The need for assurance is never more acute than in times of turbulence and uncertainty. The events following the financial market crisis demonstrate the catastrophic consequence of risk taking that exceeds the board’s appetite, and of not joining up risk intelligence for sound decision making. Boards and senior management alike consistently seek the ’one truth’ about risk exposures and strength of controls but are continuing to grapple with the challenge. Much has been written about assurance and the governance of risks, but mainly by those who provide it - such as internal auditors, accountants and information security technologists - for the purpose of advancing their professional practices. Less is written for or by those in governance who need assurance for the effective discharge of their responsibilities. Regulations do not usually go beyond acknowledging its importance and rely on those in the boardroom to get it right. Studies have consistently shown the link between weak corporate governance and corporate failures. The lack of reliable assurance has often been a factor. Assurance, as an integral part of corporate governance, cannot be taken for granted. It requires conscious action across the organisation. It is time to rethink assurance beyond its usual functional boundaries, to focus on what matters to the business and how discussions in the board room can be better supported by more joined up assurance. This book provides practical guidance for those who need that support as well as those who deliver assurance.
Table of Contents
Contents: Foreword; Preface. Part I Introduction - the Case for Integrated Assurance: Governance in the New Order: Corporate governance on trial; Risk taking and oversight; Assurance against excessive risk taking; Openness and transparency; Accountability; Rethinking assurance. Part II Risk Assurance beyond Boundaries: Seeking the holistic risk and assurance picture; Assurance in a three lines of defence model; The current faces of integrated assurance; Defining a framework for integrated assurance. Part III Implementing Integrated Assurance: Integrated risk assurance mapping; Integrated assurance at Level 1; Integrated assurance at Level 2; Integrated assurance at Level 3; Getting started; Key implementation challenges. Part IV Case Studies: Introduction; Audit committee approval of audit plans; Reviewing the need for an internal audit function; Optimising risk assurance in a fast growing entity; Enhancing risk governance to match growth ambitions; Optimising risk assurance in line with strategic change; Sharpening and simplifying risk governance and assurance; A deep dive risk oversight for a subsidiary; Spotlighting a risk for oversight and assurance; Promoting collective risk intelligence. Bibliography; Index.
Vicky Kubitscheck is an expert in risk governance, with over 30 years' experience in financial services working with boards and executive management to develop and establish systems of risk management and governance in response to evolving regulatory and strategic business requirements. She was described as ’one of the most original and thorough thinkers in the risk management world’ by Robert Bruce, journalist and ex-editor of Accountancy Age. The book reflects her practical experience as an advisor at board level and from her senior umbrella roles in risk, compliance and audit at global organisations such as AEGON and AXA. Vicky’s current portfolio includes being a nonexecutive director of a private bank, Chief Risk Officer and Compliance Director at Police Mutual Group, the UK’s largest affinity friendly society, and a board advisor. A Fellow of both the IoD and Institute of Internal Auditors, Vicky is also the Chair of the Insurance Internal Audit Group and sat on the FRC advisory group set up to consult on its integrated governance code. She has contributed to books and written professional guidance. Her publications include ’Risk management: finding the value within’, ’Business dis-continuity - a risk too far’ and ’CSA in a financial services organisation’ (Balance Sheet).
'Understanding the principles of joined up and coordinated risk management and internal control is increasingly key to becoming an effective director, member of senior management or head of internal audit and related assurance functions in the corporate and public sectors. This book explains the background cogently, draws on much current thinking from around the world and gives useful practical insights about effective processes. Vicky Kubitscheck writes intelligently, identifies her sources well and draws on her own considerable experiences in this important field.’
- Martyn Jones, President of the Institute of Chartered Accountants England and Wales
'Risk assessment and management of risk are two key activities at board, management and operational levels in all organisations. In this analysis of the processes of risk-taking the author has cleverly woven her knowledge and experiences of the practices of risk management and assurance, creating a unique integrated framework of guidance for risk oversight and risk-taking. Understanding and using this framework is a must for all seeking governance excellence and for those who provide assurances on governance - management, auditors and regulators.’
- Jeffrey Ridley, University of Lincoln, UK and First Past President of now Chartered Institute of Internal Auditors, United Kingdom and Ireland. Author of Cutting Edge Internal Auditing
‘With increased regulatory focus on how ethics, culture and governance are connected in our organisations,
this book offers a highly developed framework and practical tools to ensure all the bases are covered while
building a join-up response. Increased regulation also risks resources being wasted by over-lapping or
misdirected approaches. In this book, we see a particularly refined coherent approach, utilising specialist
expertise and current best practice.’
- David Jackman, Director of The Ethical Space and Chair of the Ethics Foundation.
Formerly Head of Business Ethics at the Financial Services Authority, UK
‘I have worked with Vicky Kubitscheck for a number of years and have found her insights invaluable. I highly
recommend this book which gives everyone an opportunity to understand better the highest standards of
- Mike Urmston, Non-Executive Director of Phoenix Life, Reassure, Ageas Insurance and Police Mutual.
Member of Regulatory Decisions Committee at FCA, UK