A new approach: Creating an Assurance Map

The statutory audit is just one source of assurance over the many different risks facing a company. Because the types of risks facing a business - as well as the level of assurance each company’s stakeholders want about those risks - vary so widely, there is a need for a more flexible regime.

One way of obtaining assurance over those different risks would be to make it an explicit responsibility for the audit committee to determine the level and type of assurance needed by their company’s stakeholders. Creating this Assurance Map would prompt a constructive discussion at the top of the business about the needs of their stakeholders. This would involve identifying:

  • the principal risks faced by the company 
  • the controls in place to mitigate those risks 
  • the key performance indicators relevant to the company (which could be financial or non-financial) 
  • the information and results needed by users to assess risks, related controls and key performance indicators
  • the assurance available, including who provides the assurance and how often. 

The statutory audit would form one part of the Assurance Map, providing a level of assurance over a company’s financial statements. It would then be possible for the audit committee to commission additional assurance, but not as part of the statutory audit, over the other areas that are important to stakeholders. 

The various sources of assurance available to meet the needs of stakeholders could be made more visible by requiring a company to publish its Assurance Map at the beginning of the audit cycle. This would give an opportunity for stakeholders to comment on and, if necessary, challenge the areas for which they want more or less assurance. This means that the range and type of assurance over each company would be tailored depending on the needs of its stakeholders. And as stakeholders’ expectations change over time, the assurance sought could be altered to best meet their needs. The approach would also ensure that there is clarity over the boundaries of the statutory audit and the external auditor’s liability and duty of care in delivering that work.

Contact us

Kevin Ellis

Kevin Ellis

Chairman and Senior Partner, PwC United Kingdom

Hemione  Hudson

Hemione Hudson

Head of Audit, PwC United Kingdom

Follow us