Integrated Risk Assurance
Integrated risk assurance is a vital part of the holistic enterprise risk management project as financial services regulators require companies to provide evidence of how an Enterprise Risk Management (ERM) framework has been implemented.
Your board and senior management need assurances that the ERM framework meets expectations in line with the regulatory expectations that apply to senior management. A systematic approach to gaining those assurances provides clarity and confidence around successful implementation or identified gaps and ensures that activities are coordinated to avoid duplications or omissions.
Your board and senior management should systematically source evidence from all three lines of defence in your business. Crescendo Advisors has developed a 10-point Integrated Risk Assurance framework to identify and assess categories of assurance activities and level of readiness, including risk reviews. This enables you to be methodical in assessing the implementation of your Enterprise Risk Management framework. The business assurance framework encompasses the following areas for consideration by boards and managers when signing off the ERM implementation:
1. Risk management framework/policy
2. Board/Senior Management Roles & Responsibilities
3. First Line Reviews/Quality Assurance
4. Risk Policy Verification
5. Risk Events management
6. Risk Reviews Approach
7. Programme of Risk Reviews
8. Chief Risk Officer (CRO) Opinions
9. Second line compliance monitoring
10. Internal Audit Function Reviews
You can use the integrated assurance framework to identify material gaps between senior management aspirations and the current readiness state. This will drive focused enhancements of assurance activities.
The framework may also highlight the need for a deeper review of individual components, to assess how a component has been implemented and to provide recommendations for improvements.
Finally, the framework could provide the structure for any remediations of previously identified issues. This could include roles & responsibility definition, risk review design, training and governance related activities as required.
Our experience in providing a comprehensive integrated risk assurance framework gives your company complete confidence that your implementation is fit for purpose. We have worked with a wide range of clients using this approach, and with our focus on pragmatic business solutions, you will achieve your risk management targets on time and within budget.
If you would like to talk to us about how we can design a system to provide risk assurances to your board, call us today on 07766 725315 or email firstname.lastname@example.org