What is combined assurance in internal auditing?
Internal audit teams frequently need to expand beyond their current techniques of managing risk, controls, and governance inside their businesses to provide the greatest value to their companies. Combined assurance must also be used, as it can distinguish between mediocre and excellent internal auditing.
Even though internal audit has significant responsibilities, several other departments have roles that overlap with or complement internal audit. Therefore, the internal audit’s presentation of results to the audit committee, upper management, and other stakeholders may fall short unless these groups collaborate and employ combined assurance.
First, let’s define combined assurance before delving into the reasons behind and strategies for implementing it inside internal audit.
According to the Institute of Internal Auditors, combined assurance is the process of parties, both external and internal, combining their resources to report information to their higher-ups.
Put differently, combined assurance is the process of bringing together multiple groups involved in governance, controls, and risk management.
The internal audit function may share certain tasks with other departments, such as enterprise risk management (ERM), information security, environmental, health, and safety (EHS), internal control over financial reporting/Sarbanes Oxley (ICFR/SOX), compliance, and legal. Alternatively, they may have similar ideas worth sharing with one another via combined assurance.
Combined assurance advantages
As much as coordination can help marketing and sales, it can also help these various oversight groups. Combined assurance facilitates greater understanding and work alignment between several departments. Thus, integrated assurance can result in advantages like:
Reduced overlap
Combined assurance reduces needless overlap by assisting departments in understanding what linked teams are working on. In general, that can facilitate the assimilation of internal audit results and save time and money.
Reporting that is more efficient
As previously mentioned, integrated assurance can simplify the way findings are presented to management and other relevant parties. By reducing overlap and producing more integrated reports, internal assurance teams’ workloads and repetition that might otherwise find their way into reports can be decreased.
Enhanced risk mitigation
Enhancing collaboration via a unified assurance procedure can also enhance risk control. Putting together two pieces of a risk assurance puzzle can yield new risk findings that might not have been found otherwise, even by an external auditor. Consider, for example, a finding from an internal audit and a finding from a separate assurance source like ERM.
Increased confidence
Departmental overlap will still occur in some circumstances, but this need not be a bad thing. Internal audit and associated teams can feel more confident in their oversight with combined assurance. They might feel more assured that they’re headed in the right direction if they observe that other assurance providers, whether in financial statement review, risk identification, or other assurance operations, have reached similar conclusions.
How to use combined assurance
A Chief Audit Executive or a team of executives in internal audit might take the lead in implementing integrated assurance. It frequently makes sense for internal audit to be the department that collaborates with other divisions. This is instead of putting a team with a more specific objective in charge, given the overall mandate of internal audit to analyze risk, governance, and controls.