The financial services industry and regulators are focusing increasingly on how businesses evidence that enterprise risk management (ERM) frameworks have been implemented. Assurance to boards and senior management is the outcome of successful ERM implementation.
Evidence of assurance can be sourced from the three lines of defence in a business. Internal audit reviews are usually the most obvious example of assurance. The challenge is how to identify and assess the sources of assurance. This ensures that the activities are coordinated in order to avoid duplication and to ensure that they are effective. One aspect of assurance that may be provided by the risk function is risk reviews (covered in Crescendo Advisors’ blog here and here).
From a regulatory perspective, the key expectation of the SMCR is that the relevant individuals take reasonable steps to meet regulatory requirements. Thinking about sources of assurance in a systematic way should go some way to meet these expectations.
Crescendo Advisors has developed an integrated assurance framework to identify and assess categories of assurance activities and level of readiness, including risk reviews. This framework may be used to identify material gaps between senior management aspirations and the current readiness state and drive focused enhancements of assurance activities.
Get in touch to receive a paper on this subject. Please contact us.