By John Seeram
I am motivated to write this article since, over my years of practice, the view has been expressed that there is no need for internal auditors since the external auditors are more recognised and qualified, and will perform an audit in accordance with the existing International Standards on Auditors (ISA). Also, from a financial view, there will be cost savings by not hiring internal auditors.
However, global best practices on the current auditing process see the need for their existence since their work complement each other. That being said, the internal auditor is guided by the International Standards for the Professional Practices of Internal Auditing and the external auditor by the ISA.
Internal auditors and external auditors each have an important role in the governance of an organisation. They both have mutual interests with regard to the effectiveness of internal controls, and both adhere to ethical codes and professional standards which are set by their respective professional bodies. Further, they both operate independently of the activities they audit, and they are expected to possess extensive knowledge about the organisation/business, the industry and the strategic risks faced by the organisation which they serve.
However, with all their similarities, internal auditing and external auditing are indeed two distinct functions that have major differences that make them valuable to the auditing profession.
Diverging approaches to auditing
The Institute of Internal Auditors – Global (IIAG) defines internal auditing as “an independent, objective assurance and consulting activity, designed to add value and to improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes”. In effect, internal auditors are concerned with the entire operations of the organisation, both financial and non financial, and are expected to do continuous reviews and evaluations of risk management, control and governance processes. The end result as per definition is to add value and improve the operations of the organisation. Internal auditors in public sector organisations are required to place an added emphasis on providing assurance on performance and on compliance with their policies and procedures framework.
In contrast, external auditing provides an independent opinion of an organisation’s financial statements and its fair presentation. This type of auditing encompasses whether the statements comply with the International Financial Reporting Standards, and whether they fairly present the financial position of the organisation, whether the results of its operations for a given period of time are reported accurately, and whether they include a misstatement(s) that is/are likely to influence the economic decisions of the financial statement users. In effect, external auditing approach is mainly historical in nature. Internal auditing is much broader and more encompassing than external auditing. Its value resides in the function’s ability to look at the underlying operations that drive the financial numbers before those numbers actually ‘hit the books/accounts’.
As an example, when considering ‘sales’ as a line item in a set of financial statements, the external auditor will focus primarily on the existence, completeness, accuracy, classification, timing, recording, and summarisation of the sales numbers. The internal audit will go beyond those assertions and look at sales operations in a much broader context by asking questions regarding the target market, the sales plan, the organisation structure of the sales department, qualifications of the sales personnel, effectiveness of the sales personnel, effectiveness of the sales operations, measurement of sales performance, and compliance with sales performance, policies. These questions should probe the very core of the sales operations and can greatly impact the sales numbers recorded in the financial statements. For example, assume a sale of $3 million, the external auditor has merely to render an opinion regarding the validity of the number. The internal auditor, however, is in a position to ask whether, this number really should have been $5 million, if the right market had been targeted, and if operations had been effective in the first place.
Organisational structure
Internal auditors represent an integral part of the organisation of which the Chief Audit Executive (CAE) reports administratively to the Chief Executive Officer and technically to the Audit Sub-Committee of the Board. This reporting function helps strength the CAE’s independence and objectivity. The relationship is consistent with IIAG’s International Standards. Conversely, external auditors are not part of the organisation, but are engaged by it. They are appointed by the shareholders of a company, and appointment usually comes through discussion with the directors.
Evolution of auditing
Business growth, globalisation and corporate scandals, among others have changed the thrust of the internal audit profession in recent years. In yesteryears internal auditing had focused on compliance with accounting and operational procedures, verification of calculation accuracy, fraud detection, and safeguarding of assets. Gradually, new dimensions are being added that ranged from an evaluation of financial management and compliance risks, to an assessment of controls and governance.
Yet, despite the differences in activities, internal and external auditors are benefiting from their complementary skills and areas of expertise. They should meet periodically to discuss common interests, strive to understand each other’s scope of work and methods, discuss audit coverage and scheduling in order to minimise duplication and redundancies, jointly assess areas of risk management, controls and governance, and to provide access to each other’s reports, programs and working papers. In coordinating their audit work, the goal is to increase the economy, efficiency and effectiveness of the overall audit process.
Closing Remarks
Despite the key similarities and differences that exist between internal auditing and external auditing, nonetheless, both audit types, and the respective services they provide, are indeed essential to maintaining and efficient and effective governance structure. That being said, with a greater understanding of each other’s unique perspective, both audit groups can maximise their aggregate contributions and help ensure organisational success in adding value and improving its operations.
John Seeram is a member of the IIA-Guyana Chapter
