Internal audits and external audits are both the watchdog of entities and shareholders; however, there are some key differences between internal and external audits from some perspectives.
For example, purpose, employment, legal requirement, reporting, and so on. The following are the key differences and similarities between internal audit and external audit:
The Different between External and Internal Audit
1) Purpose of Audit
The purpose of an external audit is to let auditors examine the entity’s financial statements and express their opinion on them.
The external auditor examines the reports and expresses the opinion of the entity’s financial statements are free from any kind of material (error or fraud).
The purpose of an external audit is sometimes required by law, regulation, shareholders, or sometimes required by the bank.
External audit reports provide assurance on the financial statements and help users of financial statements feel comfortable with the reports they are using.
However, the internal auditor is not express their opinion on the financial statements. Instead, they are reviewing the internal control over financial reporting to ensure that good internal controls are in place to ensure that the financial reports are prepared in all material respect. This is the internal audit from the financial report perspective.
In general, the purpose of an internal audit is to review and assess the major internal control of the entity, not only internal control over financial reporting.
Internal audit also reviews the effectiveness, efficiency, and economy of an entity’s use of its resources.
Check out the Purpose of Audit on Financial Statements:
External auditors are the employee of audit firms like KPMG, PWC, and EY. They are not the employee of the entity they are auditing. So basically, the employment contracts, training, compensation, and performance review are all with the firms.
Internal audit is the employee of the entity and normally they are working in the internal audit department or internal audit division.
However, sometimes internal audit activities are outsourced from external auditors or consulting firms who have professional skills and resources. So, the employment contracts, training, compensation, and performance review are all with the entity.
Check out what does audit plan mean,
External audit reports are reported to those charged with governance (TCWG). ISA 260 is the standard that we should refer to and actually, the standard does not say specifically about the exact person that the external auditor reports, but it uses the word “governance”.
Be careful, when you do the research about who the hell external auditor reporting to on the internet and you found many different results.
Well, Those Charged With Governance include someone or a group of people at the highest level of management of an entity. Those people include executive, non-executive, committee, or board of directors.
Internal audit work in the entity has some different reporting lines from the external auditor. For administrative purposes, the internal auditor might report to the CEO or other executives in the entity.
For example, administrative expenses, staff turnover, recruitment plan, or similar. Reporting results of internal audits and other relevant matters are directly reporting to the audit committee, owner, or board of directors.
In other words, reporting to people or ground of people who manage the executive management in the entity.
Check out what do Audit Strategy Means?
In the external audit report, there is an opinion of external auditors expressed on the financial statement as the result of their audit. These opinions include unqualified, qualified, disclaimer, and adverse opinions. For limited assurance, the external auditor also issued their opinion, but not like positive assurance.
Internal audit, by the way, does not express an opinion on the truth and fairness of an entity’s financial statements even those they tested.
But, they online issued finding along with the rating of those finding based on the impact and likelihood of findings found.
5) Legal perspective
If the external audit issued their opinion negligently, and the negligent cost the entity, then the external auditor face legal action with the entity at both company levels.
The entity could not sue the employee in the external auditor, but the audit partner, maybe depending on the law in that jurisdiction.
However, if the internal auditor does something against the entity policies and regulations, then the employee might face some action based on entity policies.
6) Standard use
The internal auditor normally uses the audit standard issued by the local regulator or body and adoption of the International Standard on Auditing (ISA) which is issued by IFAC.
Sometimes, it also follows the requirement of other related bodies like security exchanges to be able to audit the entity’s financial statements listed in the stock exchange.
Internal audit is followed the internal manual which adopts best practices and IIA Standard. In general, an internal audit is adopted and uses the standard which is issued by IIA (International Professional Practices Framework (IPPF))
Work in an external audit firm as normal staff are not required to hold ACCA, CPA, or CA, but if you hold one of them, your credit is better than others.
However, the audit firm required its partner to hold the CPA at least one. Sometimes, it depends on local regulation, one or two people handheld CPA and also registers in the local authority that controls CPA firms.
Internal auditor; however, is not required CPA. But most of the people who manage the internal audit department required good experience in internal audit or sometimes, require someone who has experience from the external audit firm preferable big four.
CIA is also one of the most popular professional internal audit qualifications. Having the CIA could help you gain more credit and get a better opportunity in internal audit.
8) Scope of works
The scope of the external audit depends on the services requested by the entity and the availability of services in the firm.
In general, if we talk about the scope of external audit on auditing financial statements, the scopes include the period of engaged financial statements, the standard use to prepare financial statements
The scope of the internal audit is a bit different from an external audit. The internal audit might cover the areas and be determined by the audit committee.
However, it generally covers internal control both operation and internal control over financial reporting, investigation of fraud, compliant review again company policies or local regulation, examination of the management report, and 3Es audit (economy, efficiency, and effectiveness)
External audit responsibilities are defined in ISA 200, and their main responsibilities are:
- Audit entity’s financial statements based on required standards
- Maintain ethical requirements related to the audit of financial statements; for example, keep professional judgment, professional skepticism,
- Make sure audit risks are properly assessed and audit strategy is applicable to those.
- Report to audit committee if there is any problem related to independence and conflict of interest.
Internal audit responsibilities are defined in the audit charter and might be a bit different from one company to another. In general, an internal audit is responsible only for auditing only one company or under the group. They are responsible for reviewing and assessing the internal control of the entity, compliant review, and fraud investigation.
They are also responsible for reporting any significant errors, fraud, or problems found to the audit committee and board of directors.
10) Code of Ethics
IFAC defines an external audit code of ethics and they are tailored by the firm for internal use. However, those internal codes of ethics also need to follow IFAC.
The internal audit code of ethics is generally set in the internal audit charter or policies. However, IIA also issued an internal audit code of ethics that should follow by the internal auditor.
The Similarity of External and Internal Audit
Both internal audit and external audit are working independence from the operation. Independence here means both Independence in mind and physical.
Both internal audit and external audit issues their report after they complete their tasks. Yet, their reports have different formats and objectives.
Both audits cost the entity. This is a big challenge for some small entities to engage audit firms to audit their financial statements.
Standard of works
Internal audit and external audit requirements to maintain a high quality of work to ensure that the result of their audit is trust-able and reliable by related parties.