Coordination and Reliance: Developing an Assurance Map
The purpose of assurance activities is to provide an objective and independent assessment on governance, risk management, and control processes for the organization. Assurance maps offer a visual representation of the organization’s risk coverage, and help identify gaps and overlaps.
Aligned with Standard 2050 – Coordination and Reliance
An assurance map is a matrix comprising a visual representation of the organization’s risks and all the internal and external providers of assurance services that cover those risks. This visual depiction exposes coverage gaps and duplications. Assurance providers may use the map to coordinate the timing and scope of their services, preventing audit fatigue within areas and processes under review. If assurance coverage is inadequate, significant risks may be overlooked or misjudged. By coordinating and aligning their risk coverage, assurance providers can build a robust assurance framework.
This practice guide takes the reader through the process of documenting assurance activities throughout an organization covering the following topics at a high level:
- Developing an assurance map.
- Identifying sources of risk information.
- Organizing risks into categories.
- Identifying assurance service providers.
- Gathering information and documenting assurance coverage.
- Reviewing and updating the assurance map.
- Using assurance maps.
Item Number: 10.1288.dl