Adoption of the combined assurance model by South African state-owned enterprises (SOEs)

Abstract

In addition to integrated reporting, which was arguably first introduced by the third King Report on Governance for South Africa (King III), King III also formally introduced the combined assurance model as a further governance innovation, aimed at enhancing the quality of organisational reporting. Although the combined assurance model is primarily an internal enterprise risk management innovation, designed to incorporate, integrate and optimise all assurance services and functions, it simultaneously enhances the credibility of organisational reporting. Taken as a whole, the combined assurance model enables an effective control environment, supports the integrity of information used for internal decision-making by management, the governing body and its committees; while supporting the integrity of the organisation’s external reports. Organisations adopting King IV, including state-owned enterprises (SOEs), are expected to explain how the provisions of the combined assurance model have been implemented. Explaining conformance, introduces an element of innovation into organisational reporting as envisaged by King IV, by providing stakeholders with assurance about the veracity of the disclosures contained in the internal and external reports of organisations. This exploratory paper analyses the extent to which South African SOEs have conformed to seven key combined assurance indicators. The disclosures contained in the publicly available annual/integrated reports of South African SOEs, listed in Schedule 2 of the Public Finance Management Act (PFMA), were thematically analysed to fulfil the objective of the study. We found that although the combined assurance related disclosures suggest high levels of adoption by some SOEs, the majority have not provided sufficient information to explain how they have applied combined assurance, if at all. Although their reports appear to provide internal management with some level of assurance about the extent to which risks have been managed, these reports may not necessarily provide external users with confidence that all material risks have been effectively mitigated, within the organisation’s risk appetite. This paper discuses implications for policy and practice and concludes by providing avenues for further research.