Topic 6: Identify or Develop Criteria for Assurance Engagements

Criteria should be consistent with audit engagement objectives and ultimately yield useful information to the client. The lack of suitable criteria may result in the internal auditor drawing inappropriate conclusions. 

Examples of generally accepted suitable criteria for assurance engagements includes:

• Acts and regulations
• Policies and procedures
• Standards or guidelines
• Risk management
• Control frameworks
• Performance information
• Client management roles and responsibilities
• Industry best practices
• Guidance provided by recognized bodies of experts
• Benchmark evidence

When there are no generally accepted criteria consistent with the audit engagement objectives, the lead internal auditor will need to discuss with client management and identify the criteria suitable for the engagement.