External Audit

An external audit is an examination that is conducted by an independent accountant. This type of audit is most commonly intended to result in a certification of the financial statements of an entity.

An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited.[1] Users of these entities’ financial information, such as investors, government agencies, and the general public, rely on the external auditor to present an unbiased and independent audit report.

The objectives of an external audit are to determine:

  • The accuracy and completeness of the client’s accounting records;
  • Whether the client’s accounting records have been prepared in accordance with the applicable accounting framework; and
  • Whether the client’s financial statements present fairly its results and financial position.

Difference between Internal & External Audits

Some of the key differences are highlighted in the following table.

Internal Audits External Audits
What is the purpose of the audit? Considers whether business practices are helping the business manage its risks and meet its strategic objectives – it can cover operational as well as financial matters. Considers whether the annual accounts give a ‘true and fair view’ and are prepared in accordance with legal requirements.
Who Performs the Audit? Internal Auditors, typically employees of the company External Auditors, typically members of an audit firm
Who is the Audit Reported to? Board of Directors, and members of management Shareholders and members outside of the company
What Does the Audit Cover? – Internal Controls related to:

o Governance

o Risk Management

o Process Improvement

Financial Reports, and Internal Controls related to Financial Reporting
Why is the Audit Performed? To assess and improve the effectiveness of governance, risk management, and control over critical processes. To provide the board and management with information and assurance related to their duties. – To validate, or provide reasonable assurance, the material accuracy of financial reports from the organization to its stakeholders
What sort of report will they receive? Provide a tailored report about how the risks and objectives (of the business area being audited) are being managed. There is a focus on helping the business move forward – so expect there to be recommendations for improvement. Main report is in a format required by Auditing Standards and focuses on whether the accounts give a true and fair view and comply with legal requirements.  If other things come to light which the auditors think should be brought to the client’s attention they will be reported separately to the directors in a ‘management letter’.
WHO ARE THE AUDITORS? Internal auditors may be employees of the firm, or alternatively the firm may wish to outsource its internal audit services. External auditors are appointed by the shareholders of the company and unlike internal auditors they must be able to act independently to ensure an objective approach to the audit process.

Each audit finding within the body of the report may contain five elements, sometimes called the “5 C’s”:

  1. Condition : What is the particular problem identified?
  2. Criteria : What is the standard that was not met? The standard may be a company policy or other benchmark.
  3. Cause : Why did the problem occur?
  4. Consequence: What is the risk/negative outcome (or opportunity foregone) because of the finding?
  5. Corrective action: What should management do about the finding? What have they agreed to do and by when?

Internal/External Audit Procedure:

PLANNING

  • Establishing and communicating the scope and objectives of the audit to appropriate members of management.
  • Developing an understanding of the business area under review – this includes objectives, measurements & key transaction types and involves interviews and a review of documents – flowcharts and narratives may be created, if necessary.
  • Describing the key risks facing the business activities within the scope of the audit.

FIELDWORK

  • Identifying management practices in the five components of control used to ensure that each key risk is properly controlled and monitored. An audit checklist can be a helpful tool to identify common risks and desired controls in the specific process or specific industry being audited.
  • Developing and executing a risk-based sampling and testing approach to determine whether the most important management controls are operating as intended.

REPORTING

  • Reporting issues and challenges identified and negotiating action plans with the management to address these problems.

FOLLOW-UP

  • Following-up on reported findings at appropriate intervals. Internal audit departments maintain a follow-up database for this purpose.

QUALITY OF AN AUDIT REPORT

  • Objectivity: The comments and opinions expressed in the report should be objective and unbiased.
  • Clarity: The language used should be simple and straightforward.
  • Accuracy: The information contained in the report should be accurate.
  • Brevity: The report should be concise.
  • Timeliness: The report should be released promptly immediately after the audit is concluded, within a month.