Print Friendly and PDF

How an integrated assurance model can benefit corporate reporting

← back to the complete issue

How an integrated assurance model can benefit corporate reporting

In today’s turbulent and volatile environment, corporations are struggling to build trust – both within their own organization and with society. In the ongoing debate on deregulation, corporate reporting on governance and sustainability is now viewed with suspicion as bureaucratic rather than recognized as a source of valuable information for a company’s shareholders and stakeholders. To confront these challenges, we need a new approach to good governance and related reporting.

By Klaus Moosmayer


The challenge

The impact and trustworthiness of corporate reporting depend on the quality and effectiveness of an organization’s governance system. To keep pace with ever-increasing and often insufficiently harmonized national and international regulation, many companies have assembled siloed departments or appointed “officers” for topics like anti-bribery, antitrust, data privacy, cyber security, human rights, ESG or trade sanctions compliance – often without granting them sufficient mandate or budget.

Enterprise risk management is frequently separated from the corporate strategy and primarily focused on financial matters. This siloed assurance structure undermines the quality of corporate reporting. Gathering relevant information and data from the different departments has become a burdensome and bureaucratic exercise, often at the expense of data quality.

As a result, boards, shareholders and the public struggle to obtain a clear picture of a corporation’s risk exposure, leading to mistrust. This situation amplifies the challenges of today’s complex geopolitical landscape and the increasingly urgent call for responsible deregulation. Without a comprehensive and well-structured system, organizations find it difficult to respond swiftly to crises or manage regulatory complexity effectively. Similar challenges arise when dealing with novel ethical dilemmas that require cross-functional expertise. A timely example is the responsible use of AI: assessing the risks of new AI applications without stifling or delaying innovation has become crucial for companies.


The concept of integrated assurance and its implementation

Considering these challenges, implementing an integrated assurance model for ethics, risk and compliance management can be highly beneficial. The term “assurance” is often applied too narrowly in the context of audit and accounting. Integrated assurance aims for a horizontal alignment and joint taxonomy across the four areas of governance, risk management, compliance and internal controls:

While a few corporations have combined ethics, enterprise risk management and compliance into one function, such structural integration alone is not sufficient to deliver effective integrated assurance. The organizational setup must enhance coordination and efficiency across the different assurance activities and controls by harmonizing the policy and process landscape.

Recognizing that no single function within a corporation “owns” ethics, an integrated assurance function has also the role of a “catalyst” – fostering an integrity-driven culture that emphasizes principled based decision making and behavioral insights, rather than excessive control or regulation. The precise organization of an integrated assurance approach will depend on each company’s risk profile and operating context.

The benefits for corporate reporting

An integrated assurance approach can significantly enhance the efficiency and quality of corporate reporting. It ensures both the availability and accountability of relevant information along with its qualitative assessment for external disclosures – and likewise improves the consistency of internal reporting.

The board of directors receives a consolidated and coherent management assessment of integrity, risk and compliance instead of fragmented input. This enables them to focus on strategic risks and key operational challenges. Moreover, beyond regular reporting cycles, an integrated assurance structure proves its value in crisis situations – when management and the board must respond and communicate rapidly with employees, stakeholders or even the broader public.

For instance, in a large-scale cyberattack, response and reporting are often delayed because a cross-functional taskforce must be formed ad hoc for the first time. Integrated assurance, by contrast, facilitates readiness, transparency and alignment – allowing a company to sustain business continuity even under pressure.

Download article as PDF

Key Takeaways

Companies and their reporting are under increased regulatory and societal scrutiny.

  1. Most organizations still operate under a siloed governance approach, lacking horizontal alignment.

  2. Integrated assurance connects governance, risk management, compliance and internal controls.

  3. Corporate reporting improves through structured, integrated sourcing of assurance information.

  4. The advantages of integrated assurance are especially evident in crisis management situations.

Klaus Moosmayer, PhD

is member of the Supervisory Board of Deutsche Bank AG and Co-Chair of the Global Future Council on Good Governance of the WEF. Previously, he was the Chief Ethics, Risk and Compliance Officer of Novartis AG. He teaches Governance at St. Gallen University and serves on the Advisory Council of the Corporate Governance Institute at the Frankfurt School of Finance and Management.


Reporting Insights & The Reporting Times

Unsere Fachzeitschrift «The Reporting Times» sowie die digitalen «Reporting Insights» bieten regelmässig recherchierte Fachartikel aus dem In- und Ausland, wiederkehrende Kolumnen und Interviews. Beide Publikationen informieren, hinterfragen und inspirieren – manchmal kontrovers, manchmal augenzwinkernd, aber immer hoch professionell und aktuell. Mit diesen Publikationen sind Sie stets up-to-date hinsichtlich neuester Trends, Studien und Events rund um das Thema Unternehmensberichterstattung, Stakeholder Excellence & Value Creation.