3 Risk-based assurance
The term ‘assurance’ refers to checking and testing, that the oversight that should be happening is happening. People who conduct assurance can often go under the generic title of ‘auditors’. Auditors generally look for evidence that such activities are taking place.
Best practice is to have assurance activities focused on your risks – but what does this mean in practice? In the following sections you will look at how the facets of the control framework should be audited. This audit has certainly got to extend to reviewing the potential impact of behavioural weaknesses amongst employees and ensuring that these do not impair effective risk management.
You can recap the purpose of actions and controls in Session 5, Video 1.