In other words, combined assurance involves different groups involved in risk management, governance and controls all getting on the same page.
For example, enterprise risk management (ERM); internal control over financial reporting/Sarbanes Oxley (ICFR/SOX); information security; environmental, health & safety (EHS); and legal and compliance can each have some overlapping responsibilities with the internal audit function. Or, they at least can have similar insights that are worth sharing with each other through combined assurance.
Benefits of combined assurance
Much as sales and marketing can benefit from coordination, so too can these different oversight groups. Combined assurance helps different departments find alignment in their work and better understand one another. As a result, combined assurance can yield benefits such as:
Combined assurance helps departments understand what related teams are working on so as to minimize unnecessary overlap. That can save time, money and overall make it easier to digest internal audit findings.
As alluded to, combined assurance can streamline the presentation of findings to management and other stakeholders. By minimizing overlap and creating more of an integrated report, that not only can reduce workloads of internal assurance groups but also reduce repetition that might otherwise make its way into reports.
Improved risk management
Improving coordination through a combined assurance process can improve risk management too. Combining two pieces of a risk assurance puzzle, such as an insight from internal audit and an insight from another assurance provider like ERM, can unlock new risk findings that might not have otherwise been discovered, even by an external auditor.
In some cases, overlap among departments will still exist, but that doesn’t have to be a negative. With combined assurance, internal audit and related teams can have greater confidence in their oversight. If they see that other assurance providers have come to similar conclusions, whether that’s related to reviewing financial statements, identifying key risks, or other assurance activities, they may be more confident they’re on the right track.
How to implement combined assurance
To implement combined assurance, a Chief Audit Executive or a group of internal audit leaders can be the ones leading the charge. Considering internal audit’s overarching mandate to assess risk, governance and controls, it often makes sense for this group to be the one that coordinates with other departments, rather than having a team with a narrower focus in the driver’s seat.
Yet simply setting up meetings with other teams to discuss their work often isn’t enough to yield all the benefits of combined assurance. That’s where technology like TeamMate+ can come in and strengthen a combined assurance approach. Using TeamMate+ for combined assurance can help internal audit leaders share data and analytics among departments, develop a combined assurance framework, track progress on combined assurance initiatives, and more.
Overall, software like TeamMate+ can be used to make combined assurance implementation more systematic and streamlined for internal audit and related departments. In turn, that can lead to more effective internal audit insights and presentations of findings.
1 The Institute of Internal Auditors (IIA)