THE ASSURANCE GAP: WHY ORGANISATIONS STILL STRUGGLE TO SEE RISK CLEARLY

Most large organisations today have well developed risk and control infrastructures. Enterprise risk management frameworks have matured, compliance programmes have expanded significantly and internal audit functions have broadened their scope beyond financial controls.

On paper, oversight has never been stronger. Yet many executives and boards still struggle to obtain a clear and coherent picture of their organisation’s true risk exposure. Despite the presence of multiple control functions, risk visibility often remains fragmented. This is the assurance gap.

The gap rarely results from a lack of oversight activity. Risk management, compliance and internal audit all generate valuable insights. The challenge is that these perspectives often remain siloed. Each function evaluates risks through its own lens, using its own methodologies and reporting structures.

Senior management may therefore receive multiple reports that are individually robust but difficult to reconcile into a single, reliable view of enterprise risk. The result is a familiar paradox: organisations generate large volumes of risk and control information while still struggling to answer the fundamental question: do we truly understand our most significant vulnerabilities and how well they are controlled?

In an environment characterised by geopolitical uncertainty, regulatory expansion and rapid technological change, this lack of integrated visibility has become a critical governance challenge. Increasingly, organisations are recognising that strengthening assurance is not simply about adding more oversight activities. It is about improving how existing assurance functions operate together.

The next evolution of assurance

Addressing the assurance gap requires a shift in how organisations think about oversight. Rather than treating assurance as a collection of separate activities performed by different functions, leading organisations are beginning to view assurance as a connected system.

Apr-Jun 2026 Issue

Novartis

Join our free mailing list to read the full article