In this article, we'll discuss what is meant by the term audit, and how an internal audit differs from an external audit.
Auditing means "checking" or "evaluating". An audit is simply the name of the process by which the work, or statements of a person or group are verified by an independent third party. The term "audit" is most commonly associated with accounting, although any process can be "audited", and in the corporate scene, other activities such as project management, systems and procedures and supplier activity are audited to improve control and transparency of the business activites (including within the extended supply chain). Generally, auditing can be split into two general types, an internal audit and an external audit.
An external audit is probably the most familiar, and is the independent checking of a company's financial accounts by an independent team (not affiliated with the company), generally commissioned by and answerable to the company shareholders. In the US, this non-affiliation is a strict legal requirement within the Sarbanes-Oxley act, a direct result of the Enron scandal whereby, in brief, the auditors were not independent to the company and were validating accounts which were misleading to shareholders. The scope of an external audit is relatively narrow, and is merely to issue a statement as to whether or not the company accounts represent a true and fair view of the company's financial situation, to prevent any misstatement in the company accounts. Regular external audits are normally a requirement for a company being listed on a stock exchange.
Internal audits tend to have much wider scopes than external audits, and are also supposed to be fully independent. However, internal audits are not performed in order to produce reports which the public and shareholders can see (though on occasion they might), but instead to report to managers and directors of the company on performance. The point of an internal audit is to add value to a company's operations by evaluating the processes and procedures the company uses. It should also analyse the risks the company is exposed to and to idenitfy fraud within the company (although an external audit must report fraud if it discovers it, it is not the purpose of the external audit to discover fraudulent activity within a company, this is within the scope of the internal audit). In many cases, the internal audit will work with the external audit wherever possible, but clearly this can be limited as the external auditors need to preserve their independence and objectivity if their own final reports are to have any value. Working too closely with an internal team can jeopardise a claim to objectivity.