9. Verifying Before Trusting

Why Verifying Matters

Trust is essential, but trusting blindly can be risky. History is full of cautionary tales, from financial scandals and compliance failures to everyday fraud. Just like in banking, cryptocurrency, or even food safety, public retirement systems must verify first to protect themselves from harm.

Simply put: verifying before trusting helps assure accuracy, accountability, compliance, and security. It builds stronger, more reliable relationships and strengthens your system’s reputation.

Your Board’s Role: Reasonable Assurance

Boards aren’t expected to guarantee perfection. Instead, you’re aiming for reasonable assurance—a high level of confidence that things are accurate, controlled, and safe, even though absolute certainty is rarely possible or practical.

Here’s the key distinction:

• Reasonable Assurance: High confidence; recognizes limits like cost, human error, or uncertainty.

• Absolute Certainty: 100% guarantee; usually impractical and overly costly.

Your goal? A practical balance between trust and verification.

Why Independent Verification Is Crucial

Surprisingly, nearly 90% of major fraud cases involve senior executives like the CEO or CFO. Even strong internal controls can be circumvented. For instance:

• Enron executives famously bypassed controls.

• Volkswagen falsified emissions data, damaging their reputation significantly.

Boards must maintain healthy professional skepticism—trust, but always verify.

Compliance: Setting the Right Tone

Your board sets the “tone at the top,” making clear that compliance matters. This means:

• Appointing a senior executive responsible for compliance.

• Regularly reviewing high-risk compliance areas.

• Assuring compliance training and resources are provided.

An effective compliance culture encourages transparency and quickly escalates issues.

Board and Committees (Oversight)

Sets direction, delegates tasks, oversees performance and risks, verifies reliability through committees (especially audit).

Role of the Audit Committee

The Audit Committee is your key verification resource. Its main tasks:

1. Oversee Financial Reporting

• Confirm financial statements are accurate and transparent.

• Review and challenge management’s financial practices.

2. Supervise Audits (Internal & External)

• Hire, evaluate, and oversee internal auditors.

• Approve audit plans and challenge findings.

• Manage relationships with external auditors, ensuring independence.

3. Monitor Risk & Internal Controls

• Hire, evaluate, and oversee internal auditors.

• Approve audit plans and challenge findings.

• Manage relationships with external auditors, ensuring independence.

4. Assure Compliance

• Assure compliance with laws, regulations, ethics, and plan documents.

• Oversee whistleblower programs and investigations.

5. Act as Liaison

• Bridge communication between management, auditors, and the full board.

Understanding the Four Lines Model

To simplify oversight, we use a helpful framework called the Four Lines Model of Defense and Value Creation:

Obtain Reasonable Assurance

1st Line – Retirement Functions (Operations)

Executes core tasks—like investments and benefits—within approved policies. Assures risks are managed and reports issues quickly.

2nd Line – Enterprise Functions (Support)

Provides vital support—like HR, finance, IT, legal, and compliance. Helps first line manage risks and compliance effectively.

Obtain Independent Reassurance

3rd Line – Internal Audit

• Independently verifies that the first two lines are effective and controls are working properly.

4th Line- External Auditors and Advisors

• Independent reassurance means knowing performance and risk are on track—and if they're not, you'll be the first to know!

Internal Audit: Your Third Line

Think of internal auditors as independent internal consultants. Their role:

• Assess and improve governance, risk management, and controls.

• Offer independent reassurance that everything is working properly.

• Advise on improving operations, compliance, and efficiency.

Internal audits help confirm that management’s promises are trustworthy.

What Internal Auditors Do:

• Governance audits: Verify good decision-making processes.

• Risk management audits: Assure risks are managed within acceptable levels.

• Control audits: Independently verify operational controls and compliance.

Internal Audit vs. Compliance Monitoring

Internal auditing and compliance monitoring might sound similar but serve different purposes:

• Compliance Monitoring: Continuous checks by management to assure policies are followed. (Part of everyday management.)

• Internal Auditing: Independent checks by auditors after the fact to confirm compliance and effectiveness. (Independent reassurance.)

Both matter—but each has its own critical role.

Quality Assurance Review (QAR)

Periodically (usually every five years), internal auditors are required to undergoes a Quality Assurance Review (QAR)—an independent audit of the auditors—to confirm they’re following professional standards and working effectively. This review reassures the board of internal audit’s credibility.

External Audit and advisors: Your Fourth Line

External auditors are independent outsiders hired to verify your system’s financial statements objectively. Their role:

• Confirm accuracy of financial reports.

• Detect material errors or fraud.

• Reassure stakeholders that your reports are reliable and transparent.

They provide independent credibility and public confidence.

External vs. Internal Audits

Making the Best Use of External Advisors

Your board likely consists of busy part-time lay volunteers, not full-time pension experts. That’s normal. This is why independent external advisors (investment consultants, actuaries, fiduciary counsel) are essential.

Advisors provide specialized expertise, fresh perspectives, and independent challenge. They also protect against blind spots or “groupthink.” It must be very clear whether the advisors report to the board or the executive. The board needs to have independent auditors and advisors to obtain second opinions.

Common Advisors Include:

• General Investment Consultants: Advise on investment strategy and policy.

• Independent Actuaries: Assure financial sustainability through accurate modeling.

• Fiduciary and Governance Consultants: Provide guidance on legal and governance matters.

Active engagement with advisors helps sound decision-making and demonstrates prudence..

Making the Best Use of External Advisors

1. Verify. Blind trust risks costly mistakes—always independently confirm critical information. Repeated verification builds trust.

2. Use professional skepticism. Challenge assumptions; ask tough questions. Learn the right questions.

3. Clearly define roles. Board, management, audit committees, and advisors all have distinct roles—keep them clear and separate.

4. Maintain independence. Internal and external auditors provide independent verification— never compromise their independence.

5. Invest in oversight. Audit committees and external advisors are critical for good governance—invest time and resources into making these relationships effective.

6. Continuous learning. Regularly educate your trustees on governance, compliance, and verification best practices.

By consistently verifying first, your board builds stronger trust, better protects your system, and assures sustained, long-term success.

Trust wisely—verify confidently!

Want to learn more?

Board Smart subscribers, explore these resources:

• Verifying Before Trusting Essentials

• Compliance for Trustees

• Using External Advisors Effectively

Contact rfunston@funstonadv.com or Slussow@boardsmart.com

Click here to order “Transforming the Dialogue: Fiduciary Essentials.”