Internal auditing is an
independent, objective assurance and consulting activity designed
to add value and improve an organization's operations. It helps an
organisation accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of
risk management, control, and governance processes.
Internal auditing is a
catalyst for improving an organisation's governance, risk management
and management controls by providing insight and recommendations
based on analyses and assessments of data and business processes.
With commitment to integrity and accountability, internal auditing
provides value to governing bodies and senior management as an
objective source of independent advice. Professionals called internal
auditors are employed by organisations to perform the internal
auditing activity.
The scope of internal auditing within an organisation is broad and may involve topics such as an organisation's governance, risk management and management controls over: efficiency/effectiveness of operations (including safeguarding of assets), the reliability of financial and management reporting, and compliance with laws and regulations. Internal auditing may also involve conducting proactive fraud audits to identify potentially fraudulent acts; participating in fraud investigations under the direction of fraud investigation professionals, and conducting post investigation fraud audits to identify control breakdowns and establish financial loss.
Internal auditors are not responsible for the execution of company activities; they advise management and the Board of Directors (or similar oversight body) regarding how to better execute their responsibilities. As a result of their broad scope of involvement, internal auditors may have a variety of higher educational and professional backgrounds.
Internal Auditor vs. External Auditor
Internal auditors work within an organisation and report to its audit committee and/or directors. They help to design the company’s organising systems and help develop specific risk management policies. They also ensure that all policies implemented for risk management are operating effectively. The work of the internal auditor tends to be continuous and based on the internal control systems of a business of any size.
External auditors are independent of the organisation they are auditing. They report to the company’s shareholders. They provide their experienced opinion on the truthfulness of the company’s financial statements and perform work on a test basis to monitor systems in place.
The Differences
There are three key differences in the activities of internal and external auditors. Each is discussed in depth below:
Appointment
External auditors are appointed by the shareholders of a company, although this usually comes through discussion with directors. External auditors must be appointed from a different company independent of their own whilst internal auditors are usually employees of the organisation.Keeping clients happy as an external auditors often more difficult than internally as you already know those around you in the second instance.
Objectives
The objectives for an external auditor are usually defined by statute whilst management will set the objectives for internal audits. External auditors generally have free reign to examine and assess every aspect of the system whilst management can pinpoint and highlight certain areas they want internal auditors to focus on. There are various types of internal audit.
Responsibility
External auditors are responsible to the owners of the company which could be anybody from its owners to the shareholders to the government or general public. Internal auditors are responsible solely to the company’s senior management.
