Internal audit leaders often find that their work not only bumps up against what other departments do but actually overlaps. In addition to overseeing internal financial audits, chief audit executives (CAEs) and other audit leaders tend to also touch on assurance areas like internal controls and risk management.
As such, there can be crossover with several other departments that are supposed to have their own assurance duties. To transform these similar responsibilities from being an inefficient nuisance (or worse, an overreach of audit independence) into a value-add, audit leaders should focus on combined assurance.
What is combined assurance?
Combined assurance is the concept that the various assurance providers within an organization coordinate and find alignment on their work. From there, combined assurance allows these assurance providers to then present a streamlined, cross-checked view of a company’s controls, risk, and governance to senior management, the audit committee, and other relevant stakeholders.
Combined assurance can occur amongst groups with somewhat overlapping or at least similar responsibilities, such as internal audit; legal/compliance; enterprise risk management (ERM); environmental, health & safety (EHS); information security; and internal control over financial reporting/Sarbanes Oxley (ICFR/SOX).