Governance failures have made headlines repeatedly in recent years across all sectors of the economy, and charities have not escaped scandal with high profile cases attracting scrutiny and eroding public confidence.
I work with a range of different organisations at board and management level, and a common problem for boards is finding the right balance in where they focus their time and efforts. In this post I set out a method for taking a structured approach through the creation of a Board Assurance Framework (BAF).
What’s the problem?
It can be difficult for charity trustees and non-executive directors (NED) to ensure they have the right information, at the right time, about the right things, to keep abreast of how the enterprise is run, not least because access to information is often controlled by managers. Boards often rely on reports and reassurances that senior managers choose to provide them and, particularly if you are a new trustee or NED, it is not always easy to question that.
A way to take greater ownership of this crucial issue is to have in place a BAF – a structured approach for ensuring that board members agree the important matters they need to be sighted on, that they know what information they should be seeing and how frequently, and that they understand the level of assurance they can take from it.
What is meant by assurance?
The word assurance means different things to different people and it is important that everyone involved in governance understands what it means within their own enterprise and where assurances come from. Asking the question ‘do we know what we think we know?’ can help frame a board level debate and, given the legal responsibilities that a board has for their enterprise’s administration and management, it is a fundamental question to ask.
Where to start?
Board members should agree what they need assurance about and how much assurance is required.
A good starting point would be the agreed objectives that focus activities on fulfilling the enterprise’s mission or purpose. Assurances can then be sought around the processes and controls aimed at delivering those objectives.
Taking a risk-based view is also helpful for structuring a BAF, and risk scoring can assist with prioritising the aspects of the enterprise’s activities that may need more or less scrutiny. Where risk controls are already in place around every day aspects, for example around health and safety, assurance focuses on monitoring how well those controls are working by looking at relevant evidence and performance indicators.
Sources of assurance
Assurance might be derived from a range of sources to generate a comprehensive view, for example:
- meetings or discussions – chance to question and gain first-hand information
- visual checks or inspections undertaken
- self-assessments, peer or management assessments
- performance measures or other data collected
- reports from management
- internal and external audits.
Boards members will need to make a judgement about the level of independence they require – there will be matters that warrant external verification to provide robust assurance, financial accounts being the most obvious example.
It is likely that you will rely on management to help implement a BAF, and their engagement is essential. The exercise of developing the BAF will help them assess their own approach to assurance, enabling good practice to cascade through the enterprise.
There are a number of ways that managers can help trustees identify assurances:
- ask managers to record all the assurances they rely on
- conduct a workshop with the management team
- complete one-to-one sessions with risk owners
- review internal and external audit reports and any other third party reports to identify the assurances they provide
- review internal management, committee and board meetings minutes and agenda.
Although management need to support the process and help identify gaps in assurance, the board must own the BAF and be sure to refresh it regularly enough to keep pace with the enterprise’s operating environment. It shouldn’t be a one-off exercise, but become a useful reporting tool to keep track of the important aspects of the enterprise’s operations.
A key governance tool
Uncertainty and insecurity, as well as opportunity, will continue to be part of the social enterprise landscape. It is crucial therefore that boards ensure that their governance and risk management arrangements are sufficiently robust to cope. Taking a good hard look at how the board and audit committee are assured over the whole control environment to ensure that these arrangements are fit for purpose is well worth the time and effort.
Read more in the Charity Governance 2020 report at RSMUK.com.