Combined Assurance Hands Holding Gears
ComplianceOctober 28, 2021

The power of combined assurance for internal audit

If internal audit teams want to deliver the most value to their companies, they often need to go beyond their existing practices of overseeing controls, risk and governance within their organizations. They also need to implement combined assurance, which can be the difference between good and great internal auditing.

As important as internal audit’s responsibilities are, the reality is that many other departments have overlapping or at least complementary roles. So, unless these groups coordinate with one another and leverage combined assurance, internal audit’s presentation of findings to senior management, the audit committee and other stakeholders can fall short.

  1. Combined assurance for internal audit defined
  2. Benefits of combined assurance
  3. How to implement combined assurance

Combined assurance for internal audit defined

Before getting too deep into why and how internal audit should implement combined assurance, it’s important to first define combined assurance.

"Combined assurance is the process of internal, and potentially external parties, working together and [combining] activities to reach the goal of communicating information to management."
- The Institute of Internal Auditors (IIA)1

In other words, combined assurance involves different groups involved in risk management, governance and controls all getting on the same page.

For example, enterprise risk management (ERM); internal control over financial reporting/Sarbanes Oxley (ICFR/SOX); information security; environmental, health & safety (EHS); and legal and compliance can each have some overlapping responsibilities with the internal audit function. Or, they at least can have similar insights that are worth sharing with each other through combined assurance.

View a demo

Benefits of combined assurance

Much as sales and marketing can benefit from coordination, so too can these different oversight groups. Combined assurance helps different departments find alignment in their work and better understand one another. As a result, combined assurance can yield benefits such as:

Minimized overlap

Combined assurance helps departments understand what related teams are working on so as to minimize unnecessary overlap. That can save time, money and overall make it easier to digest internal audit findings.

Streamlined reporting

As alluded to, combined assurance can streamline the presentation of findings to management and other stakeholders. By minimizing overlap and creating more of an integrated report, that not only can reduce workloads of internal assurance groups but also reduce repetition that might otherwise make its way into reports.

Improved risk management

Improving coordination through a combined assurance process can improve risk management too. Combining two pieces of a risk assurance puzzle, such as an insight from internal audit and an insight from another assurance provider like ERM, can unlock new risk findings that might not have otherwise been discovered, even by an external auditor.

Greater confidence

In some cases, overlap among departments will still exist, but that doesn’t have to be a negative. With combined assurance, internal audit and related teams can have greater confidence in their oversight. If they see that other assurance providers have come to similar conclusions, whether that’s related to reviewing financial statements, identifying key risks, or other assurance activities, they may be more confident they’re on the right track.

How to implement combined assurance

To implement combined assurance, a Chief Audit Executive or a group of internal audit leaders can be the ones leading the charge. Considering internal audit’s overarching mandate to assess risk, governance and controls, it often makes sense for this group to be the one that coordinates with other departments, rather than having a team with a narrower focus in the driver’s seat.

Yet simply setting up meetings with other teams to discuss their work often isn’t enough to yield all the benefits of combined assurance. That’s where technology like TeamMate+ can come in and strengthen a combined assurance approach. Using TeamMate+ for combined assurance can help internal audit leaders share data and analytics among departments, develop a combined assurance framework, track progress on combined assurance initiatives, and more.

Overall, software like TeamMate+ can be used to make combined assurance implementation more systematic and streamlined for internal audit and related departments. In turn, that can lead to more effective internal audit insights and presentations of findings.

1 The Institute of Internal Auditors (IIA)

Subscribe below to receive monthly Expert Insights in your inbox

Back To Top