Audit and Assurance: A Balancing Act

Audit teams are blessed with deep finance and accounting expertise to meet statutory financial control and reporting duties. Recently, however, the business environment has become much more complex, with major shifts in technology and enterprise critical programmes to deliver change. As a result, the role of audit has expanded, leading many audit committees to rethink the skills they need and creating significant challenges for audit functions.

For more advice on balancing traditional audit with pragmatic assurance, please contact .

For more advice on balancing traditional audit with pragmatic assurance, please contact

This presents a number of challenges:

Maintaining credibility and adding value

How can Internal Audit add valuable insight whilst preserving that all-important independence – and without disrupting project teams?

Some audit teams find themselves in a classic Catch 22 situation whereby management won’t let them near a major project for fear that they will disrupt an important initiative at a crucial time for no obvious benefit. This is because they lack the necessary track record of successfully performing such reviews - and yet how do they get on the first rung of the project assurance ladder to show how they can help?

Keeping pace with emerging trends  

Identifying emerging risks and keeping up with changing approaches in project management takes time and resources. Internal Audit need to ensure that the team’s knowledge and work programmes are kept up to date to reflect these changes, as well as identifying appropriate and pragmatic responses.

Getting to grips with Agile

The growing use of Agile for non-IT and IT projects means that almost all auditors are now coming into contact with Agile. Some are hesitant at the prospect of auditing what is an unfamiliar approach that, anecdotally, appears to lack both governance and control. Understanding the benefits and risks presented by agile change projects is key, as well as the identification of appropriate control and governance responses.

Maintaining and extending audit coverage

It can be a perpetual balancing act trying to: (a.) accommodate the less predictable and fluctuating demand for project assurance, at the same time as (b.) continuing to deliver to an annual audit plan and timetable agreed with the Audit and Risk Committee.

Access to the right audit resources

Meeting this fluctuating demand requires resources of the right experience and calibre. It is a challenge to build and retain sufficient in-house audit resources with the necessary deep and wide knowledge and experience of projects, to be able to swiftly deliver health checks and audits with confidence. These auditors must have the ability to quickly hone in on the key risks that threaten the project’s success, and make pragmatic recommendations to address them – all without any loss of rigour. Such resources are often difficult to retain.

Indeed, in organisations that view Internal Audit as a talent pool, specialist auditors are regularly lost to the business, often at short notice, leaving Audit to rebuild the skills base yet again.

Overcoming audit challenges

So how can you supplement, strengthen and support audit teams to overcome these challenges and meet such fast-advancing requirements? The Institute of Internal Auditors defines the ideal audit space within an organisation as follows:

“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” [1] 

The IIA’s definition of assurance requirements provides a solid foundation from which to build your audit team's capability. From the viewpoint of project assurance and audit specialists, this is what we recommend:

  • Make sure assurance remains independent and objective, offering a trusted view at a granular level without politics or bias.
  • Use a methodology/model that allows you to identify potential risks, benchmark against best practice and generate any necessary remedial actions.
  • Don’t just ask ‘have the risks been reviewed and mitigated?’ but ‘have the right risks been considered?’ and 'have all risks been uncovered?'
  • Adopt a supportive and collaborative approach, ensuring that you remain open, conversational and diplomatic - earn trust by asking open questions and sharing thinking.
  • Consider using a bottom-up approach to supplement the usual top-down consulting method - this helps build a content-rich, concentrated action-plan.
  • For many organisations, a co-sourcing approach works most effectively, so that practitioners or consultants can support and supplement existing teams, whilst building internal capability.
  • Focus on building in-house skills and knowledge to increase your audit team's business credibility so that you are considered an essential part of the governance for all transformation and change projects.

For more information on independent assurance for project audits, please contact


[1] Definition of Internal Auditing from The Chartered Institute of Internal Auditors