Difference Between Internal Audit and Internal Control
Key Difference – Internal Audit vs Internal Control
Internal audit and internal control are two main aspects of any type of organization. In general, these two terms are often confused and used interchangeably; nevertheless, they are different from each other. The key difference between internal audit and internal control is that internal audit is a function that provides independent and objective assurance that an organization’s internal control and risk management system are functioning effectively whereas internal control is the system implemented by a company to ensure the integrity of financial and accounting information and that it is progressing towards fulfilling its profitability and operational objectives in a successful manner.
CONTENTS
1. Overview and Key Difference
2. What is Internal Audit
3. What is Internal Control
4. Side by Side Comparison – Internal Audit vs Internal Control
5. Summary
What is Internal Audit?
Internal audit is a function that provides independent and objective assurance that a company’s internal control and risk management system are functioning as intended. The internal audit department is led by the internal auditor who should have recent and relevant financial experience. The internal auditor is appointed by the audit committee, who will evaluate the effectiveness of the internal auditor and receive audit reports on a periodic basis. The audit committee has the following roles to perform with regard to internal audit.
- Monitor and review the effectiveness of the company’s internal audit function
- Ensure that the internal audit function has access to adequate financial and other resources to carry out its duties
- Ensure that the internal audit function has the support and access to relevant information from all parts of the organization to conduct a successful audit
- Report to the board and make appropriate recommendations on how to improve the company’s internal audit system
- Consider the response of the management to any key external or internal audit recommendations
If the company does not have an internal audit function (this is possible in a certain type of companies, especially in small companies where there is only an external audit function), the need for the establishment of an internal audit function should be considered annually.
What is Internal Control?
Internal control is the system implemented by a company to ensure the integrity of financial and accounting information and that the company is progressing towards fulfilling its profitability and operational objectives in a successful manner. The main reason that internal control procedures are in place is to ensure that the risks the company face are mitigated. Even when an efficient internal control system is in place, there is no guarantee that the risks will be completely eliminated; however, they can be controlled from causing notable destruction for the company. Internal control measures can take the following forms.
The type of control that should be implemented for each risk is decided based on two aspects.
- Likelihood/probability of risk- possibility of a risk being materialized
- Impact of risk- size of the financial loss if the risk materialize
Both likelihood and the impact of a risk may be high, medium or low. For a risk with high likelihood and impact, controls with high effect should be implemented. If not, it will be exposed to a high control risk.
Figure 01: Likelihood and impact of a risk helps the company to identify the type of internal control measure to use
What is the difference between Internal Audit and Internal Control?
Internal Audit vs Internal Control | |
Internal audit is a function that provides independent and objective assurance that an organization’s internal control and risk management system are functioning effectively. | Internal control is the system implemented by a company to ensure the integrity of financial and accounting information and that the company is progressing towards fulfilling its profitability and operational objectives in a successful manner. |
Main Responsibility | |
The main responsibility of the internal audit is to review the effectiveness of the internal control system. | Ensuring that sound internal control procedures are in place is the main responsibility of internal control system. |
Nature | |
Internal audit is a preventive measure. | Internal control is a detective measure. |
Summary – Internal Audit vs Internal Control
The difference between internal audit and internal control is distinct due to its nature and applicability. While mitigating risks through proper controls and ensure that the company is not hindered from achieving its objectives is the purpose of internal control; inspecting whether such controls are functioning as intended is the objective of the internal audit. A number of large-scale corporates such as Enron and Lehman Brothers have collapsed due to not having a sound internal control system and an effective internal audit function.
Reference:
1. Internal Control. N.p., Web. 19 May 2017. <https://www.cliffsnotes.com/study-guides/accounting/accounting-principles-i/principles-of-accounting/internal-control>.
2. “The difference between internal and external audits – Questions & Answers.” AccountingTools. N.p., n.d. Web. 21 May 2017. <http://www.accountingtools.com/questions-and-answers/the-difference-between-internal-and-external-audits.html>.
3. “Internal Audit.” Investopedia. N.p., 23 Nov. 2003. Web. 21 May 2017. <http://www.investopedia.com/terms/i/internalaudit.asp>.
Image Courtesy:
1. “RiskMatrix-RH” By RoyHanney – Own work (CC BY 3.0) via Commons Wikimedia
ncG1vNJzZmivp6x7pbXFn5yrnZ6YsqOx07CcnqZemLyue8OinZ%2Bdopq7pLGMm5ytr5Wau261za2cq6aRoXqiwcOiq2aZnpl6t7%2BMoqWtnaKjrq15wqilraqfoXw%3D