You are here: Home > News > Internal vs. External Audit

Internal vs. External Audit

I have been working in internal audit for the past couple of years, and often, when I mention to my friends and family that I work as an Internal Auditor, I get asked how is my role different to the role of external auditors. I believe that this is partly related to a higher awareness of the ‘Big Four’ international accounting firms and failures of the audit firms to spot key problems in financial reporting, with many popular companies, such as Carillion, BHS or Rolls Royce, either collapsing or facing high penalties as a result of the shortcomings in their financial controls.

Whilst external audit is seen mainly as a review of the year-end financial statements, the focus of internal audit might be wider and quite different to the one of external audit. This article therefore aims to summarise some of the main differences between internal and external audit.

Differences between external audit and internal audit


Internal Audit

External Audit

Purpose of the audit

Considers whether business practices are helping the company manage its risks and meet its strategic objectives - it can cover operational as well as financial matters.

Considers whether the annual accounts give a 'true and fair view' and are prepared in accordance with legal requirements.


Internal auditors often look to the future in their work, such as:

·      How does the organisation identify, measure and manages risks to the achievement of their strategy and objectives?

·      Does the organisation have adequate systems and controls in place to address change in their business environment?

External auditors traditionally report on historical information - the annual financial statements of the organisation. However, as part of their work in forming an opinion upon these financial statements, they will also examine information relating to the entity’s ability to continue as a going concern such as cash flow forecasts and budgets.

Appointment of the auditors

Internal auditors can be employed by the company or outsourced. While an accounting background had traditionally been more common, increasingly internal auditors can come from other backgrounds or have specialisms in other areas, such as IT or risk management, etc.

External auditors are an outside firm of accountants who are 'Registered Auditors’ and are normally appointed by an ordinary resolution of the members at its Annual General Meeting.

Requirement of having an audit function

There is no stated legal requirement under the UK Companies Acts for an organisation to have an internal audit function. However, many organisations in the public sector are required by statute to have an internal audit function.

In the case of external audit legal requirements vary; some companies, such as small companies, may be exempt from having their annual accounts audited. The requirement to undertake external audit may be requested by third parties, such as banks or shareholders. Memorandum and Articles of Association agreed when an organisation was formed may also include the requirement of having an external audit function.

Frequency of audits

Internal audits are conducted at the direction of company managers as needed throughout the year and might be periodic or ad-hoc.

External audits are generally done annually.

Reporting responsibilities

Internal auditors report internally. Management will receive copies of reports and ultimately, internal auditors report to the Board, normally through an audit committee.

External auditors are responsible to the shareholders or, in the public sector, to a legislative body such as Parliament. They are not responsible to the management of the audited company, and management do not direct the extent and scope of their audit work.

Reporting format

Internal auditors provide a tailored report about how the risks and objectives of the audited area are being managed. There is a focus on helping the company move forward - the reports often include recommendations for improvement.

External auditors' main report is in a format required by Auditing Standards and focuses on whether the accounts give a true and fair view and comply with legal requirements. If other things come to light which should be brought to the client's attention, this will be reported to the directors in a 'management letter'.

Availability of audit reports

The results of internal audit activities are not usually published externally. Reports are kept in house to aid continuous improvement efforts.

External audit reports are published and made available to the public. 'Management letters' are not publicly available.

What happens after the audit?

Internal audit will follow up to see whether recommendations have been implemented and/or provide consultative help to guide the implementation of recommendations.

There is no external audit follow up, until the planning stage of the next year's audit, when past issues should be considered.


As can be seen from the above, the purpose of external and internal audits may differ greatly although there may be some cross over. Internal auditors may look at areas which would normally form part of an external audit and external audit companies may also provide an internal audit service; however, they must ensure that objectivity is maintained at all times if providing both internal and external audit services to the same client.

Overall, it is recommended that larger organisations have both functions to ensure that their internal controls are adequate and working as designed, and that financial statements are prepared in line with legal requirements.

I hope that this summary helped to clarify some of the questions you may have had relating the differences in internal and external audit.