- Roles and responsibilities
Internal assurance may be performed by members of the management team provided they are not assuring their own work. External assurance must be carried out by a person or team who are not connected with the day to day management of the project, programme or portfolio.
This section must clearly identify roles and responsibilities taking into account the importance of effective and ethical assurance to the sponsorship and delivery of a project, programme or portfolio.
- Information management
The composition and format of assurance reports will be described here together with the principles of how these should be communicated to the management team and other stakeholders.
This section will explain the operational relationship between internal and external assurance.
Internal assurance is usually performed by people who have other roles and responsibilities on the management team and separate identification of the cost of assurance activity will only be necessary in complex, rigorously assured contexts.
External assurance is usually covered by an external budget. However, this means that a programme would have a budget for assurance of its component projects and a portfolio would have a budget for assurance of its component programmes etc.
There is not a standard procedure for assurance since the specific steps are entirely dependent upon the context of the work. In principle the procedure must include steps that fulfil the goals of the assurance function.