Risk Solutions - leave nothing to chance

Providing assurance

Assurance activities perform a vital role in demonstrating to senior management and external stakeholders that key functions and activities are being well managed. Whilst audit activities can help ensure that things are being done right, assurance needs to take a wider view ensuring that the organisation is also doing the right things.

One of the main challenges for assurance activities is to ensure that they add value, and don’t become another layer of bureaucracy. Our approach to assurance is risk-based thereby ensuring that an appropriate level of scrutiny is employed according to the importance or criticality of the activity being considered. Different forms of evidence can be used to support assurance such as a detailed review of records, work instructions, plans etc as well as interviews with critical and key individuals charged with managing or operating the systems under review.

The need for assurance support is often triggered by a specific incident, series of incidents or an adverse trend in key performance indicators. Whatever the trigger, we begin by determining the significance of the event/trend using risk analysis and statistical techniques. A forensic audit of the processes, systems, procedures and people issues involved can provide fresh insights into the causes of the problem and we often employ this for incident investigations. In particular, we look beyond the immediate causes to determine whether management failures or cultural problems in the organisation need to be addressed.

Using root cause analysis we are able to build on the analysis to identify where there has been and could be problems. Having determined the causes of the problems, we identify the controls in place to manage these, where these need to be strengthened and consequently where future assurance activities should be focussed. Throughout this process, we are careful to challenge the need for more rigorous controls – ensuring that the benefits are not grossly disproportionate to the cost of implementing the controls.

The final stage is to decide what level of monitoring is required to ensure that the new arrangements are working effectively. As a minimum, this is likely to involve reporting a set of performance indicators that are chosen to ensure they provide a reliable and balanced view of the issue, as well as encouraging the right behaviours throughout the organisation. Where performance indicators might be unreliable or unsuitable, regular audits may be more appropriate. In our experience, these achieve most when the auditor is seen as someone supporting the people involved – not someone trying to ‘catch them out’. For this reason, we use audits to not only identify failures but also to reinforce key messages and spread best practice.


To find out more about this Service in relation to a specific Sector, please select a Sector from the list below: