Assurance: metamorphosis

Assurance has fundamentally changed over recent years, yet many boards have failed to keep up. So, what’s to be done? GGI CEO Andrew Corbett-Nolan offers some suggestions.

“As Gregor Samsa awoke one morning from uneasy dreams, he found himself transformed in his bed into a gigantic insect.”

This is the opening sentence of Kafka’s classic novella Metamorphosis, in which a salesman wakes up to find he has turned into a verminous insect. Initially thinking this aberration is temporary, Gregor struggles more and more to adapt to his new condition until he finally dies from starvation.

Much like Gregor, assurance has undergone its own metamorphosis in the past few years, but many boards have failed to adapt. This failure has consequences, not least increasingly inadequate assurance arrangements – but also, more broadly, a lack of effective governance at the board.

This short article on modern assurance focuses on our NHS but we would say its analysis is pertinent to all sectors.

Pandemic impact

For some time now GGI has recognised that the very nature of assurance was changed by the pandemic, yet in our work we have been finding that as organisations have settled into post-COVID governance, organisational muscle memory has snapped back to the routines and rituals of 2019 and not what is needed today.

Why is this? The focus of assurance continually changes, learns and adapts. This was especially the case during the acute pandemic years, between 2020 and 2022, which had a transformative impact on assurance. We suggest it may be due to the following:

• As a visible symptom, the pandemic fundamentally stressed the whole system of public services leading to, for example, the conundrum of staff feeling they have never worked harder but data showing a decrease in productivity.
• As a cause, organisations never returned to being ‘sovereign’ – the collaboration and compromise that characterised the pandemic fit the needs of public services much better than the faux competition of the internal market and this has now been sanctified by the Health and Care Act 2022. There is no going back.
• A significant rise in the volume of data collection, including that of a broader scope around population health and inequalities, and use in reporting throughout organisational governance processes.
• As a further forcing action, most profoundly in the NHS, bringing together what were already large provider organisations into ‘groups’ or ‘collaboratives’ was characterised by just scaling up the existing approach to governance.

These changes amount to a fundamental realignment against which pre-2019 style assurance was increasingly anachronistic. At GGI, we could see the changes coming, but only recently has the context clarified and a hypothesis become possible.

Heath Robinson assurance structures

If we can agree that the current assurance paradigm is starting to fail, we would say this is partly because the structures for assurance are manifestly Heath Robinson. Our own contention is that where boards preside over assurance systems with more than four levels, the ‘board-to-ward’ line of sight is prone to blindness. Multiple handover points, particularly where the added value at each stage is unclear, create unreliable structures. Because of the pressures of work and productivity issues, real assurance activity at the frontline becomes the poor cousin. At the higher levels and with the pressures of targets, performance often becomes confused with assurance. And the old assurance system with an oversimplified approach to triangulation was out of steam anyway.

Within a classic ‘DGH’-type NHS trust the four levels could be made to work. We described these in our governance review of Greater Manchester Mental Health NHS FT, which usefully they published in full. These levels are:

• board and its committees
• executive and corporate
• division or care group
• unit or service

In group models, one is automatically adding a fifth layer by adopting sites, and within provider collaboratives and integrated care systems an additional layer comes with the individual organisations themselves.

Common failings we see include blurring of the useful and distinct tension between the different levels, which should be characterised by constructive challenge and agile escalation systems. We still find organisations with management groups reporting to board committees, duplications or gaps between the oversight done on a corporate basis and that done in divisions, and a lack of awareness of what assurance actually is, particularly between divisions and services where resources and formal governance skills are often in short supply. We also still see plenty of legacy organisational structures – for example integrated care boards where many meetings are simply CCG meetings that never stopped happening.

Within ICSs, assurance needs to be thought about and modelled in terms of pathways to measure system working rather than separately monitoring each organisation. We’ll be writing a separate article exploring our thinking on this.

The dog that didn’t bark

In our June 2020 article Assurance and the dog that didn’t bark, we argued that the assurance systems of today need a higher level of thoughtfulness, experience and skill: not less. We pointed to the automation paradox, noting:

‘When humans are less involved, the involvement they do have becomes more critical. If an automated system has an error, it will multiply that error until it's fixed or shut down by human intervention. Skilled and experienced humans understand and can evaluate ambiguity. Humans are also uniquely capable of understanding when a gap matters, or further questions need to be asked. In ‘Silver Blaze’, Sherlock Holmes is able to solve who stole a racehorse by noticing that on the night of the crime no witnesses mentioned hearing the watchdog bark. So from what was not reported Holmes solved the crime. He deduced that the dog knew the miscreant; the thief was duly apprehended.’

So what can organisations do? As a start, GGI is currently working on solutions for all these problems with organisations across the public and third sectors:

• Assurance systems need designing by people who are practiced and experienced in doing just that. Too often assurance structures are incrementally bolted together or designed in-house with no real experience or proof of concept.
• Assurance is often not managed at a senior level. ‘Tells’ of this are when an organisation can barely produce an up-to-date organisational chart (though usually believe they have one), let alone tell you what the opportunity cost of their assurance system is or systematically evidence what the expected added value at each level.
• Inadequate effort goes into implementing assurance structures and processes. Basic skills such as developing action plans or chairing productive meetings are assumed not defined, recruited to or developed through training.
• Boards and senior management have little idea of the reliability – or indeed plausibility – of the assurance systems they are relying on at the lower levels in their organisation. For example, it is almost unknown for us to find a skills assessment for assurance and governance at divisional or service levels.

At GGI we are updating and testing our matrices and tools for good governance in light of this, as well as developing thinking about what within a group is the role of the site around assurance. We are developing new tools too, such as a maturity matrix for people committees. We welcome ideas and input as we do this, and, as always, we will be publishing our tools and thinking as open access materials for all to use.