Aspect | Internal Auditing | External Auditing |
Primary objective | Improve internal controls, risk management, and operations | Provide independent opinion on whether financial statements are true & fair |
Main stakeholders | Management & Board (Audit Committee) | Shareholders, regulators, creditors, public |
Independence | Organisationally independent but employed/engaged by the company; reports to Audit Committee | Professionally independent; external firm appointed by shareholders |
Appointment | By management/Audit Committee | By shareholders at AGM (per law) |
Reporting line | To Audit Committee/Board; management for administration | To shareholders via audit report |
Scope | Broad: governance, risk, compliance, operational efficiency, IT, projects | Financial statements and related disclosures (with some controls/testing relevant to FS audit) |
Standards/frameworks | IIA Standards (IPPF), internal methodologies | ISA (International Standards on Auditing) and local regulations |
Frequency | Continuous/periodic per annual audit plan | Typically annual (or as required) |
Time orientation | Forward-looking and preventive; advisory | Historic, after period-end; assurance |
Nature of work | Assurance and consulting (advisory) | Assurance only (reasonable assurance) |
Evidence focus | Control design & operating effectiveness, process performance | Audit evidence supporting account balances, classes of transactions, disclosures |
Materiality | Often process/control risk–based; not strictly quantitative | Quantitatively and qualitatively determined for FS misstatement |
Deliverables | Internal audit reports with findings, ratings, and recommendations | Independent auditor’s report with opinion (unmodified/modified) |
Access & confidentiality | Full access granted by management; results usually internal | Access per engagement; report is public/for members; working papers confidential |
Legal requirement | Not always mandatory; governance best practice | Often required by law/regulation unless exempt |
Success metrics | Control improvements, issue remediation, value creation | Appropriate opinion, audit quality, compliance with standards |
Typical activities | Risk assessments, control testing, compliance reviews, operational audits, IT audits, investigations | Risk assessment, substantive testing, controls testing relevant to FS, analytical procedures |
Relationship with management | Collaborative—but must preserve independence | Professional scepticism; arm’s-length relationship |
Remuneration | Company-funded (budget approved by Audit Committee) | Audit fee approved by shareholders/Board (per governance) |
Tiada ulasan:
Catat Ulasan