Drawing lessons from high profile bankruptcies of major groups in the recent past, companies have realised the need to manage all risks that may jeopardise their existence and development. Accordingly, a number of them have put in place the necessary structures that would enable them to identify such risks for effective management. The ultimate goal is to provide an assurance that Management has taken the necessary actions to mitigate the risks identified on the targets or strategies. It is within such a context that internal audit is given the responsibility to independently scrutinise risk management, control and governance.
Assurance connects assurance providers and third-party recipients around specific goals with known benchmarks. The credibility of assurance depends on competence, independence, objectivity and the specific target.
The function of an assurance provider is based on the objective consideration of the facts in order to independently give an opinion (assurance) on the adequacy of the governance and control structures regarding the risks identified. The function of consulting is quite similar to that of an assurance provider and involves advice on the activities of the client. The nature and scope of consulting are agreed in advance and the aim is to improve the organisation and activities in the areas examined.