There are two main services that an internal auditor could offer to the organization. Once is the assurance services, and the second is the consultant service.
In assurance service, an internal auditor reviews a number of areas including an entity, operation, function, process, system, or other subject matters.
The opinion or conclusion will be provided once auditors completed their review and assessment.
Before performing their work, the auditor should agree on the nature and scope of engagement with relevant parties such as process owners, users of assessment reports or results, and auditors themselves.
The nature and scope of an assurance engagement are determined by the internal auditor before performing their job.
This could help both the auditor and process owner minimize the conflict and understand the auditing purpose.
It could also assist the auditor to prepare the right audit report and identify who are the users of the report.
Generally, three parties are participants in assurance services:
(1) The person or group directly involved with the entity, operation, function, process, system, or another subject matter — the process owner,
(2) The person or group making the assessment — the internal auditor, and
(3) The person or group using the assessment — the user.
Assurance engagement is different from consulting service (engagement) since assurance services provide an independent assessment and then make the conclusion or opinion based on the objective evidence that examines by the internal auditor.
For example, if the auditor is engaged to review the effectiveness and efficiency of the purchasing process, then the auditor should prepare the engagement letter.
The letter should clearly state the scope, nature, process owner, as well as users of the auditor (audit committee or board of directors).
As a result of their objective examination, the auditor will conclude in their report about the effectiveness and efficiency of the purchasing process.