P3 Assurance and consultancy

an objective examination of evidence for the purpose of providing an independent assessment on governance, risk management and control processes for the organisation. example may include financial, performance, complincesystem security and due diligence

advisory and related client service activities, the nature and scope of which are agreed with the cleint and whihc are intenced to add value and improve an orgnanisations governance, risk management and control process without the internal auditor assuming management responsibility. e.g. counsel, advice, facilitation and training

• control risk self assment
• risk conrl seminar
• project advice
• business proces advice
• mentoring
• training - use of CAATs

Appropriate when

• id opts to enhance risk management or cost saving
• add to understanding of org
• consistend with IA remit
• clear TORs understood by all parties
• Not impaire profession std and code of ethics
• compleme or ad to overall assurance work
• not negat responsibiity for the HIA to report to AC

• need of management
• possible motivations and reason for request
• extent work needed to achive obj
• skills and resources
•  effect on work on original audit plan
• potential impact on future assurance work

See slide differences - scope, nature, report

a