The Internal Audit Assurance Lead provides independent verification that the certification process was followed correctly, evidence is complete and authentic, and no material deficiencies were overlooked. The role conducts the annual oversight audit (testing monitoring infrastructure, escalation pathways, break-glass procedures, training currency, and non-retaliation commitments) and reports findings to the audit committee.

The Assurance Lead is informed (I) during the certification process and provides an independent assurance layer after the assessment is complete. The role tests whether the assessment was conducted with adequate rigour and whether the evidence supports the Declaration of Conformity.

For organisations with a dedicated internal audit function, this role integrates naturally. For smaller organisations, external consultants or peer review arrangements provide the independent assurance function.

Key outputs

• Independent verification of certification process integrity
• Annual oversight audit with board/audit committee reporting
• Post-assessment assurance layer
• RACI “I” during assessment, independent review after