From Theory to Practice: How Integrated Assurance Makes Companies Resilient for Tomorrow
Companies are facing unprecedented challenges, in an increasingly complex and volatile world. At least if they not only want to remain efficient in the short term, but also become resilient to crises, disruptions and uncertainties in the long term.
While in some companies today assurance functions such as compliance, risk management, internal audit, data protection, sustainability and IT security are still fighting in isolation for attention, budgets and the authority to interpret what “good corporate governance” means, others have long since recognized this: Integrated assurance is the order of the day. It is about nothing less than the foundation for safeguarding the company and ensuring its future viability. But what does the term actually mean?
In the following, we explain what we mean by Integrated Assurance, what goals we are pursuing with our very own consulting approach and why it is more important than ever to set the course for tomorrow today.
Integrated assurance in corporate reality: still mostly a patchwork quilt
In many companies, there is currently a proliferation of different assurance functions. Each function audits on its own, with its own methods, its own KPIs and its own reporting channels. The result is a patchwork of individual risks, audit plans and catalogs of measures that raises more questions than it answers.
It becomes particularly critical if this fragmentation continues into the Management Board. If the CFO has different risk assessments than the General Counsel; if the CCO has no knowledge of the results documented by Internal Audit in the last IT security audit; or if the CEO has to make strategic decisions based on contradictory information.
At a time when companies increasingly have to react in real time – to geopolitical crises, regulatory shocks or reputational risks – this is an unacceptable situation.
Integrated assurance refers to a holistic, coordinated approach to managing, monitoring and assessing risks, controls and compliance requirements within an organization. Instead of allowing different departments such as Internal Audit, Risk Management or Compliance to work in isolation from one another, Integrated Assurance bundles the activities of these functions to avoid duplication of work and enable a consistent view of risks and controls.
Ensuring long-term corporate success through integrated assurance, even in times of crisis
The strategic management approach “Integrated Assurance” systematically coordinates the many existing control, audit and monitoring functions within the company. The focus is on the following objectives:
- Improving transparency regarding company-wide risks and control measures
- Enabling a consolidated and reliable view of the company’s actual risk situation
- Increased efficiency by avoiding redundant checks
- Promotion of a coherent governance and risk culture
- Ensuring the systematic identification, assessment and handling of relevant risks
In practice, integrated assurance means that the CFO knows whether the risks from the supply chain are compatible with the ESG objectives, the CCO recognizes whether the compliance risks from sales have also been taken into account in the audit plan, and the CEO can rely on the fact that the reports from the line functions are not only complete but also consistent.
Globalization, technologization and regulation call for new approaches
Regulatory complexity is increasing rapidly – and with it the risk of companies losing track. Whether it’s the Supply Chain Due Diligence Act (LkSG), the EU Omnibus Package, the Deforestation Regulation (EUDR), AI regulation (AI Act) or the extraterritorial enforcement of international anti-corruption laws: The requirements have not only become more numerous, but also more contradictory; and in some cases can no longer be met with existing organizations.
This means that while the compliance department is still struggling with the legally compliant implementation of a new whistleblower or complaints system, the internal audit department has long been planning a special audit on ESG risks – without knowing that the sustainability officer has just commissioned an external assessment. Three audits, one topic, no coordination.
Integrated Assurance is the answer to precisely this fragmentation. It is not about more control, but about more effective control. It is not about new processes, but about the intelligent linking of existing structures. And above all: trust. Those who cannot rely on their assurance functions are not only losing out in regulatory terms, but also strategically. Because only integrated reporting and analysis can provide a consistent picture of risks, vulnerabilities and dependencies – essential for crisis prevention. And only an integrated assurance structure prevents parallel audit processes and allows the targeted allocation of resources – a decisive competitive advantage, especially in times of crisis.
The special approach of Pohlmann & Company – interdisciplinary and practical
Pohlmann & Company pursues a unique interdisciplinary and practical approach to the implementation of Integrated Assurance. Our aim is not to establish yet another control system or new management concept, but to orchestrate the existing functions so that they work together – like a well-coordinated ensemble.
We achieve this together with our clients, in particular through:
- Assurance mapping: We analyze which functions check which risks – and where there are gaps or overlaps. In doing so, we break down silos and cleverly institutionalize cooperation between risk management, internal audit, compliance and operational units through platforms, processes and regular exchanges.
- Governance alignment: We create clear responsibilities, mandates, coordinated reporting and communication channels and a common understanding of risks and controls. Only clear governance structures and coordinated control mechanisms enable companies to react quickly in exceptional situations without losing valuable time due to coordination problems.
- Digital integration: We support the selection and implementation of tools that enable a consolidated view of risks, measures and audits. Digital solutions such as GRC software, automated dashboards and AI-supported risk analyses create transparency and a basis for decision-making in real time.
- Cultural work: Integrated assurance is not just a structural issue, but also a question of attitude. We promote a culture of cooperation, transparency and acceptance of responsibility. Lessons learned and continuous improvement, for example, are an essential part of this.
Our experience shows: Integrated assurance only works if it has a firm place in the corporate strategy and organizational structure and is supported by top management. When the CEO not only asks whether “everything is compliant”, but whether the assurance functions talk to each other and are coordinated, the CFO not only looks at the figures, but also keeps an eye on the risks behind them and the CCO not only sets rules, but also builds bridges – to internal audit, the legal department, risk management and IT security.
“Where management, employees and stakeholders can rely on resilient assurance processes, a resilient culture of cooperation and personal responsibility is created that can also withstand crises.”
Julia Kahlenberg, Partner
What does this mean for your industry?
In the automotive industry, for example, companies are faced with the challenge of fulfilling regulatory requirements along complex supply chains – from CO₂ targets to verifying compliance with human rights along the entire supply chain: without integrated assurance structures, there is a risk of double checks, blind spots and liability risks.
In the energy sector , ESG risks, cybersecurity (NIS2) and regulatory compliance are closely interwoven: Anyone who fails to think in an integrated way here will not only lose efficiency, but also credibility with investors and supervisory authorities.
And in the pharmaceutical and telecommunications industries, where the pace of innovation and regulatory density are equally high, integrated assurance is the key to identifying risks at an early stage – and proactively meeting regulatory expectations.
Conclusion: Those who integrate, lead better
“Integrated assurance is never an end in itself. It is not about introducing a new buzzword into the governance debate, but about making companies more resilient, agile and reliable – in a world that is becoming less and less predictable and in which participation in economic life involves increasingly complex risks.”
Christian Beer, Partner
So the central question is not: “Can we afford Integrated Assurance?” But rather: “Can we afford to do without it?” In a world characterized by uncertainty, sustainable corporate success can only be ensured through integration.
Pohlmann & Company accompanies companies on this path – with legal expertise, strategic vision and a deep understanding of the reality in regulated and technology-driven industries.
Those who think in an integrated way today will have better answers tomorrow!