Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Prepare a formal business case in support of internal audit leading a combined assurance initiative.
Gain support and backing from the Audit Committee and Senior Management.
Articulate why internal audit is best-suited to take on a leadership role in implementing
Combined Assurance. Reference:
Present your business case and discuss the challenges of the siloed approach
and the anticipated benefits of Combined Assurance. Bring:
☐ IIA Standard 2050
☐ The Three Lines Model
☐ Sample Assurance map
☐ A list of all known assurance providers.
☐ Sample Assurance map.
☐ Examples of various Assurance Reports.
☐ The Three Lines Model.
01
02
Take an inventory of assurance providers in your organization.
Perform an inventory exercise to identify all assurance providers. Identify them by:
☐Reviewing the organization chart.
☐Reviewing Board meeting agendas and Board minutes.
☐Interviewing the Chief Risk Officer.
03
Hold initial meetings with each of the assurance providers.
Explain the concept of Combined Assurance and tailor your message to each assurance
provider. Meeting objectives include:
☐ Explain the concept of Combined Assurance.
☐ Emphasize that the goal is not to change reporting structures or mission statements.
☐ Share objectives, scope, and timing of upcoming reviews and assessments.
☐ Document the key characteristics of each department in a profile or scorecard.
04
Determine and document a basis for reliance on the work of other assurance providers.
Formalize an assurance working group.
Document the basis of reliance based on where each provider falls in
your method of rating. Assess:
Identify the project benefits for all parties and establish regularly scheduled
meetings (e.g. quarterly). Prepare a:
☐ Independence.
☐ Objectivity.
☐ Skills.
☐ Knowledge.
☐ Reporting.
☐ Methodology.
☐ Scope.
☐ Formal Combined Assurance charter defining the role of each function, the common goal,
and the expectation of the work, relationships, and activities.
☐ Formal Combined Assurance map.
☐ A single consolidated issues report to demonstrate the value to Senior Management and to
make the case for investment in technology.
05
06
Leverage technology to combine key activities and reports.
Make the business case for a technology platform that enables Combined
Assurance, and bring references of what your data looks like in a technology
solution such as sample reports including:
☐ Single Integrated Issues report.
☐Consolidated Assurance report.
☐Combined Schedule.
07
Combine assurance activities into one seamless process.
A mature Combined Assurance process includes formal support from the Audit Committee
and Executive Management, as well as:
☐ One enterprise-wide risk assessment.
☐ One consolidated schedule (consider jointly staffed engagements).
☐ One consolidated knowledge management program.
☐ Jointly developed and cross-functional data analytics.
☐ Joint training on common topics.
08
Best Practice Framework for Advancing Combined Assurance