James C Paterson explores the theory and practice of effective assurance. Scope of this paper This article is written for senior managers and board members, and others with an interest in governance, risk and audit matters. Its origin comes from a request from the ACCA Internal Audit Members’ Network Panel, which noted the numerous major risk issues in the past few years that have seemed to have ‘slipped through the fingers’ of senior managers, boards/audit committees, and asked me to explore the theory and practice of effective assurance.
The first section discusses ‘reasonable assurance’ in a financial reporting context, which may well be familiar to many readers, but it is hoped that this will provide a helpful foundation for considering the wider question of reasonable assurance in other risk areas (and highlight the additional difficulties that can arise in comparison to financial controls assurance).
Finally I discuss the importance of gaining a holistic picture of all of the key risks and sources of assurance that may exist in an organisation (as well as their reliability), through the use of assurance frameworks and assurance mapping techniques.
I hope this article will act as a grounding or refresher on this important topic and – above all – support senior managers and board members to help them ask the right questions, since – all too often – assurance activities become a paper chase, rather than being a tool to proactively reduce the chances of a major risk surprise.