Assurance is a general term for the comfort that can be derived from credible information. Here you can find guidance on: what assurance means, what can trigger the need for assurance, what an assurance engagement is and what assurance mapping is.
These operational and reporting processes enable users to make decisions and develop policies. Confidence diminishes when there are uncertainties around the integrity of information or of underlying operational processes.
There is a range of different ways of getting assurance, often summarised into the four lines of defence, which are:
ICAEW's guidance on assurance focuses on the last two lines of defence, where assurance is taken from the independent work of an assurance provider either internal or external to the organisation.
Something has happened that has raised the question of whether more assurance is needed.
This could be as routine as a director reviewing an assurance map and finding a place where a changing situation means that further assurance would be useful.
It could be the result of a new regulatory requirement, or it could be a concern (or the anticipation of a concern) raised by a stakeholder either inside or outside the organisation.
Or, in some cases, it could be a problem caused by poor-quality information leading to bad decisions, or failing to stand up to outside scrutiny.
Whatever the reason, a risk has been identified that might be mitigated if a piece of information was subject to greater scrutiny.
Gaining assurance is a way of managing a wide range of risks, and an assurance map is a governance tool that shows at a glance how risks and assurance have been aligned across an organisation.
Managing risks is not the same as eliminating all risks. Without some level of risk, no organisation would be able to achieve its goals. The purpose of good risk management is to control the level of risks to suit the risk appetite of the business.
The assurance mapping process can be useful to organisations of any size or complexity, with or without a full assurance map being maintained.
The Amended International Framework for Assurance Engagements, developed by the International Auditing and Assurance Standards Board (IAASB), identifies five elements that all external assurance engagements share:
The need for assurance only arises when one party wishes to take comfort over a subject matter prepared by a second party, and the assurance is only provided when a third party can provide an independent perspective.
That independent perspective is only useful if it is well understood by everyone involved, hence the importance of agreement on the subject matter and suitability in the criteria that it is assessed against.
The written report allows the first and second parties to hold the assurance provider to their word. If it is not supported by sufficient and appropriate evidence, then it may be providing false assurance. These elements are therefore necessary to ensure a good quality engagement.
The work of a professional accountant should always increase the confidence of those referring to it. However, that work is often concerned with the first and second lines of defence, and not with the provision of independent assurance that forms the third and fourth lines of defence.
The distinction may seem subtle, but it has significant implications in terms of the investment required to obtain the result and the level of comfort that can be taken from that result.
For example, an internal auditor could design a system of internal controls. An external professional accountant could put together an organisation’s statutory financial statements. In either case, the organisation would benefit from the expertise and skills of the practitioner.
If, however, further assurance was required, the practitioner would need to consider whether prior involvement with preparation of the subject matter (the internal controls or financial statements referred to above) constitutes a threat to their independence as an assurance provider and, if so, what steps should be taken to reduce such a threat to an acceptable level.
Relevant requirements and guidance can be found in our section on Professional Ethics and Independence.
This page is part of ICAEW’s online assurance resource, which replaces the Assurance Sourcebook.