Prepare a formal business case in support of internal audit leading a combined assurance initiative.

Gain support and backing from the Audit Committee and Senior Management.

Articulate why internal audit is best-suited to take on a leadership role in implementing

Combined Assurance. Reference:

Present your business case and discuss the challenges of the siloed approach

and the anticipated benefits of Combined Assurance. Bring:

☐ IIA Standard 2050

☐ The Three Lines Model

☐ Sample Assurance map

☐ A list of all known assurance providers.

☐ Sample Assurance map.

☐ Examples of various Assurance Reports.

☐ The Three Lines Model.

01

02

Take an inventory of assurance providers in your organization.

Perform an inventory exercise to identify all assurance providers. Identify them by:

☐Reviewing the organization chart.

☐Reviewing Board meeting agendas and Board minutes.

☐Interviewing the Chief Risk Officer.

03

Hold initial meetings with each of the assurance providers.

Explain the concept of Combined Assurance and tailor your message to each assurance

provider. Meeting objectives include:

☐ Explain the concept of Combined Assurance.

☐ Emphasize that the goal is not to change reporting structures or mission statements.

☐ Share objectives, scope, and timing of upcoming reviews and assessments.

☐ Document the key characteristics of each department in a profile or scorecard.

04

Determine and document a basis for reliance on the work of other assurance providers.

Formalize an assurance working group.

Document the basis of reliance based on where each provider falls in

your method of rating. Assess:

Identify the project benefits for all parties and establish regularly scheduled

meetings (e.g. quarterly). Prepare a:

☐ Independence.

☐ Objectivity.

☐ Skills.

☐ Knowledge.

☐ Reporting.

☐ Methodology.

☐ Scope.

☐ Formal Combined Assurance charter defining the role of each function, the common goal,

and the expectation of the work, relationships, and activities.

☐ Formal Combined Assurance map.

☐ A single consolidated issues report to demonstrate the value to Senior Management and to

make the case for investment in technology.

05

06

Leverage technology to combine key activities and reports.

Make the business case for a technology platform that enables Combined

Assurance, and bring references of what your data looks like in a technology

solution such as sample reports including:

☐ Single Integrated Issues report.

☐Consolidated Assurance report.

☐Combined Schedule.

07

Combine assurance activities into one seamless process.

A mature Combined Assurance process includes formal support from the Audit Committee

and Executive Management, as well as:

☐ One enterprise-wide risk assessment.

☐ One consolidated schedule (consider jointly staffed engagements).

☐ One consolidated knowledge management program.

☐ Jointly developed and cross-functional data analytics.

☐ Joint training on common topics.

08

Best Practice Framework for Advancing Combined Assurance