+ Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

22
+ Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory

Transcript of + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

Page 1: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

+

Assurance Mapping

Sandie DawsonDirectorDawson Corporate Advisory

Page 2: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

2+Introduction & Purpose

Targeted assurance

Save money through resource optimisation

Add longer term value

Dawson Corporate Advisory Limited

Page 3: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

3+Agenda – Assurance Mapping

What can it do?

What information is needed?

How do you do it?

What can it be used for?

Dawson Corporate Advisory Limited

Page 4: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

4+From this…

Dawson Corporate Advisory Limited

Page 5: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

5+…to this

Dawson Corporate Advisory Limited

Page 6: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

6+…and produce structured output

Dawson Corporate Advisory Limited

Page 7: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

7+…and from there…

The users of your Assurance Map will decide upon the next actions to take.

Make your analysis and recommendations count.

Dawson Corporate Advisory Limited

Page 8: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

8+What can it do?

Show coverage of an organisations risks and controls by all 3 lines of defence

Highlight areas of: low coverage extensive / over coverage gaps in understanding

Dawson Corporate Advisory Limited

Page 9: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

9+What Information is Needed?

Risk and Control Self Assessments

2nd Line Assurance Plans - Regulatory Compliance, Operational Risk

Dawson Corporate Advisory Limited

Page 10: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

10+What Information is Needed?

3rd Line Internal Audit Plans

Risk Universe / Internal Audit Universe

Dawson Corporate Advisory Limited

Page 11: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

11+What Information is Needed?

2nd and 3rd Line MI, to include: Terms of Reference for each area covered Test Programmes mapped to key risks and controls

Internal Audit Reports

Decide upon the most appropriate timeframe – I recommend 1 year

Dawson Corporate Advisory Limited

Page 12: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

12+How do you do it?

Per L1, L2 and L3 Risks calculate coverage by each line of defence

Define Red, Amber, Green and Black parameters – these are key

L1 Risk L2 Risk L3 Risk Control 1LoD Coverage

2LoD Coverage

3LoD Coverage

Strategic Objectives are not met

Strategic Projects are not delivered on time

Delays are sustained in resourcing Projects

Master Services Agreements are in place with Preferred Suppliers

Full 20% 70%

Dawson Corporate Advisory Limited

Page 13: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

13+How much assurance is enough?

Dawson Corporate Advisory Limited

Page 14: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

14+Worked Example - MI

Dawson Corporate Advisory Limited

Page 15: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

15+Who can use the Assurance Map?

Audit Committee

Risk Committees

Internal Audit team

First Line Management

Dawson Corporate Advisory Limited

Page 16: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

16+What Can it be used for?

To summarise - more effectively allocating business resources

For - Risk Committees and the Audit Committee

To understand historic and current coverage

To provide an overlay of information on which to assess risk event MI

To provide MI on which to pose questions

Dawson Corporate Advisory Limited

Page 17: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

17+What Can it be used for?

For – The Internal Audit Team

To compare risks identified during discovery / planning to the risks reported by the business in their RCSAs

To compare key controls identified and tested to those reported on RCSAs

To compare control effectiveness reported by RCSAs to control effectiveness identified by testing

To inform the Internal Audit Plan

Dawson Corporate Advisory Limited

Page 18: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

18+What Can it be used for?

For - 1st Line Management

MI can be provided on a regular basis to show: RCSA Results compared with 2nd Line Coverage and Results and 3rd Line

Coverage and Results Assist the 1st Line in understanding the impact of control design and how

effectively their controls are operating

Dawson Corporate Advisory Limited

Page 19: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

19+Summary

An Assurance Map is a piece of MI that can be used as a tool

If you are the Assurance Map producer: Provide accompanying analysis Make recommendations Take actions within your remit – e.g. Internal Audit Plan updates Keep it up to date Present it to the Audit Committee – to inform and take action

Dawson Corporate Advisory Limited

Page 20: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

20+A few quotes from Davos 2014

"Data are becoming the new raw material of business.”

Craig Mundie, Senior Advisor to the CEO at Microsoft.

"The goal is to turn data into information, and information into insight.”

Carly Fiorina, former chief executive of Hewlett-Packard Company or HP.

“In God we trust. All others must bring data.”

W. Edwards Deming, statistician, professor, author, lecturer, and consultant.

Dawson Corporate Advisory Limited

Page 21: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

21+Data

Dawson Corporate Advisory Limited

Page 22: + Assurance Mapping Sandie Dawson Director Dawson Corporate Advisory.

22+Questions and Comments

Sandie Dawson FCCA07914 [email protected]

Dawson Corporate Advisory Limited