Abstract:
Combined Assurance is an emerging global concept aimed at enhancing board risk
oversight by integrating and aligning silo-based assurance processes across the
organization. This study develops an instrument to measure the organizational
maturity to adopt Combined Assurance in a two-stepped approach. First, a survey
questionnaire was developed based on an extensive literature review. Second, the
questionnaire was administered among over 30 respondents engaged in risk,
internal audit, and finance to assess the reliability and validity of the instrument. The
findings further collaborated through case studies of four leading organizations in
Sri Lanka. The study finds that the organizational maturity to adopt Combined
Assurance that could be assessed using two dimensions: ‘Holistic Approach to Risk
Management’ and coordinating assurance among ‘Three Line of Defense’. The
findings also revealed that Enterprise Risk Management is a prerequisite for the
successful implementation of combined assurance and Internal Audit Function can
potentially play a championing role in the implementation with close collaboration
among the Three Line of Defense. These findings provide opportunities for future
research from an Internal Organizational Governance perspective. Further, from a
regulatory perspective, the study emphasizes the need to revisit the existing
corporate governance practices in relation to the application of combined assurance
