Risk-Based Combined Assurance
and the New Normal.

25 – 28 July 2023
Sandton Centre Johannesburg South Africa

Register Now! Limited Seats Available!

R16, 999.00 Per Delegate


The ‘right amount of assurance’ depends on the risk appetite of the organization. There should be an alignment of control validation/assurance approaches and efforts across the organization, driving efficiency and the right levels of comfort. Risk management is the foundation of the combined assurance process and organizations should establish risk-based criteria for dealing with control failures on a consistent and strategically aligned basis to ensure organizational objectives and goals are achieved.

An effective way for companies to mitigate risk; is Combined Assurance. Combined assurance is the process of internal, and potentially external parties, working together to ensure that risks are well managed so that organizations can achieve their objectives.

Combined Assurance can enhance a company’s profitability and reassure the board that the controls meant to manage risk are adequate and effective. Meaning are they designed and working properly.

This training seeks to look at the role and contribution that effective risk management plays in ensuring the effectiveness of a combined assurance model and provide guidance on how to develop a model that is truly risk-based.

Benefits of combined assurance:

  • Coordinated and relevant assurance efforts are directed to the risks that matter most.
  • Commitment to enhance controls is demonstrated.
  • Dashboards that provide an integrated, insightful view.
  • Assurance activities produce valuable, integrated data, based on collaboration and not silos.
  • Reduction in assurance costs through the elimination of duplication and better resource allocation.
  • Resources are not wasted on unnecessary duplication.
  • A reduction in the repetition of reports by different committees, resulting in improved and more efficient reporting.
  • A comprehensive and prioritized approach in tracking remedial actions on identified opportunities/weaknesses.
  • Clarity on risk and audit.

Specific learning outcomes of this short learning program are to:

  • Describe the concept of combined assurance;
  • Understand and identify the various role players and assurance providers in a combined assurance environment;
  • Specify the role of internal audit in combined assurance
  • Benefits, Barriers, and Challenges
  • Critical Steps and Factors for Implementation
  • What is the single biggest factor that enabled you to implement a combined assurance model?
  • The Need to Coordinate Assurance Functions
  • Developing your governance design skills whilst supporting your organization in maximizing the value of its IT investments
  • Understanding how COBIT 5® and other associated IT governance standards go hand in hand with the application of the King IV™ combined assurance approach
  • Building an effective assurance model aligned with your GRC and assurance functions
  • Empowering collaboration between cross-functional stakeholders and diverse areas of management with a unified insight into the purpose and desired outcomes of their inputs
  • Use the tools/templates available to structure a combined assurance framework, model, and structure within an organization; and Compile a combined assurance report.

Who should attend:

  • Chief Risk Officers,
  • Risk Managers,
  • Risk Champions,
  • Internal Audit/Auditors
  • Board Audit Committee and
  • Board Risk Committee Members,
  • Executive Risk Management. 
  • All participants in the organizational assurance processes including risk practitioners.
  • Executive directors,
  • non-executive directors,
  • Exco members,
  • Heads of Departments,
  • General Managers,
  • Senior Managers,
  • Managers,
  • Supervisors,


  • Audit, Risk, Governance, and Compliance
  • IT, Information / Data
  • Business Continuity, Business Recovery, and Crisis Management Strategy

Course Outline:

What is Combined Assurance?

The Growing Need for Risk Management

  • Organizational Failures
  • New Risks
  • Stakeholder Expectations

Identifying Key Players in Organizational Governance

  • Stakeholders
  • Board of Directors
  • Audit Committee
  • Management
  • Assurance Providers

The Need to Coordinate Assurance Functions

  • Varied Assurance Providers
  • Three Lines of Defense

Combined Assurance as a Solution

  • Aspects of Definition
  • Benefits of Combined Assurance
  • Who Plays an Important Role in Combined Assurance?
  • Board of Directors
  • Audit Committee
  • Internal Assurance Providers
  • External Assurance Providers

Research Methodology and King Code Inclusion

  • Interviews
  • Description of the Case Studies
  • Context of the King Codes
  • King Code Revisions

Understanding Combined Assurance

  • Organizational versus Project Level
  • Functions Providing Assurance
  • Combined Assurance Beyond Internal Auditing

Reasons to Implement Combined Assurance

  • The Governance Factor
  • The Risk Factor
  • The Efficiency Factor
  • Combined Assurance as a Way to Reduce Assurance Fatigue
  • Combined Assurance as a Way to Avoid Assurance Gaps
  • Combined Assurance as a Way to Reduce Silos
  • Combined Assurance as a Way to Reduce Assurance Costs

Benefits, Barriers, and Challenges

  • Benefits of Combined Assurance
  • Benefits for the Business
  • Benefits for the Assurance Process
  • Barriers and Challenges When Implementing Combined Assurance
  • Trial and Error
  • No One-Size-Fits-All Approach
  • Progress Through Sharing
  • Creating an Integrated View
  • Misunderstanding the Concept
  • Misunderstandings of the Meaning of Assurance
  • Maturity of Risk Management

Critical Steps and Factors for Implementation

Critical Steps

  • An Illustration of a Top-down Combined Assurance Approach
  • Critical Factors in Implementing Combined Assurance
  • Tone from the Top and Executive Buy-in
  • Management Buy-in
  • Mature Risk Management Process
  • Clearly Understanding Accountabilities
  • Common Language, Data Depository, and Methodologies
  • Importance of Communication Among Assurance Providers

The Role of Internal Audit in the Combined Assurance Model

  • Internal Audit as Champion of Combined Assurance
  • Internal Audit as Quality Control for Combined Assurance


Potential Challenges for Internal Audit

  • Risk Management
  • Potential Audit for the Future
  • From Traditional to Participative
  • Strategic Direction
  • Assurance versus Consulting
  • Evolution of Skills

Setting the scene for Combined Assurance in IT Governance

  • Combined assurance and the greater governance scheme
  • The evolution of combined assurance from King III to King IV
  • Decision-design vs. decision-support
  • Management control and the model
  • Your combined assurance model and fulfilling governance goals
  • Supporting business drivers using an IT-CAM (Combined Assurance Model)

The changing roles of Risk Management and Internal Audit

  • The role of Enterprise Risk Management and the risk-based approach
  • Relating business risk to IT risk in the context of the Combined Assurance Model
  • The changing role of Internal Audit
  • Case studies: (High-profile governance crises and operating example)

Developing the Combined Assurance Model for IT Governance

  • Establishing readiness and constructing the CAM for IT
  • Maintaining and continually improving the IT-CAM
  • General ‘Dos and Don’ts’
  • Recognising the influence of digital transformation and disruption
  • Common challenges, lessons learnt and success factors


While both In-House and Online training can present with cost-effectiveness and time-efficacy, there are some very specific differences between in-house courses and those based online.
The demand for additional courses by individuals or groups of people is increasing. Still, it depends entirely on the preferences of a person what type of training he or she wants to receive. Online courses and in-house training carry some similarities but they are considered to exhibit some very pivotal differences too. Despite that, both types of learning can be really beneficial for attendees.

For Registration and other Training arrangements,
contact us on the detail below.

SOUTH AFRICA : +27 11 057 6001
TANZANIA Cell: +255 769 688 544
WhatsApp +27 79 574 0389
info@bmktraining.co.za / www.bmktraining.com