What is good practice in risk and assurance?

Risk lessons are usually portable. Templates less so.

Where current practice comes from

Ideas are plentiful. The value is in knowing how to implement them.

Much of what we see in our work has surprising origins. Its usually one or more of the following:

  • This is what someone did at their last place
  • This is what the committee saw at another place
  • This is something we found on the web / on a knowledge portal
  • This is what our advisors gave us / told us to do
  • This is something our team bought / built.

Usually current practice is a combination or evolution of the above.

In many cases implementation wasn’t accompanied by a sound change process, meaning the change wasn’t fully adopted or benefits realised.

And those who set it up have often moved on.

The dangers of copy-and-paste governance

Just because everyone in [banking / government / education / healthcare etc] does it this way doesn’t mean it’s good. Actually this is often where industry blindspots come from.

A quick web search on any issue will give you one or more solutions to a problem, maybe with a process, outline or template. Your team will also have knowledge from their previous ways of working and so will you. And if you’re a large organisation maybe you’re part of a benchmarking circle or support group. There are lots of possibilities.

But it doesn’t mean they are good.

Or contemporary.

Ot right for your organisation.

Good practice evolves quickly. Yesterday’s shiny idea is tomorrow’s industry standard or possibly obsolete.

New ideas need testing, clarity on intent and teaching in how to use them properly. A good idea implemented poorly is often worse than no change at all.

And then there’s context. What worked at a bank might not work in a human services organisation or vice versa. And even worse, norms often perpetuate within sectors.

Copy and paste governance is the reason why much of what we see isn’t working well. Sorting it out a big part of why people call us in.

Getting it right

Tuning your audit and risk is like tuning an engine. Good mechanics know which interventions to make and when. They know when to change the spark plugs, flush the fuel lines or go after the problem with the air intake.

Knowing that to do and when to do it is the secret to getting buy in, reducing missteps and change fatigue.

On this, I’d argue that are the best in the business.

The mantra in 2020 for risk and assurance is integration. Risk and assurance activities should be embedded into the DNA of how an organisation work. It can’t be an extra curricular task after the day’s work is done.

This is easier said than done. Context is everything in deciding what to use, when to use it, what to adapt, what to customise, how to implement and when.

This is where we come in.

In our repository of 7,500+ precedent documents and templates, only four are usually relevant for a particular client at a particular time to get the results they need.

They are a different four every time.

And they always require customisation to make them sing. Always.

Our secret sauce

We’ve been shaping shaping good practice internationally for more than 20 years.

We see a lot of stuff. We also shape and propagate much of it. In fact, it’s likely your using some of our thinking right now.

We invest heavily in scanning and curating best practice in risk and assurance. We are always for the hunt for the next challenge and for what great looks like.

Most transformation projects normally start with a best practice scan, domestically and internationally through our established networks.

Even the small ones are an opportunity to reconfirm our thinking and find out new things. And that’s before the innovation starts.

We also push regulators, standard setters and professional bodies to help lift the standard, backed by tested good practice.

We take that opportunity, constantly, on up to 20 initiatives a year. Every single year. Since 2007.

We see a lot of stuff. We also shape much of it, which quickly becomes the next industry standard.

This means we know what good looks like, today, yesterday and tomorrow. And what works in your context.

It’s not rocket science but there is a big of magic in it, not readily available from providers who specialise in BAU benchmarking and delivery. It’s a niche and it’s what we do.

How we can help

If you want to get from good to great, we’re here to help. In fact it’s the only reason Todd Davies & Associates exists.

We can help you to check where you’re at, what’s missing, what’s possible.

And then we can help you source and implement those ideas and make them stick. This is what we do.

If you want to know with certainty whether your approach is right and then make the change. We are here to help.

To clarify your thinking or see how we can help, book at time with Todd via Calendly or via the contact page on this website.