The statutory audit is just one source of assurance over the many different risks facing a company. Because the types of risks facing a business - as well as the level of assurance each company’s stakeholders want about those risks - vary so widely, there is a need for a more flexible regime.
One way of obtaining assurance over those different risks would be to make it an explicit responsibility for the audit committee to determine the level and type of assurance needed by their company’s stakeholders. Creating this Assurance Map would prompt a constructive discussion at the top of the business about the needs of their stakeholders. This would involve identifying:
The statutory audit would form one part of the Assurance Map, providing a level of assurance over a company’s financial statements. It would then be possible for the audit committee to commission additional assurance, but not as part of the statutory audit, over the other areas that are important to stakeholders.
The various sources of assurance available to meet the needs of stakeholders could be made more visible by requiring a company to publish its Assurance Map at the beginning of the audit cycle. This would give an opportunity for stakeholders to comment on and, if necessary, challenge the areas for which they want more or less assurance. This means that the range and type of assurance over each company would be tailored depending on the needs of its stakeholders. And as stakeholders’ expectations change over time, the assurance sought could be altered to best meet their needs. The approach would also ensure that there is clarity over the boundaries of the statutory audit and the external auditor’s liability and duty of care in delivering that work.