Are you achieving adequate assurance and are all of your key risks effectively controlled? Good controls governance is about ensuring a business "always does the right thing". Most businesses have some degree of a controls governance framework, but very few have all of the elements.
The 3 'lines of defence' concept is a recent development in controls governance. It provides the structure to identify insufficient or excessive controls coverage. A controls assurance map pulls everything together and provides the template from which Boards and their Audit Committees (ACs) can obtain a consolidated view of total controls comfort by process. The level of assurance provided needs to be credible. Internal Audit can set up a reliance certification framework against which they can "certify" the other assurance providers.