by Matthew Oleniuk
FMI Capital Chapter PD Day
September 25, 2014

INTRODUCTION
 What is assurance mapping?
 Possible processes – and a sample process.
 How assurance mapping can be used to support corporate functions.

ASSURANCE MAPPING BASICS
 An overview of assurance activities.
 Discussion piece to feed monitoring, reviews, and quality assurance activities.
 Should be easy to understand.

OBJECTIVE & SCOPE
 What would you like to cover?
 A general view of the organisation?
 A deep dive of a specific function?
 Process versus program versus risks?
 DANGER: this is not an audit!

THE ORGANISATION

WHAT ARE THE OTHER
ASSURANCE PROVIDERS?
 Internal or External Audit
 Departmental Internal Audit function, Office of the Auditor General (OAG), Office of the Comptroller General (OCG), Privacy Commissioner, etc.
 Evaluation
 Management Independent Assessment
 MAF
 Management Self-Assessment
 Control Self-Assessments, Questionnaires, etc.
 No assurance coverage

NOT ALL ASSURANCE COVERAGE
IS CREATED EQUALLY
 Rank assurance providers according to level of assurance gained in general
 Determine frequency of assurance gained
 Match specific assurance activities with general processes
 Establish weightings and method to map activities

SAMPLE ASSURANCE MAP
LEGEND
Level of Assurance
A Internal or External Audit
E Evaluation
I
Management Independent
Assessment
SA Management Self-Assessment
X No Assurance Coverage
Top Previ ous 3 yea rs (2011-12 - 2013-14)
Bottom Next 3 yea rs (2014-15 - 2018-19)

ASSURANCE MAP – NO FUTURE
AUDIT COVERAGE
1.1
E I SA
E
1.1.3
X
E
1.1.6
I
E
1.1.7
X
E
1.1.4
E I
E
1.1.5
E I
E
1.1.1
I
E
1.1.2
N/A
E
1.2
I
A E
1.2.1
I
E
1.2.2
I
A E
2.1
I
E
2.1.1
I
E
2.1.2
I
E
2.1.3
X
E
2.2
I
A E
2.2.3
N/A
A E
2.2.4
X
A E
2.2.5
X
A E
2.2.1
X
A E
2.2.2
I
A E
3.1
A E I SA
A E
3.1.1
SA
E
3.1.1.1
A E
E
3.1.1.2
E
E
3.1.2
E
E
3.1.3
I SA
E
3.1.4
I SA
E
3.2
E I SA
A E
3.2.1
E
A E
3.2.2
I SA
A E
3.3
E I SA
E
3.3.1
E
E
3.3.2
E I SA
E
4.1
A I
E
4.1.1
A
E
4.1.2
X
E
4.1.3
A I
E
4.2
E I SA
E
4.2.3
I SA
E
4.2.4
E I SA
E
4.2.5
N/A
E
4.2.1
I SA
E
4.2.2
E I SA
E
4.3
E
E

ASSURANCE MAP – INCLUDING
FUTURE AUDIT COVERAGE
1.1
E I SA
A E
1.1.1
I
A E
1.1.2
N/A
A E
1.1.3
X
A E
1.1.4
E I
A E
1.1.5
E I
A E
1.1.6
I
A E
1.1.7
X
A E
1.2
I
A E
1.2.1
I
A E
1.2.2
I
A E
2.1
I
A E
2.1.1
I
A E
2.1.2
I
A E
2.1.3
X
A E
2.2
I
A E
2.2.1
X
A E
2.2.2
I
A E
2.2.3
N/A
A E
2.2.4
X
A E
2.2.5
X
A E
3.1
A E I SA
A E
3.1.1
SA
A E
3.1.1.1
A E
A E
3.1.1.2
E
A E
3.1.2
E
E
3.1.3
I SA
E
3.1.4
I SA
A E
3.2
E I SA
A E
3.2.1
E
A E
3.2.2
I SA
A E
3.3
E I SA
E
3.3.1
E
A E
3.3.2
E I SA
A E
4.1
A I
E
4.1.1
A
A E
4.1.2
X
E
4.1.3
A I
E
4.2
E I SA
E
4.2.1
I SA
E
4.2.2
E I SA
E
4.2.3
I SA
A E
4.2.4
E I SA
A E
4.2.5
N/A
E
4.3
E
E

WHY SO MUCH RED??
?

COMPLETE ASSURANCE PICTURE
 Highest levels of assurance are sometimes highly focused
 Assurance map is only one tool; complements other value-added activities
 Cannot determine sufficient assurance coverage without knowing the whole picture

RISK MAP
1.1
1.2
2.1
2.2
3.1
3.2
3.3
4.1
4.2
4.3
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.2.1
1.2.2
2.1.1
2.1.2
2.1.3
2.2.1
2.2.2
2.2.3
2.2.4
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.2.1
3.2.2
3.3.1
4.1.1
3.3.2
4.1.2
4.1.3
4.2.1
4.2.2
4.2.3
4.2.4

THE CHERRY ON TOP
 Different assurance maps for different audiences:
 Deputy Minister/Board/CEO/
 Partners
 External stakeholders/shareholders

THE GREAT COMMUNICATION
TOOL
 Assurance mapping should be used:
 by corporate review functions when prioritising activities;
 to feed monitoring discussions with management;
 as a continuous reference point to show where risks might pop up throughout a fixed cycle or period of time.

CONCLUSION
 Ultimately, assurance mapping gives stakeholders:
 An overview of which risk areas are being covered and which are not;
 A medium-term view of risk management in the organisation;
 A clearer understanding of what assurance providers can do – and what they can’t.

QUESTIONS?
Matthew.Oleniuk@FortyKconsulting.com
www.linkedin.com/in/matthewoleniuk