Controls assurance is a critical component of any robust risk management framework, providing an organisation with:
Objective evidence that controls are designed and operating adequately as a basis for executive and Board signing off on the adequacy of controls over material risks.
KnowIedge of control weaknesses as a basis of making improvements.
Education to control owners and operators as to the objectives, workings and importance of controls that they are responsible for.
A basis of assessing the adequacy of controls as part of a Risk and Controls Self Assessment process.
Controls assurance varies greatly between organisations. At the most basic level, some organisations rely on an annual or semi-annual attestation from business unit heads that all is in order. Usually this comes with no or little evidence and relies more on trust that the manager has adequate knowledge to make the attestation.