Combined assurance

The Board, supported by the Audit Committee, is ultimately responsible for Blue Label's system of internal controls, which has been designed to evaluate, manage and provide reasonable assurance against material misstatement and loss. The ARCC of Blue Label is specifically responsible for overseeing the effectiveness of combined assurance arrangements within the organisation, which is documented within the Blue Label Integrated Risk Assurance Policy and Framework. The IRCC is responsible for directing and assisting in the co-ordination of the combined assurance arrangements within Blue Label as well as to ensure that a robust integrated risk assurance plan is to be compiled and executed by the various assurance providers on an annual basis.

Blue Label has adopted a combined assurance model, in line with corporate governance objectives, to optimise assurance obtained from management, corporate functions and internal and external assurance providers on the risks affecting the business. The combined assurance model is integrated within the risk management process, including reporting to and oversight from the IRCC and ARCC, from which the annual integrated assurance plan is developed in respect of the priority risks for Blue Label across the four lines of defence (Management, Corporate Functions, Independent Assurance and Oversight Committees) through defined assurance activities. The assurance plan is a key tool to support the ARCC and the Board in making its endorsement on the effectiveness of internal controls in the integrated report and to support the integrity of information that underpins internal decision-making within Blue Label and reporting to its stakeholders. Efforts surrounding the first and second lines of defence included automating the settlement and reconciliation processes within the applicable subsidiaries and robust subsidiary and Group-level finance reviews on a monthly basis which formed part of oversight and strengthening of the overall combined assurance function.

In conclusion, risk audits are assigned to appropriate assurance providers, who monitor the effectiveness of the action plans and processes developed and implemented by management to mitigate the risks. This model gives the Board the assurance, through the ARCC, that all significant risks and associated opportunities are adequately managed.

Combined assurance