Combined assurance : a systematic process

Abstract

There is a clear shift in corporate governance towards understanding and managing the risks that could prevent an organisation from achieving its objectives. This has resulted in enterprise risk management and combined assurance becoming fundamental and integral components of corporate governance. Although enterprise risk management is a well-researched field, limited research is available on the introduction and/or maintenance of combined assurance processes, and how these relate to enterprise risk management. The objectives of the study reported on in this article are twofold. Firstly, it presents the interrelationships between the features of enterprise risk management and the combined assurance processes. Secondly, by conducting a survey of the views of chief audit executives within the private sector it determines how these features were considered and addressed by organisations during the introduction and subsequent maintenance of their organisations’ combined assurance processes. The most significant finding is that there appears to be a dependency on the enterprise risk management process as a prerequisite for the implementation of a combined assurance process. Furthermore, significant differences were found to exist between perceptions from respondents from companies that had already implemented combined assurance / enterprise risk management and those respondents from companies that are currently in the process of implementing combined assurance / enterprise risk management.