For many people “audit” is about the end of year accounts, which is very often the case. However internal audit has a different focus it is worth having a look at the differences – especially if you are a company director or a charity trustee. I’ve spent a significant part of my career as an external auditor and these days internal audit is one of the services I provide – so here are my thoughts (in the context of the UK commercial & charity sectors):
1 What is the purpose of the audit?
- Internal audit considers whether business practices are helping the business manage its risks and meet its strategic objectives – it can cover operational as well as financial matters.
- External audit considers whether the annual accounts give a ‘true and fair view’ and are prepared in accordance with legal requirements.
2 Who are the auditors?
- Internal auditors can be employed by the business or outsourced. While an accounting background is common, they can also come from other backgrounds.
- External auditors are an outside firm of accountants who are ‘Registered Auditors’ (not all accountancy firms are).
3 How is the audit agenda set?
- The internal audit agenda is set internally in the light of the business’s risks and objectives.
- The external audit firm will set its own programme of work based on its assessment of the risks of the accounts being materially misstated.
4 Who does the auditor report to?
- Internal auditors report internally. Relevant managers will usually receive copies of reports as there will be recommendations that would have been discussed that they will need to act on. Ultimately internal auditors report to the audit committee (if there is one) or the Board so there is high level oversight.
- External auditors report primarily to the shareholders or the trustees for an unincorporated charity (but also see 5 re management letters).
5 What sort of report will they receive?
- Internal auditors provide a tailored report about how the risks and objectives (of the business area being audited) are being managed. There is a focus on helping the business move forward – so expect there to be recommendations for improvement.
- External auditors’ main report is in a format required by Auditing Standards and focuses on whether the accounts give a true and fair view and comply with legal requirements. If other things come to light which the auditors think should be brought to the client’s attention they will be reported separately to the directors in a ‘management letter’.
6 What happens after the audit?
- The internal audit follow up will be agreed on a case by case basis. It can include looking to see whether recommendations have been implemented and/or consultative help to guide the implementation of recommendations.
- There is no external audit follow up, until the planning stage of the next year’s audit; when past issues should be considered.
7 Are the auditor’s reports publicly available?
- In the UK private or charity sectors internal auditors’ reports are not published publicly.
- The main external auditors’ report will be publicly available. ‘Management letters’ are not publicly available.
8 Do we have to have an audit?
- Internal audit is discretionary.
- In the case of external audit legal requirements vary; although the trend has been towards more organisations being exempted from audit. However stakeholders such as the bank or investors may require you to have your accounts audited.
Small and medium sized organisations usually can’t justify having an independent in-house internal audit function and outsourcing provides a flexible cost effective solution. If you’d like to find out how I can assist and about my approach, please feel free to contact me, David Lewis, on 07836 331677 or firstname.lastname@example.org