Level 5 Assurance

The Next Frontier of Audit Leadership

Level 5 Assurance Explained

  • 2 December 2025

LEVEL 5 ASSURANCE — HOW CHIEF AUDIT EXECUTIVES CAN LEAD BEYOND COMPLIANCE

The audit room is no longer a sanctuary of spreadsheets. It’s the arena where integrity either lives or dies.

 

In a volatile world choking on misinformation, the CAE stands as the organization’s conscience, the final voice between truth and collapse. Yet too many still hide behind checklists, mistaking control for character.

This webinar helps to reframe assurance as leadership in its purest form, the art of earning trust when no one is watching. Built on Level 5 Unicorn Leadership (Pflug, 2025), it demands more than compliance; it demands courage, conscience, and creation.

 

Level 5 Assurance transforms the CAE from compliance custodian to culture architect, a leader who shapes systems around values, not fear.

Full Video Recording

Podcast-style Summary

Background information

Join us as Douglas P Pflug talks about his upcoming book, “The Unicorn Leader: Rising Through the Ranks and Achieving Level 5 Leadership”.

This book delves into the traits and practices of rare, transformative leaders, blending personal humility and professional will. It serves as a blueprint for developing unique “unicorn” leadership skills and climbing to the highest echelons of leadership while creating a lasting legacy.

In a world where trust is collapsing faster than markets, the Chief Audit Executive (CAE) now operates on the front line of organizational integrity. This paper reframes assurance through the lens of Level 5 Unicorn Leadership (Pflug, 2025): a fusion of humility, ferocity, and purpose that transforms compliance into conscience. It argues that true assurance is not a technical discipline but a human one — anchored in ethics, resilience, and legacy. Through eight integrated sections of research, leadership psychology, and tactical application, Level 5 Assurance redefines the CAE as an architect of trust who leads beyond compliance and into lasting impact.

Short Explainer Video

Key Questions Answered

Douglas P. Pflug’s leadership philosophy is rooted in a lifetime of diverse experiences that taught him the value of hard work, emotional intelligence, and constant evolution.
His journey can be distilled into several key stages:
  • Early Influences: A blue-collar upbringing and formative experiences in high school sports provided his first exposure to leadership. Phenomenal coaches taught him not only about athletic development but also about personal leadership and the critical importance of the emotional quotient (EQ), which he argues is a more significant determinant of success than IQ alone.
  • Professional Career: His 27.5-year tenure in policing provided a real-world laboratory for leadership under pressure. Concurrently, he coached over 100 future NHL players on personal leadership and pursued executive leadership certificates from Cornell University to ensure his practical experience was supported by a strong academic foundation.
  • Teaching and Evolution: As an instructor at the Ontario Police College, he taught over 10,000 new recruits. This role solidified his belief that leadership is not static. After being challenged on his own past leadership style, he embraced Bruce Lee’s philosophy of being like water—constantly adapting and evolving. A leader should never be the same person they were seven years ago.
  • The Three Books: His literary work captures this evolutionary journey:
    • Finding Your Granite: This book is a foundational, personal journey of self-discovery. It details the process of managing personal challenges, such as PTSD, to build the internal strength—the “granite”—necessary for effective leadership.
    • Moving Forward: This guide focuses on bridging the communication and work-style gap between different generations of leaders, providing practical strategies for a more cohesive and collaborative workplace.
    • The Unicorn Leader: This book presents a framework for moving beyond the literary ceiling of Jim Collins’ “Level 5 Leadership.” It challenges leaders to reject limitations and strive for their true, ever-evolving potential, becoming the rare, transformative leader every organization needs.
This deeply personal foundation provides the context for applying leadership principles under the most demanding circumstances.
According to Douglas, effective leadership in a crisis is not an external performance but an internal state of being.
It is defined by the following core principles:
  1. Internal Control: Leadership pressure is an internal experience. The most critical task for a leader is to find their “granite”—their core stability—and remain controlled. Your role is to provide calm in chaos, not to add to it. When everyone else is reacting, the true leader resets the temperature in the room.
  2. Chaos as an Exposé: Chaos does not create leaders; it exposes them. A crisis will starkly reveal whether a leader is effective and prepared or ineffective and reactive. Your actions under pressure are a direct reflection of the preparation you have already done.
  3. Proactive Preparation: The key to managing a crisis is to practice before it happens. This concept, known as “desktoping,” involves running through emergency management scenarios with your team. These drills build the team’s capacity and “repetitions,” ensuring they have the tools and muscle memory to act effectively when a real crisis occurs.
  4. The Instrument of Calm: Ultimately, real leadership under pressure is “integrity and calm aligning with the exact moment the organization needs it.” The leader becomes the instrument of calm, providing a steady, principled presence when it matters most.
Maintaining mental acuity during a crisis requires deliberate practice and specific techniques.
Douglas outlines several key strategies:
  • Train Your Attention: Think of your attention like a muscle. Under stress, it tears; during recovery, it repairs and becomes stronger. By practicing in controlled, high-pressure scenarios, leaders can strengthen their ability to focus when fatigued.
  • Avoid Tunnel Vision: High-stress situations can induce “auditory exclusion,” a state where your brain narrows its focus and you miss obvious risks on the periphery. Leaders must train to keep their mental spectrum open to see the entire picture, not just the immediate threat.
  • The 60-Second Reset: When feeling overwhelmed, use this simple technique to “reboot” your system. Find an isolated spot for one minute to consciously slow your breathing, reset your posture by throwing your shoulders back, and perform internal checks to ground yourself. This allows you to recover command instead of reacting instantly.
  • Prepare, Don’t Avoid: Elite leaders do not avoid stress; they prepare for it through mental rehearsals. Just as NHL players visualize the game before they step onto the ice, a CISO can run through crisis scenarios in their mind, preparing their responses so they can rise up and excel when the moment arrives.
The single biggest mistake is faking calm instead of building it.
Teams can easily detect false composure. A leader who is internally chaotic but projects a calm facade will not inspire confidence.
True calm is not a performance; it is a practice. It is the result of “muscle memory” built through preparation, self-awareness, and mental rehearsals long before the crisis arrives. This authentic composure is essential for fostering an environment where teams can perform effectively, which hinges on a foundation of psychological safety.
The core argument is captured in Douglas’ powerful statement: “No tool outruns silence.”
Most security breaches begin not with a technical failure, but with human fear. Team members who are afraid of being wrong, looking weak, or facing punishment will not speak up when they make a mistake. They will remain silent, hoping the problem goes away. A psychologically safe environment is one where team members know it is okay to own a mistake quickly. This transparency gives the organization the crucial opportunity to fix the error before it escalates into a major incident.
A CAE can become a cultural architect by fundamentally shifting their approach and inquiries.
This involves several actionable steps:
  • Ask Different Questions: Move from a reactive to a proactive mindset. Instead of asking, “Do we follow the rule?” ask, “What behavior created this pattern?” Instead of searching for “Where’s the mistake?” ask, “Where’s our vulnerability?” This reframing shifts the focus from blame to understanding and prevention.
  • Embrace Proactive Vulnerability Hunting: Use tools like AI to actively seek out and fix vulnerabilities before they can be exploited. This involves thinking like an attacker to identify weaknesses in policies and systems, thereby strengthening the organization’s defenses from the inside out.
  • Empower Subject Matter Experts: The people doing the work are a phenomenal resource pool. Leaders must create an environment where these experts feel valued and are encouraged to share their opinions and ideas. Shutting them down is a waste of critical internal intelligence.
  • Foster a Thriving Environment: This mindset shift replaces a culture of fear with one of curiosity, transparency, and integrity. When mistakes are treated as opportunities for growth, the entire organization “breathes better,” becoming more resilient, innovative, and secure.
This internal culture of safety and integrity is the foundation for a leader’s external role as the conscience of the organization.
Leading beyond compliance means shifting from a focus on rules to a focus on responsibility and integrity.
It is the difference between checking boxes and changing behavior. The two approaches can be contrasted as follows:
 
Compliance (Checklist)
Leadership (Culture)
Treats audit like a rule book.
Treats audit like a responsibility.
Asks “Why are we doing this?” to learn.
Asks “Why?” to find better ways.
Documents behavior.
Shapes and elevates behavior.
Confirms controls.
Elevates integrity.
 
Leaders often hide behind checklists because it is easy and safe. It provides the illusion of control and satisfies the basic requirements of the job.
The real risk is that in doing so, leaders miss the “human reality underneath.” An organization can have perfect paperwork and a failed culture simultaneously. A checklist will never detect the fear, burnout, or moral drift that can cripple a team and expose the organization to significant threats.
Being the organization’s conscience is not an abstract idea but a set of concrete, daily behaviors.
A leader embodies this role when they consistently:
  1. Speak Uncomfortable Truths: They have the “adult conversations” about performance and behavior. They address actions by tying them to standards, refusing to let fear of hurting feelings prevent them from upholding accountability.
  2. Refuse to be Politically Convenient: They remain neutral, steady, and principled, even when it is difficult. They shine a light on problematic patterns and uncomfortable truths that others may wish to ignore for political convenience.
  3. Act as a Conduit: They serve as a “funnel up and a funnel down,” ensuring clear and open two-way communication. They translate messages from senior leadership to make them usable for subordinates, and they carry the feedback and concerns of their teams back up to leadership.
This ethical responsibility extends directly to the adoption and governance of new and powerful technologies.
Douglas advocates for a principled approach to AI that maintains human accountability and control.
Key guidelines include:
  • AI is a Tool, Not an Existence: Humans must program and rule the machines, not the other way around. AI is an incredibly powerful tool for speeding up mundane work and identifying patterns, but it is not a replacement for human judgment and wisdom.
  • Maintain Human Oversight: Because AI is created by humans, and humans make mistakes, AI will inherently make mistakes. It is not infallible. Therefore, every output generated by AI requires a human eye to review, check, and verify it before it is acted upon.
  • AI Lacks EQ: AI operates on IQ, it understands data, logic, and patterns. However, it cannot comprehend the EQ, or the human element. A human leader is required to handle the nuances of decisions that impact people, such as delivering difficult news or navigating complex interpersonal dynamics.
  • Integrity is Paramount: Leaders must be transparent about how they use AI. For example, Douglas is open about using AI for grammar and spelling checks in his books, but he takes full, personal accountability for the core content, ideas, and integrity of the work. This models the responsible and ethical use of technology.
This blend of technological adoption and ethical oversight is tested daily in the real-world challenges leaders face.
Success in an environment where subordinates are expected to manage up hinges entirely on building trust and a human connection with the manager. It cannot be perceived as circumventing or undermining their authority. The key tactical advice is to live by the principle: “Praise in public, but always punish or correct in private.” Correcting a manager must be done with respect and discretion. This approach builds the credibility and trust required for a subordinate to offer feedback that their manager will be receptive to.
Douglas’ position is clear: productivity is the key metric. However, to gain flexibility, an employee must first “earn the trust” of their manager. This is achieved by creating a clear business case that demonstrates consistently high productivity and reliability. When asking for flexibility, such as an adjusted schedule, frame the request using organizational buzzwords that leadership is mandated to address. Highlighting how flexibility will improve work-life balance and support positive mental health connects your personal request to the organization’s strategic goals, making it a more compelling proposition.

Our guests

Douglas Pflug
Sezer

Douglas P. Pflug is a former police leader turned executive strategist whose work is redefining what modern leadership looks like in an age of disruption. Over a 35-year career in law enforcement, elite training, and organizational transformation, Doug learned one truth: compliance doesn’t save organizations — courageous leadership does. A highly decorated former Sergeant with the Guelph Police Service and later a Leadership Instructor and Provincial Coordinator at the Ontario Police College, Doug has spent decades coaching leaders to think clearly under pressure, act decisively in chaos, and build cultures that can withstand adversity. His frontline career earned him national commendations, Governor General’s medals, and recognition in “Canada’s 123 Remarkable Canadians”. Today, he is the creator of A Blueprint for Level 5 Unicorn Leadership — an evidence-based and research-anchored system to move beyond checklist management. His work blends tactical decision-making, trauma-informed psychology, and high-integrity command principles into a framework used by executives, public-sector leaders, cybersecurity teams, and CAEs navigating volatile environments. Doug shows leaders how to become the one thing every organization needs right now: A Level 5 Unicorn — a leader built for the future.

Glossary of Key Terms

 
Term
Definition
Auditory Exclusion
A phenomenon that occurs under extreme stress or fatigue where a person’s brain narrows its focus, causing them to miss obvious risks or information in their peripheral awareness. This is a common issue in high-stakes professions like policing.
Calm in Chaos
A core leadership principle where the leader’s role in a crisis is to remain controlled and composed, thereby resetting the temperature of the room and helping the team function effectively rather than adding to the chaotic environment.
Cultural Architect
A term for a leader, particularly a Chief Audit Executive practicing Level 5 Assurance, who moves beyond documenting behavior to actively shaping the organization’s culture around values like integrity, transparency, and trust.
Decision Fatigue
Mental exhaustion from the stress of making continuous decisions, which can lead to a narrowing of focus and an inability to see obvious risks.
Desktopping
The practice of running through crisis scenarios or emergency management drills in a controlled, non-emergency setting (“desktop exercise”). This gives people the necessary repetitions and tools to perform effectively when an actual crisis occurs.
Digital Morality
The ethical principle of ensuring that technological systems, especially AI, are designed to protect human values such as fairness and accountability, not just data. It positions technology leaders as architects of trust.
EQ (Emotional Quotient)
Also known as emotional intelligence, it is a leader’s capacity for composure under pressure, clarity of purpose, and ability to cultivate trust. It is presented as a more critical factor for leadership success than IQ or technical expertise.
Finding Your Granite
A metaphor for the personal journey of self-discovery and building a strong, foundational character. It involves understanding who you were, who you are, and who you want to become to be an effective and authentic leader.
Level 5 Assurance
An advanced leadership framework for Chief Audit Executives that reframes assurance as a human discipline, not just a technical one. It blends courage, empathy, ethics, and strategic vision, transforming the CAE from a compliance officer into a builder of trust and a cultural architect.
Level 5 Leadership
A concept originated by Jim Collins, described as the highest level of leadership. The webinar extends this idea, suggesting leaders should strive to go even further.
Psychological Safety
An organizational environment where individuals feel safe to speak up, admit mistakes, and raise concerns without fear of punishment or humiliation. It is presented as a critical defense against security breaches, as it encourages transparency over silence.
Unicorn Leader
A term for a rare, transformative leader who transcends traditional leadership ceilings like “Level 5.” This leader embodies a blend of personal humility and professional will, is built for the future, and aims to create a lasting legacy.
 

Sezer Bozkus Kahyaoglu

Associate Professor of Finance at the Bakirçay University

Sezer is an Associate Professor of Finance at the Bakirçay University, in Izmir, Türkiye, and an academic associate of the University of South Africa (UNISA) and the University of Johannesburg. Her research interests mainly include Applied Econometrics, Time Series Analysis, Financial Markets and Instruments, AI, Blockchain, Sustainability, Corporate Governance, Risk Management, Fraud Accounting, Auditing, Ethics, Coaching, Mentoring, and NLP. Sezer is the associate editor of two indexed journals and the AI book series editor at Springer. Sezer is a Steering Committee Member at the Good Governance Academy Research Forum and a co-founding member of the registered Engaged Scholarship project, Continuous Auditing in Public Sector Internal Auditing (CAPIA).

Terms and Conditions

  • The Good Governance Academy nor any of its agents or representatives shall be liable for any damage, loss or liability arising from the use or inability to use this web site or the services or content provided from and through this web site.
  • This web site is supplied on an “as is” basis and has not been compiled or supplied to meet the user’s individual requirements. It is the sole responsibility of the user to satisfy itself prior to entering into this agreement with The Good Governance Academy that the service available from and through this web site will meet the user’s individual requirements and be compatible with the user’s hardware and/or software.
  • Information, ideas and opinions expressed on this site should not be regarded as professional advice or the official opinion of The Good Governance Academy and users are encouraged to consult professional advice before taking any course of action related to information, ideas or opinions expressed on this site.
  • When this site collects private information from users, such information shall not be disclosed to any third party unless agreed upon between the user and The Good Governance Academy.
  • The Good Governance Academy may, in its sole discretion, change this agreement or any part thereof at any time without notice.

Privacy Policy

Link to the policy: GGA Privacy Policy 2021

The Good Governance Academy (“GGA”) strives for transparency and trust when it comes to protecting your privacy and we aim to clearly explain how we collect and process your information.

It’s important to us that you should enjoy using our products, services and website(s) without compromising your privacy in any way. The policy outlines how we collect and use different types of personal and behavioural information, and the reasons for doing so. You have the right to access, change or delete your personal information at any time and you can find out more about this and your rights by contacting the GGA, clicking on the “CONTACT” menu item or using the details at the bottom of the page.

The policy applies to “users” (or “you”) of the GGA website(s) or any GGA product or service; that is anyone attending, registering or interacting with any product or service from the GGA. This includes event attendees, participants, registrants, website users, app users and the like.

Our policies are updated from time-to-time. Please refer back regularly to keep yourself updated.

Search