The need for assurance is never more acute than in times of turbulence and uncertainty. The events following the financial market crisis demonstrate the catastrophic consequence of risk taking that exceeds the board’s appetite, and of not joining up risk intelligence for sound decision making. Boards and senior management alike consistently seek the ’one truth’ about risk exposures and strength of controls but are continuing to grapple with the challenge. Much has been written about assurance and the governance of risks, but mainly by those who provide it - such as internal auditors, accountants and information security technologists - for the purpose of advancing their professional practices. Less is written for or by those in governance who need assurance for the effective discharge of their responsibilities. Regulations do not usually go beyond acknowledging its importance and rely on those in the boardroom to get it right. Studies have consistently shown the link between weak corporate governance and corporate failures. The lack of reliable assurance has often been a factor. Assurance, as an integral part of corporate governance, cannot be taken for granted. It requires conscious action across the organisation. It is time to rethink assurance beyond its usual functional boundaries, to focus on what matters to the business and how discussions in the board room can be better supported by more joined up assurance. This book provides practical guidance for those who need that support as well as those who deliver assurance.
'Understanding the principles of joined up and coordinated risk management and internal control is increasingly key to becoming an effective director, member of senior management or head of internal audit and related assurance functions in the corporate and public sectors. This book explains the background cogently, draws on much current thinking from around the world and gives useful practical insights about effective processes. Vicky Kubitscheck writes intelligently, identifies her sources well and draws on her own considerable experiences in this important field.’
- Martyn Jones, President of the Institute of Chartered Accountants England and Wales
'Risk assessment and management of risk are two key activities at board, management and operational levels in all organisations. In this analysis of the processes of risk-taking the author has cleverly woven her knowledge and experiences of the practices of risk management and assurance, creating a unique integrated framework of guidance for risk oversight and risk-taking. Understanding and using this framework is a must for all seeking governance excellence and for those who provide assurances on governance - management, auditors and regulators.’
- Jeffrey Ridley, University of Lincoln, UK and First Past President of now Chartered Institute of Internal Auditors, United Kingdom and Ireland. Author of Cutting Edge Internal Auditing
‘With increased regulatory focus on how ethics, culture and governance are connected in our organisations,
this book offers a highly developed framework and practical tools to ensure all the bases are covered while
building a join-up response. Increased regulation also risks resources being wasted by over-lapping or
misdirected approaches. In this book, we see a particularly refined coherent approach, utilising specialist
expertise and current best practice.’
- David Jackman, Director of The Ethical Space and Chair of the Ethics Foundation.
Formerly Head of Business Ethics at the Financial Services Authority, UK
‘I have worked with Vicky Kubitscheck for a number of years and have found her insights invaluable. I highly
recommend this book which gives everyone an opportunity to understand better the highest standards of
- Mike Urmston, Non-Executive Director of Phoenix Life, Reassure, Ageas Insurance and Police Mutual.
Member of Regulatory Decisions Committee at FCA, UK
Contents: Foreword; Preface. Part I Introduction - the Case for Integrated Assurance: Governance in the New Order: Corporate governance on trial; Risk taking and oversight; Assurance against excessive risk taking; Openness and transparency; Accountability; Rethinking assurance. Part II Risk Assurance beyond Boundaries: Seeking the holistic risk and assurance picture; Assurance in a three lines of defence model; The current faces of integrated assurance; Defining a framework for integrated assurance. Part III Implementing Integrated Assurance: Integrated risk assurance mapping; Integrated assurance at Level 1; Integrated assurance at Level 2; Integrated assurance at Level 3; Getting started; Key implementation challenges. Part IV Case Studies: Introduction; Audit committee approval of audit plans; Reviewing the need for an internal audit function; Optimising risk assurance in a fast growing entity; Enhancing risk governance to match growth ambitions; Optimising risk assurance in line with strategic change; Sharpening and simplifying risk governance and assurance; A deep dive risk oversight for a subsidiary; Spotlighting a risk for oversight and assurance; Promoting collective risk intelligence. Bibliography; Index.