Defining assurance plans

Assurance Plans is an app in HighBond. An assurance plan is an annual program that determines the scope of assurance activities, the areas of coverage, and the availability of resources. Define an assurance plan to execute on the key objectives of the organization, ensure that appropriate coverage and resources are available, and align directly to strategic risk.

Before you start

There are a few optional things you can do before you define an assurance plan.

How it works

Proper governance requires leaders to assess strategic risks and then propose an assurance plan to the board for approval, illustrating potential impacts to the organization and how and why strategic risks will be resolved. Assurance plans are the means to gaining approval for your list of audit plans, risk management plans, or compliance reviews.

Assurance plans can capture:

  • the strategic risks you want to address
  • the objectives you want to focus on
  • the areas of the organization you will cover
  • the overall progress of the plan and the individual projects that are part of the plan
  • the total available resources (in hours) allocated to the plan

Adding projects to an assurance plan

You can add up to 100 projects to an assurance plan by:

  • creating a new project
  • linking an existing project
  • rolling forward an active project, archived project, or project template

A single project can be added to multiple assurance plans. If you create a new project, you can import objectives from frameworks to the project and tag projects with entities as part of the assurance plan setup:

  • Objectives the key areas of a project and the organizing containers for work done within a project
  • Entities business units, departments, locations, or key initiatives that are within the scope of the project function

Viewing coverage

After you define your assurance plan, you can view coverage across the different projects in your assurance plan by entity category or entity.

In each assurance plan, coverage is displayed in a table. The rows show the individual projects associated with the plan, and the columns show the tagged entities.

Entities tagged to projects and items contained in projects (objectives, risks, controls, and issues) are indicated with a check mark . Entities that have not been tagged to projects or project items, but are a part of your organizational entity structure, are specified under Entities not covered (#).

Viewing strategic risks

Within an assurance plan, you can use the Risks tab to see how your plan aligns with your organization's strategic risks:

Example

A financial reporting mistatement risk that is linked to two objectives in the assurance plan:

Note

Only strategic risks that you previously linked to framework objectives in the Strategy app display in your assurance plan. To view strategic risks, you must add any projects linked to the framework to the assurance plan.

Strategic risks linked to project objectives are not displayed.

Viewing progress and available resources

Each assurance plan displays the progress of each project in the plan, the overall progress of the plan, and the total available resources (in hours) allocated to the plan.

Progress and available resources are visualized using in the following percentage bar charts:

Chart name Example How it is calculated
Progress

the sum of scores received for each project phase divided by the maximum score you can obtain across all project phases and objectives

For more information, see Understanding project progress charts.

Overall progress

the average progress across all projects in the assurance plan

Total available resources (hours)
  • Green bar the sum of budgeted hours for each project compared to the total available resources defined in the assurance plan
  • Red bar the sum of budgeted hours that exceed the total available resources (if applicable)

Tip

You can hover your mouse over the bar sections to view the number of hours.

Example

Viewing coverage by entity in an assurance plan

Scenario

As an Audit Manager, you need to determine the scope of assurance projects for the year and the areas of coverage.

Previously, you defined an assurance plan, and specified entities within scope. Now, you want to view coverage across the different projects in your assurance plan by the British Columbia entity.

Process

You open the assurance plan, select Entities, and filter the information in the table by the British Columbia entity.

Result

Selecting British Columbia shows the direct descendant entities (Vancouver and Victoria) as distinct columns in the table.

Projects that cover the Vancouver and / or Victoria entities are indicated with a check mark .

Permissions

Project Admins, Project Creators, and Assurance Plans Admins can define assurance plans.

Note

Assurance Plans Admins that are also Project Creators can create, link, and rollforward projects in an assurance plan. Assurance Plans Admins that are not Project Creators can only link projects in an assurance plan.

Create an assurance plan

Provide a name and description for the assurance plan, and define the total available resources and planning period.

  1. Open Assurance Plans.

    The  Assurance Plans page opens.

  2. Click + Create plan.

    The Create new plan side panel opens.

  3. Enter information in the following fields and click Create plan:
    FieldDescription
    Assurance plan name

    the title of the plan

    The maximum character limit is 255.

    Description

    optional

    a statement about the plan
    Total available resources (hours)the total number of hours available for project work
    Planning period

    the start and end dates of the plan, defined in years

    Tip

    Typically, the planning period is defined as a calendar year.

    Result The assurance plan is created.

Add projects to the assurance plan

Define the projects that form the basis of the assurance plan.

Click + Add to plan and choose one of the following options:

Create a new project

  1. Provide basic information about the project, and click Continue.

    For more information, see Creating projects.

  2. Optional. Select the objectives from frameworks to import to the project.

    Note

    The following limitations apply:

    • To select objectives, your role must allow you to view the objectives in the framework.

      For more information about roles, see Projects app permissions.

    • You can select up to a maximum of 100 objectives to import from frameworks to the project at one time.
    • You cannot import objectives in frameworks from the Content Library.
    SituationStepsAdditional information
    You want to base your assurance plan on strategic risks.
    1. Under Objectives linked to strategic risks, select from existing objectives in frameworks linked to strategic risks.
    2. Click Continue.

    Strategic risks are sorted by Inherent Risk Heat in descending order first, and then by creation date.

    For more information, see Defining risk treatment.

    You want to base your assurance plan on existing objectives from frameworks.
    1. Under All objectives, select from existing objectives in frameworks.
    2. Click Continue.

    Objectives linked to strategic risks are included in the All objectives list.

    You do not have any existing frameworks or objectives.

    Click Continue to skip this step or create new frameworks and objectives:

    • Create a new objective in an existing framework Click + Create objective and select the framework from the drop-down list.
    • Create a new objective in a new framework Click + Create objective and select + Create new framework... from the drop-down list.

    For more information, see Managing information using frameworks and Defining objectives.

  3. Optional. Select the existing entities that apply to the project, and click Continue.

    Any entities that have been previously tagged to objectives are pre-selected.

    If you do not have any existing entities, click Continue to skip this step for now and set up your organization entity structure at a later date. For more information, see Setting up entity tagging.

  4. Review and finalize the project, and click Create project.

    Result The new project is added to the assurance plan. If you selected objectives and entities as part of the setup, the objectives from the framework(s) are imported to the new project, and the entities are added to the assurance plan.

Link active projects

Select the projects that you want to add to the assurance plan, and click Link projects.

Result The existing projects, objectives, and tagged entities are added to the assurance plan.

Rollforward a project

  1. Search or filter for the project you want to add to the assurance plan.
  2. Select the project and click Continue.
  3. Provide basic information about the project, and click Continue.

    For more information, see Rollforward projects.

  4. Review and finalize the project, and click Save and rollforward project.

    Result The new project and any entities tagged to the project are added to the assurance plan.

View or update an assurance plan

View coverage, update the details of an assurance plan, or add projects to and remove projects from the assurance plan.

  1. From the Assurance plans page, open the assurance plan you want to view or update.

    Assurance plans are sorted by planning period, and then by alphabetical name.

  2. Do any of the following:
    • View coverage Under Show coverage in, select either Entities or Categories, and select the appropriate entity or category from the filter:
      ActionOutcome
      Select an entity categoryshows the associated entities as distinct columns in the table
      Select Top level entitiesshows the root entities as distinct columns in the table
      Select a parent entityshows the direct descendant entities as distinct columns in the table
      View Entities not covered (#)

      shows a filtered list based on the entity you select

      Entities not covered (#) is hidden when you select an entity category.

    • View strategic risks Click the Risks tab.

      Strategic risks are sorted by Inherent Risk Heat in descending order first, and then by creation date.

    • Update the details of an assurance plan Click Edit plan.
    • Add a project to the assurance plan Click + Add to plan, and follow these steps: Add projects to the assurance plan.
    • Remove a project from the assurance plan Click the beside the project in the table, and click Unlink.
  3. Optional. Make any necessary updates and save your changes.

    Result The assurance plan is updated.

View the activity log

View a complete history of changes to an assurance plan.

  1. From the Assurance plans page, open the relevant assurance plan.
  2. Click the Activities tab.

    Result The activity log associated with the assurance plan displays.

  3. Optional. Use any of the filter options to limit the actions shown in the summary table:

    Note

    You can combine any filter selections together to refine the list of actions displayed in the table. To clear all filters that you apply, click Clear.

    FilterDescriptionExample
    Date range

    Specifies the date range to show activity for. Actions that occurred between the start and end date are shown.

    Use the arrows to scroll through periods of time. You can specify weekly, monthly, or custom date ranges.

    Last 30 days
    Users

    Includes actions completed by the selected users only. You can select one or more users to view at once.

    John Doe

Download a report

Download an assurance plan report in .docx or .pdf format.

  1. From the Assurance plans page, navigate to the assurance plan you want to export.
  2. Click the overflow icon , and select either Export as Word or Export as PowerPoint.
  3. Click Download.

    Result The assurance plan report is downloaded to your machine:

    • Word organizationName Assurance Plan Report date.docx
    • PowerPoint organizationName Assurance Plan Report date.pptx

Delete an assurance plan

Delete an assurance plan to permanently remove it from Projects.

Caution

Deleting an assurance plan permanently removes all plan data and links to projects.

  1. From the Assurance plans page, navigate to the assurance plan you want to delete.
  2. Click the overflow icon beside the plan, select Delete plan, and click Delete plan to confirm.

    Result The assurance plan is deleted.