The objective of assurance services is to

Assurance services involve the internal auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, operation, function, process, system, or other subject matters.  The nature and scope of an assurance engagement are determined by the internal auditor. Generally, three parties are participants in assurance services: (1) the person or group directly involved with the entity, operation, function, process, system, or other subject matter — the “process owner”, (2) the person or group making the assessment — the internal auditor, and (3) the person of group using the assessment — the user.

—International Standards for the Professional Practice of Internal Auditing


General Non-IT Assurance Areas

A particular engagement may include procedures from one or more of the following assurance areas, in addition to related IT Risk Assurance procedures, utilizing Data Analytics to extent feasible:

Financial Reporting and Controls

Assessment designed to determine the existence and effectiveness of financial accounting/reporting processes and related internal controls, in compliance with relevant University policies and applicable contractual or legal/regulatory requirements.


Assurance with respect to particular source(s) of compliance obligations, including regulations, sponsor or donor restrictions, etc.

General Operations / Business Process

Operational or performance audits to determine whether management is appropriately and effectively measuring, evaluating and reporting the effectiveness of the operation or functional area.

Follow-up Review

Semiannual review of all open planned management corrective/risk-mitigation actions arising from Medium and High risk Key Obervations contained in issued UAO reports, based on target completion date.


Relative Levels of Assurance by Engagement Type

Different types of assurance engagements result in different levels of relative assurance, depending on the engagement objectives (including desired level of assurance) and available resources.

Risk Assessment

Assessment of relevant risks to an entity, operation, system, etc.  Typically does not involve direct testing of transactions, processes, etc.  Lowest level of assurance.


Assessment of relevant risks to an entity, operation, system, etc.  Moderate level of assurance, obtained through review of available evidence (e.g. transaction documentation), typically on a sample basis from an overall population.


An independent/objective assessment of available evidence through testing and other procedures (inspection, observation, inquiry, reperformance/recalculation) to render an opinion/conclusion regarding the subject matter subject to scrutiny.  High level of assurance, achieved through more extensive procedures (testing, sampling, etc.)


A comprehensive examination of all available evidence to prove/disprove a hypothesis or expel any doubt regarding a particular subject matter.  Provides the highest level of assurance.

The main objective of an assurance engagement is to let the professional and independent audit firms perform their works and express their opinion based on the level of assurance that they are engaging in.

There are two common levels of assurance engagements that audit firms normally offer and provide. First is the reasonable assurance and the second is limited assurance engagement.

Reasonable assurance is normally expressed in a positive form. It is sometimes called positive assurance.

This type of assurance engagement expresses their opinion that reduces the assurance engagement risks to the acceptable low level for the subject matter that the firm is being expressed on.

For example, an audit on financial statements is an example of a reasonable assurance engagement. Auditors will express their opinion based on the result of their examinations. Those opinions will be based on a positive form.

Limited assurance engagement is normally expressed in the negative form and the best example of these types of assurance would be the review of financial statements engagements.

To explain this, for example, the entity borrows a certain amount of loan from the bank.

The bank approves the loan and as part of its requirement, the entity needs to submit its quarterly financial statements to the bank. Those financial statements need to be reviewed by a qualified auditor.

In this case, the entity needs to engage with qualified auditors to review its financial statements.

And this kind of engagement is called limited engagement. The opinion that the audit would express for this kind of engagement is in a negative form.

What is the main purpose of assurance services?

Assurance services are aimed at improving the quality of information for the individuals making decisions. Providing independent assurance is a way to bring comfort that the information on which one makes decisions is reliable, and therefore reduces risks, in this case, information risk.

What are the four assurance services?

Assurance Services (Audit) Examples may include financial, performance, compliance, system security, and due diligence engagements.

What is the objective of a reasonable assurance engagement?

The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement6 as the basis for a positive form of expression of the practitioner's conclusion.

Why an audit is an assurance service?

An audit is one type of assurance that an organization receives when the audit confirms the data and processes' quality. The audit is the review of the accounts or documents, while the assurance is the process analysis of those accounts or records.