ao link

Do we need more assurance on assurance?

The tragedy at Grenfell Tower is raising many immediate and pressing questions about cladding, fire doors, tower block safety and much more.

Linked InXFacebookeCard

Many other issues highlighting just how this catastrophe could have occurred will doubtless be raised by the findings of the various investigations and inquiries.

 

Almost certainly some of these will question the role of assurances sought and obtained.

 

Looking through a different lens, I’m left wondering if the faith we place in the third line of defence that is external assurance may just have been very seriously undermined.

 

There are many business-critical areas where we rely on external experts to double check that we meet legal requirements, regulations, standards and best practice. Or to call us out where we don’t.

 

We depend on them to be both specialist and independent: to understand the technical details of their subject area and to be confident in telling us where we are not coming up to the mark.

 

In fire safety, we have all the necessary elements: legislation, regulations, standards and mandatory external assurance.

 

And yet something still went massively wrong.

 

In this and other areas of assurance, might we have inadvertently created a detailed tick-box process that muddies the picture rather than gives effective warnings of deficiencies?


Read more

Thirteen releases £350m securityThirteen releases £350m security

Boards and executive teams will oversee many adjustments to assurance policies and practices as we learn the detailed lessons from this horrendous event.

 

Here are some of my early thoughts on the questions that could in future help us distinguish high quality assurance from box ticking.

  • Standards: Is there a choice of standards? Why have we chosen the ones we’re measuring compliance against? Who sets them? Do we have confidence in their independence and rigour? When were they last updated? How quickly do they respond to new information and learning?
  • Assessments: Are the assessors, specialists, or auditors qualified and independent? Does a profession or trade body vouch for their credibility? Do they understand the context and drivers of the review, and the reliance that we will be placing on their conclusions? Does our brief to them encourage honesty and challenge? Is it sufficiently comprehensive to obtain the assurance we really need? Are they happy to expand their usual checks to accommodate our specific requirements? Is there a role for the Audit Committee and/or ‘internal’ internal audit in scoping the brief and agreeing any actions? What’s a reasonable frequency of updating?

  • Gaps: Are the root causes identified, rather than the presenting symptoms? Do we understand which are the most critical? Are they graded and ranked? Do we triangulate with complaints and whistle blowing?

  • Actions: Are they clear, specific, prioritised and resourced? Are the accountabilities and timescales clear?

  • Monitoring: Are all gaps and recommendations tracked? Are outliers, trends and benchmarks highlighted in our reporting? When should the audit committee and board be sighted on progress against recommendations? When should the results be shared with wider stakeholders?

The role of assurance, both internal and external, will not diminish moving forwards, but how we procure external assurance and the questions we ask of those appointed to provide it may well.

 

Grenfell has demonstrated that to deliver well placed confidence, we need to take note of the quality of the assurance we’re receiving.

 

Executive teams and boards will want to be clear about their respective roles, methods and skill sets, as each has an important and unique role to play.

 

Sue Harvey is a director at Campbell Tickell, chair of audit and risk assurance at the Housing Ombudsman, and co-chair of HouseMark’s Business Assurance Club.

Linked InXFacebookeCard
Add New Comment
You must be logged in to comment.

RELATED