Difference Between Internal and External Audit: Key Contrasts

The primary difference between internal and external audit lies in their purpose and audience. An internal audit is a function within an organisation, designed to evaluate and improve the effectiveness of risk management, control, and governance processes. An external audit is an independent examination of financial statements by a statutory auditor, appointed under the Companies Act, 2013, to provide an opinion on whether the financial statements present a true and fair view.

Internal auditors are employees of the company or outsourced professionals reporting to the audit committee and management. External auditors are independent chartered accountants registered with the Institute of Chartered Accountants of India (ICAI) and appointed by the shareholders. The scope of an internal audit is broad and can cover operational, compliance, and financial areas, while an external audit is primarily focused on financial reporting and compliance with accounting standards and legal requirements.

The Companies Act, 2013 mandates an internal audit for certain classes of companies (Section 138), while all companies must have their financial statements audited by a statutory auditor (Section 139). The internal audit report is submitted to the board and audit committee, whereas the external audit report is addressed to the shareholders and filed with the Registrar of Companies.

The internal auditor is appointed by the board of directors, often on the recommendation of the audit committee. For companies required to have an internal audit under Section 138 of the Companies Act, 2013, the board must appoint an internal auditor, who may be a chartered accountant, cost accountant, or other qualified professional. The internal auditor can be an employee of the company or an external firm engaged for this purpose.

The external auditor is appointed by the shareholders at the annual general meeting, based on the recommendation of the audit committee and the board. Under Section 139 of the Companies Act, 2013, the first auditor of a company is appointed by the board within 30 days of incorporation, and subsequent auditors are appointed by the shareholders. The external auditor must be a chartered accountant firm registered with ICAI and must be independent of the company.

The appointment process ensures that the external auditor remains independent from management, while the internal auditor works within the organisation's structure. The audit committee plays a crucial role in both appointments, but the final authority for external audit rests with the shareholders.

The scope of an internal audit is determined by the management and audit committee based on the company's risk assessment. It can cover financial controls, operational efficiency, compliance with policies and laws, fraud detection, and IT systems. Internal auditors use a risk-based approach and can examine any area they deem necessary to improve governance and control.

The scope of an external audit is defined by the Standards on Auditing (SAs) issued by ICAI and the requirements of the Companies Act, 2013. The external auditor must obtain reasonable assurance that the financial statements are free from material misstatement, whether due to fraud or error. The focus is on financial reporting, compliance with accounting standards (Ind AS or AS), and adherence to legal requirements.

External auditors do not examine every transaction but use sampling and analytical procedures. They rely on internal controls to determine the nature and extent of audit procedures. Internal auditors, on the other hand, may conduct detailed testing of transactions and processes throughout the year.

Internal auditors report to the audit committee and senior management. Their reports are confidential and intended for internal use by the board, audit committee, and management. The internal audit report includes findings, recommendations for improvement, and management's responses. These reports help the board assess the effectiveness of internal controls and risk management.

External auditors report to the shareholders of the company. Their report is a public document filed with the Registrar of Companies and available for inspection by stakeholders. The external audit report contains the auditor's opinion on the financial statements, and if there are any qualifications, emphasis of matter, or other issues, these are clearly stated.

Under Section 143 of the Companies Act, 2013, the external auditor must also report on matters such as internal financial controls, fraud reporting, and compliance with laws. The external audit report is addressed to the members of the company, while the internal audit report is addressed to the board.

The objective of an internal audit is to add value and improve an organisation's operations. It helps the organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The outcome is improved internal controls, reduced risks, and operational efficiencies.

The objective of an external audit is to provide an independent opinion on whether the financial statements are prepared in accordance with the applicable financial reporting framework and present a true and fair view. The outcome is an audit report that enhances the credibility of financial statements for investors, lenders, regulators, and other stakeholders.

Internal audits are ongoing and can be conducted throughout the year, while external audits are typically annual. Internal auditors can make recommendations for improvement, whereas external auditors only report on whether the financial statements are accurate. Internal audit findings may lead to immediate corrective actions, while external audit findings may result in qualifications or modifications to the audit report.

If you are setting up an internal audit function or need to comply with statutory audit requirements, consult a qualified chartered accountant or audit professional. They can help you determine the specific requirements under the Companies Act, 2013 and ICAI standards applicable to your organisation.

---

This page provides preliminary information. It is not legal advice. For your matter, consult a qualified professional.