The rise of proactive assurance, and why it’s here to stay

Internal audit has historically been a traditional assurance function, oftentimes reactive in nature with an emphasis on back-testing processes, systems and related controls that have previously been implemented by an organization. The focus typically has been on the past, on assessing and reacting to what has already taken place within an organization – and senior leaders and audit committees have agreed with this mindset. But that old-school perspective is changing.

Proactive assurance: The wave of the future  

A growing trend in the internal audit industry is an increase in advisory projects that focus on strategic, organizational change events, emerging risks introduced by shifts in the external landscape or sometimes in working with the business to help enhance the control environment. These advisory projects, also known as proactive assurance engagements, are opportunities to utilize forward-looking techniques when the organization is planning to implement a new system, outsource core functions or resources, execute a merger, acquisition or divestiture, or develop and implement engines for future growth.  

To explain a bit further, proactive assurance involves applying an internal audit lens to an organization’s key relationships, products, processes and functions to help determine whether they are achieving the necessary objectives and delivering the expected capabilities. This is accomplished by using a proactive mindset at the early or mid-level stages of an engagement, rather than waiting until the end and then examining achievements and failures in retrospect.  

And to be clear, proactive assurance isn’t a trend in its infancy. This movement has been coming for years. It’s already making a major impact in the world of internal audit, spanning virtually every industry, and it’s likely here to stay. Many organizations are shifting their internal audit programs to a higher volume of forward-looking procedures, so much so that many internal audit functions are allocating more of their resources to proactive assurance these days than to traditional assurance.