Close up of a Jenga tower and someone pulling out a piece

Effective Risk Mitigation: Integrating Assurance and Internal Audit

February 11, 2020

Effective Risk Mitigation: Integrating Assurance and Internal Audit

3 Minute Read

Find out how integrating assurance and internal audit functions helps minimize risk and boost organization’s effectiveness with MNP’s Maggie Kiel’s blog.

Maggie Kiel
Maggie Kiel, MBA, CIA, ABCP, CRMA, ICD.D
National Leader Governance and Risk

The areas of risk identification and mitigation have exploded for organizations since the turn of the new millennium. Cyber threats, financial exposure, reputational integrity — all are areas of focus by boards and stakeholders looking for efficient and effective solutions.

An integrated risk-based approach to assurance driven by internal audit and applied to governance, risk management and internal controls delivers efficiency by supporting informed decision making and effective resource allocation. It helps to ensure the organization is focusing its assurance and audit efforts of either key risk exposures or key controls/mitigation strategies. Benefits include a clear view of vulnerabilities, opportunities and value drivers.

Yet many organizations fail to implement an integrated approach or do so ineffectively. The following steps will help your organization reach the level of assurance and risk mitigation required to succeed in today’s complex business environment.


A successful integrated approach starts with a robust organizational risk assessment. This enables internal audit to focus on areas of highest risk and greatest value to the organization when planning its risk-based internal audit plan. 

Understand the Risks: Start by reviewing and understanding your organization’s strategic priorities. Know what the organization wants to accomplish and by when. When your objectives are specific, achievable, realistic and have an associated timeframe, you can better assess the risks to the organization and what could prevent it from being successful. Through this exercise, understand not only the key risk exposures the organization is challenged by, but also the critical controls that help to mitigate the risk exposures. Internal audit’s focus should be ensuring management is addressing key exposures, as well as ensuring critical controls are designed and operating effectively.

Establish a Plan: Based on the risk assessment, develop a robust one to two-year internal audit plan to ensure the areas of highest risk and of critical importance – the areas that provide the highest value – in your organization are addressed. These internal audits may be a combination of compliance, consulting, value for money, internal controls, forensic or program reviews.

Collaborate and Coordinate: Most organizations have separate compliance, reporting and assurance functions which operate discretely from risk management (and internal audit). By connecting and collaborating with these assurance and compliance functions, internal audit can be the main conduit in coordinating the various assurance and compliance activities and avoiding duplicate reviews. This increases overall audit and compliance efficiency and reduces audit fatigue. An integrated assurance approach also ensures critical risk exposure are covered off either through internal audit or other assurance functions. Developing a comprehensive view of assurance activities across all providers (including internal and external audit) linked clearly to organization-wide risks drives a robust plan for risk mitigation across the organization.


In addition to integrating internal assurance and audit functions, coordinating with external audit can save time and reduce costs to an organization. Internal audit engagements can be aligned with external audit allowing external auditors to leverage the work of internal audit in the areas such as internal controls over financial reporting or testing of IT controls.

For instance, organizations who receive grants from third parties can leverage an integrated audit approach (led by internal audit) focusing on grant and funding requirements being met either in support of or in advance of an external compliance audit. While this reduces the costs associated with an externally provided compliance assessment, it also decreases both the demands on management having to work with an external compliance auditor and eliminates the element of surprise if internal audit has already identified any unmitigated exposures or gaps and management is already actively addressing these. In that vein, internal audit can work with departments to ensure they know what the grant agency’s compliance requirements are, that an appropriate system of controls is in place and operating effectively and prepare for any external audit requirements in advance.


In doing so, internal audit furthers its reputation as a trusted advisor of senior management providing the analysis and insights needed to minimize risk, and more effectively deploy resources.

For more information, contact Maggie Kiel, National Leader, Governance and Risk, at 403.537.7624 or [email protected]


  • Stack of brand new tractor tires

    July 30, 2021

    New tax incentive on equipment purchase provides immediate benefit

    Federal Budget 2021 provides an upfront tax incentive for Canadian-controlled private corporations (CCPC) to undertake significant capital asset puchases. It does so by allowing for the immediate deduction of up to $1.5 million of certain depreciable property purchased from arm’s-length parties between April 19, 2021, and January 1, 2024.

  • Confidence
    Holding a portfolio on one hand, comparing data on another

    July 28, 2021

    How to optimize value from an Internal Audit co-sourcing partnership

    Co-sourcing your internal audit function can help you navigate several contemporary challenges — including the need for greater agility and subject matter expertise, as well as cost and resourcing pressures. Here we investigate practical steps to find the right vendor and make this relationship as seamless, targeted, and cost effective as possible.

  • Progress
    person reviewing graphs on their phone

    July 26, 2021

    Automating finance, so you can focus on your business

    Cloud accounting and bookkeeping solutions allow you to focus on the critical parts of your business instead of shuffling through paperwork every week.