Integrated Assurance Across the Three Lines of #CW2017

Transcription

1 Integrated Assurance Across the Three Lines of #CW2017

2 Speaker Panel Liv Watson Sr. Director of Strategic Customer Initiatives Workiva, Inc. Valeria Locatelli Audit Director M&G #CWE2017

3 Polling Question 1 Do you currently use (any form of) integrated assurance in your company? 1. Yes, and we have an integrated report to the Board 2. Yes, but each assurance provider reports independently 3. No, but we are aware what other functions are planning 4. No, and we have little visibility with each other 5. Not #CW2017

4 @ComplianceWeek #CW2017

5 Integrated Assurance Valeria Locatelli, Audit Director, #CW2017

6 What is Integrated Assurance? No agreed upon definition and minimum standards In simple terms, it means combining two or more assurance plans (e.g. audit, risk, compliance) to show the collective assurance coverage of risks and controls across the organisation It is a tool to support a joined-up risk management approach It requires aligning the various assurance activities over the key risks and core business #CW2017

7 Why It Matters IPPF Performance Standard 2050 (Coordination and Reliance): The chief audit executive should share information, coordinate activities and consider relying upon the work of other internal and external assurance and consulting service providers to ensure proper coverage and minimise duplication of efforts. Financial crisis: Exposed weaknesses in boardroom practice; risk and its assurance was disjoined. Multiple uncoordinated activities across assurance providers generates risk fatigue and uses assurance resources in a suboptimal way. Instead, a coordinated approach leads to a common view of the key risks across the organisation, and how well controlled they are. Proliferation of specialist assurance functions: In response to regulatory risk, e.g. ABC, GDPR, which increases the risk of duplication and of taking up a lot of management time with independent assurance #CW2017

8 Key Benefits Common and consistent view of risks and controls Provides an aggregated view of risk assurance one truth Can be seen as a method to accumulate data and facts pertaining to specific process from various areas and perspective Increased efficiency and resource utilisation across assurance providers Minimises the risk of gaps, silo-working and disjointed risk management Promotes working beyond functional #CW2017

9 Things to Consider What are the critical activities/risks/controls? Is the risk taxonomy common across the organization and assurance functions? Is the level of maturity of the assurance providers consistent? Who are the key stakeholders and beneficiaries of the integrated assurance #CW2017

10 Assurance Coverage Mapping Example of Key risk Areas Assurance Coverage Mapping 1 st Line of Defence 2 nd Line defence 3 rd line of defence Management Finance Legal Risk Compliance Audit Strategic Risk Customer needs Political & Regulatory Operational Risk Financial Control Legal & Compliance Informational Technology Health & #CW2017

11 Best Practices Harmonization of Risk and Control Framework one single framework (risk universe, risk taxonomy, rating scales, formats) Harness collective risk intelligence across business functions Eliminate overlaps = minimising duplication of efforts Increase ownership responsibility in first line of defence of risk & Controls Alignment of roles and responsibilty across different committees Integrated implementation of new projects regulatory changes, new systems Focus on key risk while integrating #CW2017

12 Integrated Assurance Across the Three Lines of Defence Presented by: Liv Watson Sr. Director Workiva, Inc [NYSE: WK]

13 Compliance Week Europe Amsterdam

14 Key Learning Objective Integrated Assurance Across the Three Lines of Defence Requires Good Data #CWE2017

15 Compliance Dilemmas

16 Dilemmas - I Compliance Week Europe Amsterdam

17 Dilemmas - II IDC estimates that by 2020 business transactions on the internet (both B2B and B2C) will reach 450 billion per day. IDC estimates that the volume of business data worldwide, across all companies, doubles every 1.2 years. Walmart handles more than 1 million customer transactions every hour, which is imported into databases estimated to contain more than 2.5 petabytes of data. The largest AT&T database boasts titles including the largest volume of data in one unique database (312 terabytes) and the second largest number of rows in a unique database (1.9 trillion), which comprises AT&T s extensive calling records. IDC estimates that poor data can cost businesses 20-35% of their operating revenue. Compliance Week Europe Amsterdam Source:

18 Dilemmas - III Compliance Week Europe Amsterdam

19 Time to Rethink Integrated Assurance The costs keep growing, while complexity is starting to outpace human understanding.

20 Rethink Integrated Assurance Across the Three Lines of Defence with Good Data Governance

21 Introducing SSOT-MVOTs Data Architecture GOOD GOVERNANCE, GOOD DATA A sound data strategy requires that the data contained in a company s single source of truth (SSOT) is of high quality, granular and that multiple versions of the truth (MVOTs) are carefully controlled and derived from the same SSOT. Continues Audit Data Continuous Risk Monitoring and Assessment Continuous Control Monitoring Compliance Week Europe Amsterdam

22 Time to Rethink Integrated Assurance Assume that all data will be consumed using an electronic "machine understandable" reporting framework rather than a document-based digital one.

23 Key Take Away The overall condition of data assets is directly dependent on the company s ability to align people, processes, lines of business, and technologies. It requires that all of these things work together to produce the desired outcomes that make data fit for its business purpose.

24 Valeria Locatelli Audit Director M&G Investments DISCUSSION Liv Watson Sr. Director of Strategic Customer Initiatives Workiva, #CW2017

25 Thank you! Your feedback is much appreciated! Please remember to complete the feedback survey, available in the conference app and at the registration #CWE2017