Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorStandards and GuidanceBreadcrumb SeparatorRecommended GuidanceBreadcrumb SeparatorPractice GuidesBreadcrumb SeparatorReliance by Internal Audit on Other Assurance Providers

Practice Guide: Reliance by Internal Audit on Other Assurance Providers
Recommended Guidance

Ever-increasing compliance requirements and business complexity have driven companies to establish or procure other risk management and assurance functions. They are charged with measuring and reporting risk, identifying control gaps, tracking remediation, and concluding whether control processes are operating effectively in specific areas. Examples of some internal assurance providers are identified as environmental compliance groups, quality management functions that focus on manufacturing activities, internal control teams that assess controls over financial reporting, and IT governance groups. External assurance providers are often engaged to communicate an opinion to another auditor regarding specific control objectives operated by a service provider. These activities provide assurance on the areas they assessed and recommendations to strengthen the related controls, often in areas that are within the scope of internal audit’s work.

This practice guide provides guidance to the CAE and internal audit leadership on an approach for relying on the assurance provided by other internal or external assurance functions. A continuum of five principles determines the extent of reliance:

  • Purpose
  • Independence and Objectivity
  • Competence
  • Elements of Practice
  • Communication of Results and Remediation

Downloads and Links

Non-members may purchase this Practice Guide from the IIA Bookstore.


An updated edition of the International Professional Practices Framework (IPPF) guide, more commonly known as the Red Book, is now available. Visit the IIA Bookstore for more information.