Change Management Issues - Opposition from Silo culture • Comprehensive planning is requirement for each discipline before resource allocation can take place • Attaining agreement on a framework, methodology, terminology and technology platform • A lack of education and understanding of key Combined Assurance principles Business Integrity, Insight and Beyond

The Players

• First Line Management Primarily responsible for risk management. The process of assessing, evaluating and measuring risk is on going and is integrated into the day-to-day activities of the business.

• Second Line Enterprise Risk Management and Compliance The Enterprise Risk Management function is primarily accountable for setting the risk management framework and policy, providing oversight and independent reporting to executive management through the risk committee, and to the board. The Enterprise Risk Management functions implement the risks management framework and policy in the business, approve risk within specific mandates and provide an independent overview of the effectiveness of risk management by the first line of defence.

• Third Line Internal Audit & External Audit Provides an independent assessment of the adequacy and effectiveness of the overall risk management framework and risk governance structures, and reports to the board through the audit committee.

Business Integrity, Insight and Beyond

CQS & MTN

Business Integrity, Insight and Beyond

MTN Project – The Titanic

Dear Icebergs, Sorry to hear about the global warming. Enjoy the Karma... Sincerely, the Titanic.

Business Integrity, Insight and Beyond

MTN PROJECT - Planning the Approach

Assurance

Combined Assurance Methodology

ERM

ERM Framework

Internal Audit Fraud Risk Management

IA Methodology FRM Methodology

Business Integrity, Insight and Beyond

MTN PROJECT – cam_ERA (OLOGY)

IA ERM FRM Risk & Internal Audit Committee Business Integrity, Insight and Beyond

MTN PROJECT – cam_ERA (OLOGY)

Psychology Methodology

“Combined Assurance happens when Methodology meets Technology to influence business Psychology”

Technology Risk & Internal Audit Committee Business Integrity, Insight and Beyond

MTN PROJECT – Simplifying Principles

To be effective a paradigm shift is needed to address resource limitations: • Hundreds of Risk become Tens • Disjointed activities become Collaborations • Multiple opinions contribute to a single overall opinion Business Integrity, Insight and Beyond

MTN PROJECT - The Pre Match Stats

Business Integrity, Insight and Beyond

MTN PROJECT – The Enablers

• Subject Matter Experts • Flexible Technology Configurable solution Multiple security levels Custom screens Process flow control through rules • Trial and Error • Project Governance • Financial Resources • Time, time, time!

Business Integrity, Insight and Beyond

MTN PROJECT - The Match Stats

Business Integrity, Insight and Beyond

Next Year's Draft

What can we do to make Combined Assurance a reality? The following may help: • Get buy in from an Executive Sponsor and Risk & Audit Committees • Identify a champion to drive the process • Schedule Combined Assurance Planning workshops with key stakeholders • Benchmark the current level of assurance being provided • Empowering all lines of assurance through training and communication • Choose the RIGHT technology partner Business Integrity, Insight and Beyond

Challenges facing the Public

In the South Africa, the Public Sector facings unique challenges in the following areas: • Infrastructure & Connectivity • Skills development & Retention • Consistency in terms of Ratings and Reporting • Limitations in available hours Business Integrity, Insight and Beyond

So what can we do?

Technology exists that can help us overcome our key challenges: • Single Methodologies across provinces • Risk & Audit Report Standard Templates • Knowledge libraries for sharing and intellectual retention across provinces • Automation of Reports, Scheduling and Risk Assessments • Benchmarking and visualisation across Municipalities Business Integrity, Insight and Beyond

For the Fans

“Combined Assurance is the co-ordination of all the best assurance players into a team that achieves the best coverage and results in the assurance season and the communication of those results to the audit committee and board. These results are the enabling factor that will assist in the audit committee and board in making the best decisions and plan the most effective strategy for the franchise.” Business Integrity, Insight and Beyond

Business Integrity, Insight and Beyond