Internal audit leaders often find that their work not only bumps up against what other departments do but actually overlaps. In addition to overseeing internal financial audits, chief audit executives (CAEs) and other audit leaders tend to also touch on assurance areas like internal controls and risk management.
As such, there can be crossover with several other departments that are supposed to have their own assurance duties. To transform these similar responsibilities from being an inefficient nuisance (or worse, an overreach of audit independence) into a value-add, audit leaders should focus on combined assurance.
- What is combined assurance?
- Why is combined assurance important?
- What role does internal audit have in a combined assurance plan?
- How can internal audit implement a combined assurance plan?
What is combined assurance?
Combined assurance is the concept that the various assurance providers within an organization coordinate and find alignment on their work. From there, combined assurance allows these assurance providers to then present a streamlined, cross-checked view of a company’s controls, risk, and governance to senior management, the audit committee, and other relevant stakeholders.
Combined assurance can occur amongst groups with somewhat overlapping or at least similar responsibilities, such as internal audit; legal/compliance; enterprise risk management (ERM); environmental, health & safety (EHS); information security; and internal control over financial reporting/Sarbanes Oxley (ICFR/SOX).
Combined
assurance occurs when all assurance groups within an organization
coordinate to get on the same page and minimize unnecessary overlap. Combined assurance goes further than basic communication and coordination. It involves consolidation of assurance reporting, technology, processes,and more.