Are you feeling assured?

Company directors are increasingly under pressure to provide assurance that their activities meet high ethical and environmental standards. Matt Haddon and Justin Dye from ERM Assurance discuss how you can provide and receive assurance that your company is complying.


Around the world, ERM’s clients are facing tougher and more persistent challenges to their assertions that their company is being managed responsibly and effectively. What once seemed one-off problems, such as the collapse of Enron and Nike’s sweatshop tribulations, are being visited on more and more corporations. To top it all, activists’ push for greater transparency and accountability is increasingly being ingrained in law.

In response, many are working harder than ever to hold their companies to account, before someone else does it publicly. At the same time, corporate resources are being strained by competitive pressure, economic recovery and the shift towards ‘holding company’ business models that emphasise business unit autonomy over central command and control. In response, we are seeing companies developing sophisticated and creative approaches to the getting and giving of assurance.

While much of the early focus has been on financial probity, non-financial performance has begun to get a significant share of the limelight. Investors are realising that poor management of environmental, social and business ethics performance can present serious commercial risks to the organisation. The big shift, as exemplified by the UK Government’s planned OFR requirements, is that companies are being asked to explain how their management of these issues will affect the commercial value of their businesses going forward – not just report on historic performance.

So, these same executives are looking inside their companies for ‘assurance’. Do we know what we need to do? Are we complying? How do I know we are complying? Can I rely on the information about the company’s non-financial performance that is being provided to me? What do we do when things go wrong?

The great levelling factor is that assurance is something you get, not something that you do. Leading companies are learning that they need an effective assurance net – including good flows of information, robust checking of performance, effective training and strong management commitment – to provide themselves, and their investors, with the comfort that things are being managed the way they expect them to be.

Channels of communication on non-financial issues are also changing, and moving into the mainstream. Public reporting on non-financial performance has moved away from the ‘good news’ genre of the early 1990s, through the technical focus of the GRI, and is now diving into issues that are of genuine commercial importance. The pressure increasingly rests on executives, and their non-executive colleagues, to know what non-financial issues matter to the business, and to make sure they are being managed effectively.

While early generations of assurance programmes focused on strict compliance with legal requirements, new approaches demand an understanding of what potential risks may be posed by not meeting corporate commitments, pressure group demands, or community expectations.

At its most basic, assurance revolves around four key activities: 1) making sure you know what is actually happening in your organisation; 2) identifying where the biggest risks of non-compliance lie (business units, management levels, markets, etc); 3) improving the management approach and culture to strengthen performance and reduce risks; and 4) communicating clearly that the company is responsibly managed from both financial and non-financial perspectives.

Done well, these assurance activities will not only reduce commercial risks but will also stimulate business innovation and competitiveness. Done poorly, they will be an administrative exercise and may not help improve performance and reduce business risks at all.

A number of familiar techniques are being refined and brought together to provide greater assurance, including risk profiling, self-assessment, management interviews, cultural assessments and site audits. Successful assurance programmes are being tailored to the organization, with the level of detail and approach for any particular topic linked to issues such as the maturity of understanding of the topic, the risk posed to the organization and the emphasis placed on it by the Board (and others).

Putting these concepts into practice is bringing together the strengths of risk management and more prescriptive compliance assurance, providing better assurance, more effectively. As companies explore similarly creative approaches to provide assurance to themselves and others, they will find ways to turn the demand for greater accountability into business opportunity.

Matt Haddon and Justin Dye


ERM Assurance, London

This article first appeared in ERM’s Perspectives magazine.

Action inspires action. Stay ahead of the curve with sustainability and energy newsletters from edie

Subscribe