There are two main services that internal auditor could offer to the organization. Once is the assurance services, and second is the consultant service.
In assurance service, internal auditor review over the number of areas including an entity, operation, function, process, system, or other subject matters.
The opinion or conclusion will be provided once auditors completed their review and assessment.
Before performing their works, the auditor should agree on the nature and scope of engagement with relevance parties such as process owners, users of assessment reports or result, and auditors themselves.
The nature and scope of an assurance engagement are determined by the internal auditor before performing their job.
This could help both auditor and process owner minimize the conflict and understand the auditing purpose.
It could also assist the auditor to prepare the right audit report and identify who are the users of the report.
Generally, three parties are participants in assurance services:
(1) The person or group directly involved with the entity, operation, function, process, system, or another subject-matter — the process owner,
(2) The person or group making the assessment — the internal auditor, and
(3) The person or group using the assessment — the user.
Assurance engagement is different from the consulting service (engagement) since assurance services provide an independent assessment and then make the conclusion or opinion based on the objective evidence that examines by the internal auditor.
For example, if the auditor is engaged to review the effectiveness and efficiency of the purchasing process, then the auditor should prepare the engagement letter.
The letter should clearly state the scope, nature, process owner, as well as users of auditor (audit committee or board of director).
As a result of their objective examination, the auditor will conclude in their report about the effectiveness and efficiency of the purchasing process.