We’ve been talking about internal audit as a trusted advisor for a few years now. Many departments have excelled in increasing the presence of internal audit in their organizations by taking on a risk and control advisory role, while maintaining independence, to deepen the trust in the auditors as risk and control experts.
Combined assurance led by internal audit
It’s time for us to evolve beyond trusted advisor to relevant partner. An advisor is someone you call occasionally for an opinion, but a partner is the one you consider in every decision. Within internal audit, we have an opportunity to assume the role of relevant partner through the process of combined assurance.
Among the many benefits that we’ll see from these new, stronger partnerships; our organization will begin speaking about topics like risks, controls, and issues using one consolidated terminology. We’ll see increased efficiency in collecting and reporting information, and ultimately, we’ll experience more effective governance, risk, and control oversight. By building relevant partnerships with other internal assurance teams, we’ll naturally prevent management from being overwhelmed by information and reports and succumbing to “assurance fatigue.”
To streamline the efforts of these teams, and to enhance the organizational value of everyone involved, we should consider combining our assurance efforts and aligning our activities, especially in the areas of audit planning and board reporting. Based on the most recent update to the IIA Standards, we have an opening to align our efforts with our assurance partners in order “to ensure proper coverage and minimize duplication of effort” (IIA Standard 2050).