Internal Vs. External Auditing: What’s the Difference?

Both internal and external audits are completed with a high degree of independence, diligence and ethics. However the difference between an internal audit vs external audit is not always clearly understood. Both internal and external audits seek to provide an independent opinion about a company’s finances or practices. However, they differ significantly when it comes to who performs the audit, its overall purpose, and its scope.

Comparing Internal Audit vs External Audit

Here is a brief snapshot of these differences:

Scope

Internal audits usually focus on a specific area of a company, while external audits look at all relevant financial information and any other practices that could confirm the veracity of financial statements and disclosures. In some circumstances, an external audit might be scoped to provide an opinion on a specific line item or financial schedule.

Purpose

Internal audits focus on measuring current performance or compliance with particular policies or procedures and finding areas for improvement. An internal audit is primarily focused on helping an organisation improve and helping to achieve your business objectives while managing risk. An internal business audit is beneficial to evaluate and improve the effectiveness of risk management, control and governance processes. You can read more about the “flavours” of internal audit here.

External audits, on the other hand, focus on verifying the accuracy and veracity of financial statements, thus providing reliable information about the results of a company’s operations, its financial position, and its cash flows. You can read more about external audits here.

Auditor

External auditors are from a third party (i.e. independent firm) while internal auditors can either be internally appointed and work on behalf of a company, or an external firm, and report independently to the audit committee or Board.

Key Differences Between Internal Audit and External Audit

Let’s take a look at some of the key differences between an internal audit and an external audit in a bit more detail.

1. Appointment

Generally, external auditors are appointed by the shareholders of a company, while internal auditors are often employees of a company, although in some cases, they can be appointed externally. In either case, the internal auditor reports independently to the audit committee or board of directors. Bishop Collins Audit provides both internal audits and external audits, along with IT, fraud prevention and risk management expertise.

2. Area of Focus

Internal auditors generally focus on an organisation’s processes and control systems, providing evaluations on financial and operational business activities. They analyse and bolster the risk management, internal control and governance processes of the company. Internal audits are aimed at identifying how well risks are managed including whether the right processes are in place, and whether agreed procedures are being adhered to. Internal audits also identify areas where improvements and efficiencies might be achieved.

External auditors mostly focus on ensuring that the policies and procedures of the organisation are adequate and meet regulatory requirements and standard practices. The focus is primarily on financial compliance and accuracy. In Australia, external auditors are registered with the Australian Securities and Investments Commission (ASIC). Importantly, there are a variety of benefits in undertaking an external audit (whether legislatively imposed or voluntarily), including:

• Fraud deterrence and prevention;
• Confirm compliance or departures from relevant legislation (e.g. the Corporations Act 2001 or Australian Charities and Not-for-profits Commission Act 2012);
• Provide confidence to stakeholders (e.g. customers, shareholders, creditors and the general public) that the company is financially sound;
• Identify ineffective or inefficient business or operational practices.

3. Engagement Period

Internal auditors generally provide auditing and control services related to the company’s finances, business practices and risks over an extended period of time. This might be on an annual basis, or over several years, depending on the internal audit plan and broader assessment of risks. External auditors are appointed, and generally hold office, until either their resignation, removal or death (hopefully not the latter!). Each annual audit engagement runs for a certain period and once the audit is completed, this engagement is finalised until the next year.

Is It a Requirement to Have an Audit?

Well, that depends on your specific requirements, risk appetite and perspective. Internal audits are a fundamental way of improving your company’s systems and developing sound risk management practices. However, internal audits are discretionary.

Many large organisations, including publicly listed companies, have established internal audit functions to satisfy and boost shareholder and market confidence as well as mitigate broader risks. Progressive private companies also voluntarily undergo internal audits to access the benefits internal audit can provide to their organisation. This includes:

• Ensuring accounting processes are efficient and effective,
• Identifying, understanding and managing high risk areas,
• Ensuring compliance with policies, procedures, laws and regulations,
• Streamlining operations,
• Safeguarding assets and ensuring efficient use of resources,
• Ensuring governance and risk assessment processes are in line with best practice,
• Preventing and detecting fraud.

We often get asked how often do businesses get audited? Well, external audits must be assessed on a case-by-case basis, however for the most part, public companies, large private companies and many not-for-profit organisations are required by law to have an audit at various times. For example:

• The Australian Charities and Not-for-profits Commission (ACNC) and State Departments of Fair Trading (e.g., NSW Fair Trading in New South Wales), which are the regulators of charities, not-for-profits, and associations, also have audit requirements. For example, medium-sized charities with annual revenue of more than $1,000,000 must have their financial statements reviewed or audited, while large charities with annual revenue of more than $3 million must have their financial reports audited.
• Large Companies: When a company becomes a large proprietorship, it must be audited, under the Corporations Act. From 1 July 2019, the Australian Securities, and Investments Commission (ASIC) defines a proprietary company as being “large” if, at the end of the financial year, the company and any entities it controls meets two of the below three criteria:
  • A consolidated revenue of $50 million or more;
  • Consolidated gross assets of $25 million or more; and
  • 100 or more employees.

Small private companies may also be required to undergo an audit, including those which are foreign-owned or those companies subject to a shareholder direction under s293 of the Corporations Act 2001. In certain circumstances, ASIC might direct a company to undergo an audit. Take a peek at our article on whether you need to have an audit completed on your financial statements here.

The Experts Are Here to Help!

If you would like to discuss your organisation’s external and internal audit requirements the accounting experts at Bishop Collins would be delighted to have an obligation-free and confidential discussion with you. Please reach out to us if you would like to seek professional help with internal and external audits. Get in touch with us today to see how we can help!