Assurance: is yours worth the paper it’s written on?


The word, “assurance” is used loosely as a badge to cover many activities carried out by in-house teams and by third party providers. The effectiveness and reliability of these activities can vary widely.

Weak or ineffective assurance leads to wasted time, effort and money and unpleasant commercial surprises. It is important, therefore, to understand exactly what, “assurance” means in order to be able to judge whether what is being delivered in your organisation is reliable, cost effective and properly targeted.

A definition of assurance

The International Auditing and Assurance Board is an independent standard-setting body that serves the public interest by setting high-quality international standards for auditing, assurance, and other related standards and in so doing enhances the quality and consistency of practice throughout the world and strengthens public confidence in the global auditing and assurance profession.

The IAASB defines an assurance engagement as one, “in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.”

A practical example: Cost verification

As a client (user) using target cost or cost reimbursable contracts to deliver programmes of work, you will no doubt want to be confident that you are paying the right amount of defined or actual cost (subject matter) to your contractor (responsible party).  To achieve the required level of confidence you will employ a third party or an in-house team (practitioner) to express a conclusion that reported costs are in compliance with the Contract (criteria).

Understanding the elements of assurance

To make sure that assurance engagements being delivered in your organisation are reliable, cost effective and comprehensive, it is useful to understand some elements of the definition of an assurance engagement in more detail.

A practitioner

The objective of assurance is to deliver, “enhanced confidence”. To achieve this, the practitioner must be, “objective” and work with “professional competence and due care”.  This implies whoever is carrying out the assurance work must free and be seen to be free of anything which might compromise their independence.  It also means they must understand the International Audit Standards.

A conclusion

The output from any assurance work should be a clear conclusion.

Subject matter and enhanced confidence

These two concepts are worth considering together. As a client (user) you will seek enhanced confidence in those areas of greatest risk.  Developing the example of cost verification above, you will be more interested in enhanced confidence over a £1million of staff costs than £20,000 of staff expenses.


To provide assurance, the practitioner must have criteria to compare with what the responsible party is actually doing. For the cost verification example, a schedule of cost components in the Contract is an example of criteria.  It sets out what the contractor (responsible party) can charge as defined or actual cost.

Questions you can ask

Based on a fuller understanding, here are some questions you can ask to understand whether assurance in your organisation is reliable, cost effective and properly targeted:

1. Are the people delivering assurance assignments independent? For example:

  • If you are using a third party assurance provider, does it work for the contractors on other unrelated assignments which it is providing you with assurance on?
  • If you are using a third party assurance provider, could its assurance conclusions be influenced by its desire to sell on other services?
  • If you are using an in-house team, is the team sufficiently arms-length from contractors or are they too close?

2. Are the people or organisations delivering assurance sufficiently trained in International Audit Standards to provide robust and reliable conclusions?

3. Are the people or organisations delivering assurance using appropriate assurance methodologies and IT tools?

4. Is there a clear conclusion from assurance activity?

5. Does your assurance activity cover the right subject matter, that is, the areas where you feel at greatest risk?

6. Are there clear criteria to support assurance or are they undermined by, for example, a badly written contract which is open to different interpretation or a lack of common understanding over expected behaviours?

If the answer to any of these questions is, “no” then you are probably wasting money and worse, are at risk of an unpleasant commercial surprise as your assurance activity may not be sufficiently robust to spot problems early and enable you to head them off.