• Blog

Thinking Like an Auditor

  • Combined Assurance Led by Internal Audit

    April 5, 2018 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA, CFE

    Combined Assurance Led by Internal AuditWe’ve been talking about internal audit as a trusted advisor for a few years now. Many departments have excelled in increasing the presence of internal audit in their organizations by taking on a risk and control advisory role, while maintaining independence, to deepen the trust in the auditors as risk and control experts. It’s time for us to evolve beyond trusted advisor to relevant partner. An advisor is someone you call occasionally for an opinion, but a partner is the one you consider in every decision. Within internal audit, we have an opportunity to assume the role of relevant partner through the process of combined assurance.

    Under the broad umbrella of providing assurance, we find overlapping responsibilities among groups within many organizations. Internal Audit; Enterprise Risk Management (ERM); Environmental, Health & Safety (EHS); Information Security; Legal Compliance; Internal Control over Financial Reporting/Sarbanes Oxley (ICFR/SOX); and many other teams are working toward a common goal to provide assurance and advisory services to management to support the decision making and risk mitigation processes. Unfortunately, these groups tend to work in silos, which adds to management’s “assurance fatigue ”. When we look closely at the functions of these departments, internal audit is in a unique position to build relevant partnerships.

     

     

     

    Among the many benefits that we’ll see from these new, stronger partnerships; our organization will begin speaking about topics like risks, controls, and issues using one consolidated terminology. We’ll see increased efficiency in collecting and reporting information, and ultimately, we’ll experience more effective governance, risk, and control oversight. By building relevant partnerships with other internal assurance teams, we’ll naturally prevent management from being overwhelmed by information and reports and succumbing to “assurance fatigue”.

    To streamline the efforts of these teams, and to enhance the organizational value of everyone involved, we should consider combining our assurance efforts and aligning our activities, especially in the areas of audit planning and board reporting. Based on the most recent update to the IIA Standards, we have an opening to align our efforts with our assurance partners in order “to ensure proper coverage and minimize duplication of effort” (IIA Standard 2050).

    Download the Latest Report on Combined Assurance
  • View Demo
    Contact Us
    Request More Information