Coordinating risk management around risks that matter – The value of assurance maps

Start adding items to your reading lists:
Sign in
or
Create your account
Save this item to:
This item has been saved to your reading list.

Effective and appropriate risk management has never been more important

Stakes are high in risk management. The mere existence of the three lines of defense (“3LOD”) is not enough. While a variety of functions across a financial institution are responsible for assuring that risks are appropriately assessed, mitigated, monitored, and managed, no formally appointed coordinator centralizes the objectives of each of the assurance functions. Without centralized coordination, organizations are vulnerable to duplicative efforts or missed coverage—and the resource inefficiencies they create.

Ready to learn more?

Assurance maps provide a tool for centralizing risk identification and assessment. By mapping the various risk management and testing activities performed by the 3LOD in relation to priority risks, assurance maps help answer the question, “What are we missing?”

Download Coordinating risk management around risks that matter – The value of assurance maps

Key principles for success when considering the use of assurance maps

Executive-level ownership

Identify an executive sponsor who will support collaboration and coordination, and executive-level risk owners for each major risk category. The risk and assurance map should be “personal” to each owner, particularly if the successful execution of his or her strategic objectives is at risk.

Clear objectives

Determine the scope and desired level of assurance. Start small, targeting one key strategic objective, strategic risk, or emerging risk.

Timing and identification of providers

Identify the relevant assurance providers and agree on appropriate timing for constructing the assurance map.

Common tools

Agree on or build common tools. Leverage common terminology for defining products and services, processes, risks, and controls; employ a common risk assessment and issue rating methodology; and integrate or align platforms for workflow, data analysis, and reporting. Simplicity is important. Avoid jargon.

Plan early and think ahead

Identify the current and expected assurance activities and assess for quality (depth, frequency, etc.).

Address issues

Analyze the results and determine next steps to address any issues (gaps, duplication, etc.).

Meet often

Meet frequently to reassess the scope, coverage and risks.

Explore further

Controls Testing and Monitoring Solutions Risk and Regulatory Our perspectives Compliance and Risk Management Solutions

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}
{{item.videoDuration}}

{{item.title}}

{{item.text}}

Start adding items to your reading lists:
Sign in
or
Create your account
Save this item to:
This item has been saved to your reading list.
{{contentList.loadingText}}
{{contentList.loadMoreLabel}} {{contentList.viewAllLabel}}

Stay up to date

Subscribe to risk and regulatory insights

Contact us

Rich Reynolds

Rich Reynolds

Controls Testing & Monitoring Leader - Financial Services, PwC US

Linkedin Follow Email
Christopher Byllott

Christopher Byllott

Director, Risk and Regulatory, PwC US

Linkedin Follow Email
Follow us
Audit and assurance Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - Fri Feb 26 12:21:54 UTC 2021 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.