Combined Assurance Hands Holding Gears
ComplianceJune 16, 2021

What is combined assurance and why does it matter to internal audit?

Internal audit leaders often find that their work not only bumps up against what other departments do but actually overlaps. In addition to overseeing internal financial audits, chief audit executives (CAEs) and other audit leaders tend to also touch on assurance areas like internal controls and risk management.

As such, there can be crossover with several other departments that are supposed to have their own assurance duties. To transform these similar responsibilities from being an inefficient nuisance (or worse, an overreach of audit independence) into a value-add, audit leaders should focus on combined assurance.

What is combined assurance?

Combined assurance is the concept that the various assurance providers within an organization coordinate and find alignment on their work. From there, combined assurance allows these assurance providers to then present a streamlined, cross-checked view of a company’s controls, risk, and governance to senior management, the audit committee, and other relevant stakeholders.

Combined assurance can occur amongst groups with somewhat overlapping or at least similar responsibilities, such as internal audit; legal/compliance; enterprise risk management (ERM); environmental, health & safety (EHS); information security; and internal control over financial reporting/Sarbanes Oxley (ICFR/SOX).

Combined Assurance Graphic
Combined assurance occurs when all assurance groups within an organization coordinate to get on the same page and minimize unnecessary overlap.
View a demo

Why is combined assurance important?

Combined assurance helps break down information silos that might otherwise occur within internal audit and related departments. Instead of each department working on their own, not realizing how they might be overlapping or even missing areas of assurance that they assumed would be handled elsewhere, combined assurance helps streamline and verify assurance work.

As such, combined assurance has several benefits, such as:

Reduced management fatigue. The same assurance information doesn’t need to get reported to executives multiple times by different departments.

Common understanding across departments.
Internal audit can have the same view of risk as ERM, for example, rather than being on different pages.

Improved assurance efficiency.
Reduced overlap and increased sharing of information through combined assurance can speed up each group’s relevant assessments.

What role does internal audit have in a combined assurance plan?

Internal audit can play a leading role in developing a combined assurance framework. Audit leaders can also be the ones steering the execution of a combined assurance strategy.

Given that internal audit teams often find that their work in areas like risk and controls can overlap with other departments — perhaps more so than what other assurance groups experience — internal audit can be in the driver’s seat. They can determine what information needs consolidation and coordinate with other teams to present a clear view of assurance to relevant stakeholders.

While internal audit leaders do not want to overstep their authority, standards from The Institute of Internal Auditors (IIA) provide guidance. Specifically, IIA Standard 2050 provides auditors with an opening to gain alignment with other assurance partners. Assurance functions should remain separate, but there can be coordination to ensure sufficient assurance coverage while minimizing unnecessary overlap.


TeamMate+ Audit

Audit management

The world’s leading audit management software - empowering audit departments of all sizes.

How can internal audit implement a combined assurance plan?

Internal audit leaders can take the reins on implementing a combined assurance plan, rather than waiting for another department to lead coordination.

“To implement combined assurance, CAEs should first evaluate where they are today with regard to: conformance with the Standards; communication and coordination; reporting; and second line of defense functions,” notes The IIA.

From there, internal audit leaders can turn to technology like TeamMate+ to lead consolidation. Using TeamMate+ can help you easily establish combined assurance frameworks, track combined assurance processes and report combined assurance results.

Subscribe below to receive monthly Expert Insights in your inbox

Back To Top