Investigating the impact of the combined assurance model in the management of risks in a selected municipality
Abstract
The need for corporate boards to disclose on the effectiveness of their risk management and internal control has made combined assurance a common phenomenon that yields better risk management. The effectiveness in risk management is perceived to emanate from the use of internal and external assurance providers to formulate a holistic assurance to the board of directors on all elements of risk management and internal control. The combined assurance model is one such model recommended by the King Codes that ensures adequate and effective risk management by implementing three lines of defence across the internal and external assurance providers. The problem is that while combined assurance is mandatory and regarded effective in South Africa, not many municipalities are realising the effectiveness of using the combined assurance model. Therefore, the need in this study is to investigate the impact of combined assurance models in managing risks by examining the impact of first line of defence, second line of defence and third line of defence on risk management. The aim is to ascertain the effectiveness of the assurance model in safeguarding organisations from risks. Using a case study approach, a single municipality in Ekurhuleni was selected to carry out a quantitative analysis to examine the views on combined assurance activities and functions within the organisation. A questionnaire was administered to all employees of the Ekurhuleni Municipality using the total population purposive sampling technique. It was found that the municipality has all three lines of defence in existence, and these lines of defence all have core and support functions that ensure a coordinated effort towards risk management. In addition, the respondents agreed that the first line of defence acts as process owners of risk management and management assurance. The second line of defence acts as overseers of risk in support of the first line of defence and to monitor and coordinate risk management efforts. The third line of defence is a group of external and internal independent assurance providers who provide assurance services for effective risk management. All three lines of defence were found to have a significant moderate linear relationship with effective risk management. It is recommended that municipalities should make use of assurance mapping, a single enterprise risk planning, alignment of assurance with critical risk exposure, a risk forum, top management support and clear separation of core and support functions of each line of defence.