What’s the difference between an internal and external audit?

Although appearing seemingly similar as the two functions share a common word, they are in reality quite different. Larger organisations tend to implement both to ensure that their records, effectiveness of the company’s internal controls, regulatory compliance and financial reporting are closely examined on a perpetual basis.

Smaller entities may decide not to use an internal audit function given that it might not be cost effective for them to do so, however in order to understand the difference between the two functions we need to ask ourselves a few fundamental questions:

Q. What is the purpose of the and internal and external audit?

Internal Audits

An internal audit is designed to assess the key risks facing the
business, the effectiveness of the   business in managing those risks along with
the control processes that management have implemented. Internal auditors often
perform a more advisory role by issuing recommendations aimed to support
management in improving their systems and controls for the instances where they
identify deficiencies in certain business areas.

Their scope of work includes but are not limited to financial and
non-financial elements and can even consider the company’s reputation. The
scope of their work is defined by management who will pinpoint certain areas
for attention in light of the business’s objectives and risks.

External Audits

The objectives of the external auditors are defined by statute.

The purpose of an external audit is to provide an objective independent
examination and to verify that the financial statements provide a true and fair
reflection of where the company financially and have been appropriately
prepared in accordance with accounting standards.  This not only increases the value and
credibility of the financials produced by management which in turns increases
user confidence and reduces investor risk, but an independent review also
provides greater transparency to the shareholders, highlighting areas of

Q. Who are the auditors?

Internal Auditors

Internal auditors may be employees of the firm, or alternatively the
firm may wish to outsource its internal audit services.

External Auditors

External auditors are appointed by the shareholders of the company and
unlike internal auditors they must be able to act independently to ensure an
objective approach to the audit process.

Q. Is it a requirement to have an audit?

Internal Audits

Although larger organisations see an internal audit as a fundamental way
of improving the company’s systems and developing specific risk management
policies, internal audits are discretionary.

External Audits

In the case of external audits and whether or not these are required,
this must be assessed on a case by case basis.

Q. Who are the end-users of the audit report?

Internal Audits

Internal auditors will report internally to the audit committee or the
Board once they have documented their findings and will review the

They will provide a tailored report about how the risks and objectives
are being managed and focus on any strengths and weaknesses identified.
Internal audit reports are not available to the public.

External Audits

External auditors report primarily to the shareholders of the company
which could range from its owners to the general public.

The main report is in a format required by the Auditing Standards and
focuses on whether the financials give a true and fair view and comply with
legal requirements. External auditors’ reports are placed in the public domain
via the annual financial statements required to be filed in the UK with the
registrar of Companies.

More Audit FAQs

How our audit and compliance team will help you to:

Add value to your business by using the audit as a basis to identify and resolve commercial issues and to improve your business processes.

Use the understanding and insight gained from the audit as a basis for helping you develop strategies to drive your business forward.

Reduce risk and improve your organisational performance by challenging existing assumptions and practices.

Secure peace of mind from knowing your statutory obligations are met, accounts are true and potential problems have been identified early on.