Combined Assurance Model
Definition of Assurance: confidence gained from an opinion on the reliability of given processes.
Description of Assurance Providers:
University Administration execute continuous assurance through the oversight of established risk and control frameworks such as: IT Governance Framework, Enterprise Risk Management (ERM) Framework, Information Management Framework, Policy Framework and a mature collection of policies and procedures providing guidance on expectations. Administrators own and manage risk day to day and participate in a culture of continuous improvement in alignment with the objectives of the University.
Internal Assurance Providers support the management of risks and may help coordinate risk management activities. Outcomes from assurance work inform decisions through risk management and compliance functions as demonstrated in long standing committees that contribute to the oversight and monitoring of operations:
- ERM Committee
- IT Council
- Separately Incorporated Entities (SIE) Committee
- Integrated Budget and Planning committee
- Academic Unit Planning Committee
- University Health and Safety Committee
Independent Assurance Providers deliver an independent and objective assessment of the overall adequacy and effectiveness of governance, risk management, and controls. Independent assurance providers include the following:
- Internal Audit
- External Financial Audit
- Accreditation Review
- External Funding Agency Audit
- ISO Certification Audit
- Environmental, Health and Safety Inspection
- Other regulatory inspections as required by legislation
- Other external performance improvement consultants as needed
Different levels of assurance is required at various levels of the University.
The combined assurance model is supported by the office of internal audit, an independent function reporting to the Board of Regents through its Audit and Risk Committee. The internal audit function coordinates assurance providers by working together across multiple layers of the University to provide a systematic approach to assurance. Internal Audit shares information and coordinates activities with other internal and external providers of assurance to ensure appropriate coverage to support senior administration and the Board.