Director of The Security Institute and a senior manager at Transport for London Richard Bell has been talking about the importance of having a means of testing the effectiveness of security systems.
He told IFSEC that there are eight steps to security assurance.
These include setting up an annual security assurance plan, arranging a scoping meeting and writing an engagement letter even before a firm sets up its audit programme.
It can then conduct fieldwork and draft a report before appropriate people hold a closing meeting and look to draw conclusions.
Mr Bell said when looking to assess how well a security system is being managed a company should look to provide a simple answer that means something to everyone in that specific business.
"The report should then have an appropriate level of circulation to enable the business area, its managers, and those who want and need assurance to understand the risks and offer some visibility," he added.