The definition of internal audit includes both assurance and consulting activity. Despite this clear definition there is often debate about the role of internal audit in providing consultancy (advisory) services within the organisation.

• Where do you stand?
• Is this a discussion you can confidently have with your audit committee?

This thought leadership piece explores what the standards say, and the challenges facing audit leaders. It also sets out questions to consider in relation to the myriad of governance reviews currently ongoing that have the potential to influence the future role of both internal and external audit.

It is easy to see how assurance and advisory services are intertwined, not just for internal audit but for our counterparts in external audit firms too.

There is a natural fluidity between identifying a control weakness and implementing a solution. A similar overlapping exists between designing effectiveness controls in a new system and having expert knowledge to perform compliance checks. For the same reasons, there is also a natural conflict of interest between the same people performing the two roles.

IPPF - assurance and advisory

Audit committees have clarity on the differentiation between the audit and non-audit services obtained from their external audit firm; a situation which will crystalise further still following the FRC’s request in February 2020 for the big four to voluntarily undertake ‘operational separation’ to improve transparency and governance.

Is the same true of their understanding of the different services obtainable from their internal audit functions?

In its guidance on consultancy engagements, the Institute states that there is not an absolute distinction between assurance work and consultancy work. Assurance work may lead to the identification of further audit support in terms of a bespoke consultancy engagement. Consultancy work, on the other hand, enriches and contributes to the overall assurance that…