Statutory audit must “make more use” of internal audit expertise
While objectivity and independence are critical, greater collaboration could be the key to stronger assurance
While objectivity and independence are critical, greater collaboration could be the key to stronger assurance
A more collaborative relationship between internal and external audit will be a critical step as the profession strives to increase quality and bolster its standing in the public eye, according to industry voices.
“I think it would produce much stronger assurance,” says Liz Sandwith, chief professional practices advisor at the Chartered Institute for Internal Auditors (CIIA). “Each side knowing and understanding that control environment and what new and emerging risks are being mitigated, would help them both do their job that much better.”
Though fundamentally similar, several disparities exist between the two functions. Internal audit will examine issues related to business practices, while their external counterparts issue opinions regarding financial statements and records.
The purpose of the two sides is also key. Internal audit reports act as a tool for the organisation’s management, whereas external audit caters to key stakeholders such as lenders, investors and creditors.
“Internal audit are there 365 days a year and, therefore, have a much greater understanding of the organisation, and a much broader remit. There is a real opportunity for external audit to build on this knowledge rather than repeating it.”
Sandwith’s view largely resembles that of Sir Tony Redmond, who was commissioned by the UK government in 2020 to conduct a review into the effectiveness of external audit and transparency of financial reporting in local authorities. While focusing on the external side of audit, the review makes several references to its relationship with internal auditing.
“There is a question as to whether external audit could make more use of the knowledge and expertise of internal audit in developing sufficient understanding of the local authority,” it said.
“Internal auditors are likely to be much closer to the business than external audit and, in many authorities, a proportion of their work focuses on governance and service delivery matters. This could make internal audit a rich source of knowledge, should the external audit team wish to use it.”
Sandwith also notes the significance of such a collaboration for audit committees within companies, suggesting that input from both sides will help to facilitate a more thorough oversight of the organisation’s financial reporting process.
“It enables the committee to have a much greater understanding of the rigour within the organisation around the management of risks, and the controls that management have put in place to mitigate those risks.”
Tom McMorrow, director of policy, regulation and ethics at RSM, believes that while ‘collaboration’ may not be the most appropriate terminology to use, a more productive relationship between internal and external audit would ultimately benefit the standing of the profession.
“Collaboration isn’t the right expression given that each function has a separate objective. Co-operation is a better descriptor – good quality and purposeful liaison between the two functions is always desirable, so they can achieve a depth of mutual understanding through meaningful professional dialogue at key moments in the external audit planning and execution stages,” he says.
“Spotting red flags is in the skillset of both, so anything that facilitates information-flow between one and the other is in the mutual interests of both.”
Independence must be preserved
However, both agree that this relationship cannot function unconditionally, with the independence and objectivity of both sides remaining critical.
“If one side places too much reliance on the other, there is a risk around the financial stability of the organisation,” says Sandwith.
“It’s a collaboration relationship – a sharing of information without compromising each other’s independence and objectivity. I think there’s a role for both, but very different roles.”
McMorrow goes on to note the potential issue of “familiarity”, arguing that this could lead to an over-reliance on the work of the internal auditor, ultimately damaging the organisation.
“This tends to be the main risk as it might compromise the objectivity of the external auditor. It may lead to inappropriate or undue reliance on the work of the internal auditor without sufficient and appropriate work being undertaken by the external auditor.”