From assurance to strategic foresight

Daniel Taylor advocates reclaiming assurance as a strategic tool for the board

In most boardrooms, assurance arrives late. It comes at the end of the cycle as the afterthought to delivery. It tells us what went wrong, rarely what is about to. Assurance reports are often framed as comfort blankets: backward-looking evidence that policies were followed, risks were logged and actions were closed. They are documents of defence, not foresight.

Yet boards are not courts of audit. They are strategic organs. Their duty is to anticipate, not just to account. The challenge, then, is to reclaim assurance from its compliance origins and convert it into a forward-looking instrument as a structured way of learning about the organisation’s direction of travel and its readiness and ability to adapt under pressure.

This is what is meant by moving from assurance to anticipation.

The assurance paradox

Good governance depends on assurance. However, in its current form, assurance too often dulls rather than sharpens strategic judgment.

Boards receive hundreds of pages of committee papers that use the word assurance liberally. But assurance without context can be misleading. A ‘reasonable’ assurance rating can hide deep structural fragility; a ‘limited’ assurance rating can generate disproportionate anxiety about low-impact risks. Both consume energy and divert attention from what matters most: how confident the board can be about the organisation’s future fitness to deliver its purpose.

In practice, assurance too often becomes:

• a comfort exercise, designed to signal diligence to regulators rather than insight to the board
• a compliance ritual, shaped by audit timetables and frameworks rather than strategic priorities
• a risk-avoidance tool, used to defend rather than inform.

If the board’s agenda is consumed by these artefacts, its ability to see over the horizon is compromised.

The purpose of assurance revisited

At its best, assurance is not a report; it is an argument about confidence. Confidence that the organisation’s systems, culture and resources can deliver its intended outcomes under plausible conditions of stress.

Reframed this way, assurance becomes an act of collective judgement. It’s not something a committee ‘receives’; it is how a board forms judgement through evidence, conversation and challenge.

This shift in mindset transforms both the inputs to assurance and the outputs it produces.

Assurance at committee level: seeking and securing

Much of assurance, in practice, is generated in committees. Audit and risk committees, quality or safety committees, finance or people committees — each generates a slice of insight. But too often those committees behave like parallel silos, each producing partial assurance that the board must somehow reconcile.

To convert committee assurance into board foresight, three shifts are needed:

1. Redefine the question

Committees should move from asking, ‘Did we follow the process?’ to ‘Are we learning fast enough to stay ahead of the next risk?’ The committee’s role is not simply to verify but to sense-make: to identify patterns, weak signals and emerging interdependencies between risks.

2. Recode assurance frameworks

Most organisations use multi-level assurance models (three lines of defence). These can be useful but tend to prioritise process over insight. Instead, committees should rate assurance along two dimensions:

• strength of evidence (how robust, triangulated, and current the assurance is)
• relevance to future delivery (how well the assurance informs strategic readiness or resilience)

That second dimension is the bridge to board-level anticipation.

3. Synthesise, not summarise

Committee reports to the board should avoid simply listing assurance ratings. Instead, they should offer a synthesis: what trends or blind spots emerge across the assurance map? What risks are evolving faster than our controls?

This synthesis should be explicit, visual, and anchored in the organisation’s strategic objectives, not buried in appendices.

Assurance at board level: using and amplifying

Once the board receives assurance, its task is not to note it but to use it.

GGi’s research over the years, from the High-Performing Boards framework to the National Commission’s reflections on accountability, shows that the most effective boards do three things consistently: they translate assurance into forward decisions, they link assurance cycles to strategy cycles, and they integrate assurance into performance management rather than treating it as a separate domain.

Here’s how that looks in practice:

1. Connect assurance to strategic uncertainty

Boards should map assurance not against risk registers alone, but against strategic uncertainties. The big unknowns that could disrupt mission delivery: workforce resilience, digital maturity, climate adaptation, and financial sustainability.

A quarterly ‘strategic assurance map’ should then show which:

• strategic uncertainties have strong current assurance (confidence grounded in evidence)
• have weak or outdated assurance (requiring further testing)
• have no meaningful assurance at all (where the board must rely on informed judgement).

This simple map transforms the conversation from what went wrong to what is not yet known.

2. Turn assurance into foresight questions

Every assurance report should be accompanied by a single board question: if this trend continues, what will happen next?

That question forces boards to confront trajectories, not snapshots. A board reading a positive assurance report on digital transformation, for example, should still ask: what dependencies might derail progress, and are we confident the next stage is affordable, secure, and culturally embedded?

3. Integrate assurance into scenario work

Boards should periodically run ‘assurance stress tests’, simulated future scenarios (funding shock, cyber incident, system merger), to test how well existing assurances would perform. This practice shifts assurance from retrospective checking to forward rehearsal.

A simple model: the assurance anticipation loop

We can think of this as a loop with four stages:

1. Signal: Committees detect early signals, using mixed intelligence (quantitative indicators, staff insight, external scanning).
2. Sense: Committees interpret what those signals mean for capability, confidence, and resilience.
3. Synthesise: The assurance is reframed in terms of readiness, not compliance.
4. Steer: The board uses those insights to steer strategy, allocate resources, and commission new lines of enquiry.

Each loop strengthens the next. Over time, assurance becomes less about audit trails and more about adaptive capacity.

The cultural shift: from comfort to curiosity

This transition is not primarily technical; it is cultural. Boards must replace the language of comfort (‘Are we sufficiently assured?’) with the language of curiosity (‘What don’t we yet understand?’).

Some chairs are already leading this shift by:

• introducing a forward-looking assurance summary as the final page of every board pack, three paragraphs on what the evidence suggests about future capability
• scheduling an annual assurance foresight workshop to examine themes emerging across committees and their implications for the coming year’s strategy
• encouraging internal audit to include horizon audits, short, anticipatory reviews of readiness for forthcoming regulatory or system changes.

These are small design changes with disproportionate impact.

Why this matters now

Public purpose organisations face compound uncertainty: financial pressures, regulatory scrutiny, workforce fatigue, and geopolitical risk. In this climate, governance that looks backward is dangerous.

The revised UK Corporate Governance Code, refreshed Cabinet Office guidance on ALBs, new NHS provider governance frameworks and the existing (under revision) CUC and Charity Commission governance codes all push toward stronger declarations of control and assurance. That’s valuable but it’s only half the story. The real opportunity is to turn those mechanisms into learning systems that equip boards to act earlier, with more confidence, and with less surprise.

Assurance that does not anticipate is no assurance at all.

Practical next steps and closing thoughts

As practical next steps boards and governance leads should:

1. redesign committee terms of reference to include ‘identification of emerging risks and assurance gaps’ as a standing duty
2. develop a strategic assurance map aligned to organisational objectives and reviewed quarterly at board
3. create an assurance foresight summary for each major risk area, including a forward projection of likely assurance strength 6–12 months ahead
4. train committee chairs to frame assurance conversations around future confidence rather than procedural compliance
5. commission internal audit to pilot a horizon audit on one future-facing topic (e.g., AI governance, climate transition readiness).

Assurance, rightly understood, is not about proving the past was safe. It is about improving the future’s chances.

In a complex, high-accountability environment, the boards that will thrive are those that can translate evidence into anticipation and that see assurance not as comfort but as curiosity institutionalised.

The best boards don’t just ask, ‘Are we assured?’; they ask, ‘What does our assurance tell us about tomorrow?’.

That is governance at its most mature and its most valuable.