Tax & AccountingFinanceComplianceApril 05, 2018

Combined assurance led by internal audit

We’ve been talking about internal audit as a trusted advisor for a few years now. Many departments have excelled in increasing the presence of internal audit in their organizations by taking on a risk and control advisory role, while maintaining independence, to deepen the trust in the auditors as risk and control experts.


It’s time for us to evolve beyond trusted advisor to relevant partner. An advisor is someone you call occasionally for an opinion, but a partner is the one you consider in every decision. Within internal audit, we have an opportunity to assume the role of relevant partner through the process of combined assurance.
Under the broad umbrella of providing assurance, we find overlapping responsibilities among groups within many organizations. Internal Audit; Enterprise Risk Management (ERM); Environmental, Health & Safety (EHS); Information Security; Legal Compliance; Internal Control over Financial Reporting/Sarbanes Oxley (ICFR/SOX); and many other teams are working toward a common goal to provide assurance and advisory services to management to support the decision making and risk mitigation processes. Unfortunately, these groups tend to work in silos, which adds to management’s “assurance fatigue ”. When we look closely at the functions of these departments, internal audit is in a unique position to build relevant partnerships.

Among the many benefits that we’ll see from these new, stronger partnerships; our organization will begin speaking about topics like risks, controls, and issues using one consolidated terminology. We’ll see increased efficiency in collecting and reporting information, and ultimately, we’ll experience more effective governance, risk, and control oversight. By building relevant partnerships with other internal assurance teams, we’ll naturally prevent management from being overwhelmed by information and reports and succumbing to “assurance fatigue.”

To streamline the efforts of these teams, and to enhance the organizational value of everyone involved, we should consider combining our assurance efforts and aligning our activities, especially in the areas of audit planning and board reporting. Based on the most recent update to the IIA Standards, we have an opening to align our efforts with our assurance partners in order “to ensure proper coverage and minimize duplication of effort” (IIA Standard 2050).

Download the Latest Report on Combined Assurance

Toby DeRoche - Senior Market Development Consultant
Manager, Solutions Consulting

Toby is a Certified Internal Auditor (CIA) who holds an MBA with an Internal Audit specialization from Louisiana State University. He is also certified in Control Self-Assessment (CCSA), Risk Management Assurance (CRMA), Internal Control (CICA), and Fraud Examination (CFE). His professional background includes identification and documentation of weaknesses that result in heightened business risk, while recommending solutions to such situations.


Solutions

TeamMate+ Audit

Audit Management

The world’s leading audit management software - empowering audit departments of all sizes.