Simply put, audit is a form of assurance exclusive to the audit function. Assurance activities can be performed by different compliance functions, for example, risk management, quality, fraud investigation or security assessment. However, audit activities should be performed by audit professionals only. The difference between audit and assurance is that audit is independent from operational functions, which allows audit to provide objective and unbiased opinions about the effectiveness of the internal control environment