ICAS ICAS logo

Quicklinks

  1. About Us

    Find out about who we are and what we do here at ICAS.

  2. Find a CA

    Search our directory of individual CAs and Member organisations by name, location and professional criteria.

  3. CA Magazine

    View the latest issues of the dedicated magazine for ICAS Chartered Accountants.

  4. Contact Us

    Get in touch with ICAS by phone, email or post, with dedicated contacts for Members, Students and firms.

Login
  • Annual renewal
  • About us
  • Contact us
  • Find a CA
  1. About us
    1. Governance
  2. Members
    1. Become a member
    2. Newly qualified
    3. Manage my membership
    4. Benefits of membership
    5. Careers support
    6. Mentoring
    7. CA Wellbeing
    8. More for Members
    9. Area networks
    10. International communities
    11. Get involved
    12. Top Young CAs
    13. Career breaks
    14. ICAS podcast
    15. Newly admitted members 2022
    16. Newly admitted members 2023
  3. CA Students
    1. Student information
    2. Student resources
    3. Learning requirements
    4. Learning updates
    5. Learning blog
    6. Totum Pro | Student discount card
    7. CA Student wellbeing
  4. Become a CA
    1. How to become a CA
    2. Routes to becoming a CA
    3. CA Stories
    4. Find a training agreement
    5. Why become a CA
    6. Qualification information
    7. University exemptions
  5. Employers
    1. Become an Authorised Training Office
    2. Resources for Authorised Training Offices
    3. Professional entry
    4. Apprenticeships
  6. Find a CA
  7. ICAS events
    1. CA Summit
  8. CA magazine
  9. Insight
    1. Finance + Trust
    2. Finance + Technology
    3. Finance + EDI
    4. Finance + Mental Fitness
    5. Finance + Leadership
    6. Finance + Sustainability
  10. Professional resources
    1. Anti-money laundering
    2. Audit and assurance
    3. Brexit
    4. Business and governance
    5. Charities
    6. Coronavirus
    7. Corporate and financial reporting
    8. Cyber security
    9. Ethics
    10. Insolvency
    11. ICAS Research
    12. Pensions
    13. Practice
    14. Public sector
    15. Sustainability
    16. Tax
  11. CPD - professional development
    1. CPD courses and qualifications
    2. CPD news and updates
    3. CPD support and advice
  12. Regulation
    1. Complaints and sanctions
    2. Regulatory authorisations
    3. Guidance and help sheets
    4. Regulatory monitoring
  13. CA jobs
    1. CA jobs partner: Rutherford Cross
    2. Resources for your job search
    3. Advertise with CA jobs
    4. Hays | A Trusted ICAS CA Jobs Partner
    5. Azets | What's your ambition?
  14. Work at ICAS
    1. Business centres
    2. Meet our team
    3. Benefits
    4. Vacancies
    5. Imagine your career at ICAS
  15. Contact us
    1. Technical and regulation queries
    2. ICAS logo request

The working relationship between external audit and internal audit

  • LinkedIn (opens new window)
  • Twitter (opens new window)
By Alan Simpson CA

1 May 2018

Key points

  • Although external audit and internal audit are separate and distinct in their respective functions and duties there are benefits to both parties from regular communication between the two functions.

  • Effective communication and planning between external and internal audit functions helps ensure that audit resources can be directed towards the more high-risk areas of the organisation.

  • In the UK, the use of internal auditors to provide direct assistance is prohibited under ISA 610 (UK).

Five points on the relationship between external and internal audit

External audit and internal audit are clearly separate and distinct in their respective functions and duties but there should be regular communication between the two. In this the second of two articles, I look at the working relationship between the internal auditor and the external auditor.

1. Statutory right of access by an auditor

An auditor of a company (this refers to the external auditor) has a right of access to information (Companies Act 2006, section 499) and this would include finalised internal audit reports, the supporting working papers and the right to obtain information and explanations from any employee and officer, including internal auditors, of the company.

The internal audit function should also have an unrestricted right of access to all information, explanations and records required to carry out their work. This right should be clearly stated in the organisation’s internal audit charter approved by the audit committee.

2. Under International Standards on Auditing (ISAs) (UK)

The relationship is described in several of the ISAs (UK) - namely ISAs  240, 315, 600, and above all, ISA(UK) 610.

  • ISA(UK) 240: The auditor’s responsibilities relating to fraud in an audit of financial statements, states in paragraph 19 that “For those entities that have an internal audit function, the auditor shall make inquiries of appropriate individuals within the function to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity, and to obtain its views about the risks of fraud.”

Internal audit may also be able to provide insight in relation to weaknesses in counter-fraud controls and/or fraud risk indicators within the organisation.

  • ISA (UK) 315: Identifying and assessing the risks of material misstatement through understanding of the entity and its environment, states in paragraph 23: “If the entity has an internal audit function, the auditor shall obtain an understanding of the nature of the internal audit function’s responsibilities, its organisational status, and the activities performed, or to be performed.”

The external auditor will want to know as a minimum the following regarding the internal audit function:

  • Is there an internal audit charter?
  • What is the size of the internal audit section?
  • Qualifications and continuous professional development of the internal audit staff.
  • Reporting structure to management.
  • Details about the audit committee, if one exists.
  • Annual audit plan and performance against that plan.

The external auditor will also want to read copies of the reports issued during that financial year and meet with the Chief Internal Auditor, or equivalent.

  • ISA(UK) 610: Using the work of internal auditors, contains an important proviso at the beginning of the standard that “Nothing in this ISA(UK) requires the external auditor to use the work of the internal audit function to modify the nature or timing, or reduce the extent, of audit procedures to be performed directly by the external auditor; it remains a decision of the external auditor in establishing the overall audit strategy.”

Paragraphs 21 to 25 of ISA (UK) 610 state that “If the external auditor plans to use the work of the internal audit function, the external auditor shall discuss the planned use of its work with the function as a basis for coordinating their respective activities.”

ISA(UK) 610 places restrictions on how far the external auditors can place reliance on work carried out by internal audit. The use of direct assistance is prohibited per Para 5-1 of ISA(UK) 610 which states that “The use of internal auditors to provide direct assistance is prohibited in an audit conducted in accordance with ISAs(UK)”.

Direct assistance is defined in the International Auditing and Assurance Standards Board as: “the use of internal auditors to perform audit procedures under the direction, supervision and review of the external auditors”. Paragraph 30 of ISA (UK) 610 states that “the external auditor shall not use internal auditors to provide direct assistance to perform procedures that:

  • Involve making significant judgements in the audit
  • Relate to higher assessed risks of material misstatement where the judgement required in performing the relevant audit procedures or evaluating the audit evidence gathered is more than limited.
  • Relate to work with which the internal auditors have been involved and which has already been or will be reported to management or those charged with governance by the internal audit function.
  • Relate to decisions the external auditor makes in accordance with the ISA(UK) regarding the internal audit function and the use of its work or direct assistance.

For example, if stock/inventory is a material item, and is considered by the external auditor to be an area of higher risk, it would be acceptable for the external auditor to request that internal audit review the processes and controls relating to stock management, but it would not be appropriate for them to request that internal audit assess the adequacy of stock provisions as this would involve more than limited judgement.

3. Advantages of coordination and collaboration between external and internal audit 

  • Close communication and planning ensures that audit resources can be directed towards the area of most need i.e. high-risk areas of the organisation. This means that internal audit can plan their work to minimise duplication with external audit testing and to provide assurance over those systems and controls on which external audit may wish to place reliance, subject to appropriate review procedures being applied.
  • The audit teams can plan the timing of their work to minimise disruption and interference with key members of staff.
  • The audit team can share intelligence on key events, changes and plans that may impact on the risk profile of the organisation and therefore, on their work.

4. Challenges that may arise within a collaboration between external and internal audit

  • The Head of Internal Audit must balance requests from external audit against the need to provide appropriate coverage over the organisation’s key risk areas, to enable them to provide an annual opinion. This may result in high demand for limited resources and the Head of Internal Audit will need to ensure appropriate compromises are reached.
  • A close relationship with external audit may cause a shift in the perception of internal audit from being a critical friend to a policing function. It is crucial for internal audit to retain the trust of the management team and staff so that they can perform their work effectively.

5. Examples of good practice of effective communication between external and internal audit

To have a smooth working relationship between the two sets of auditors, it is crucial that there is effective and regular communication between the Chief Internal Auditor (or senior team member) and the External Auditor (e.g. the audit engagement partner or one of the senior team members). This will be helped by:

  • Discussions at appropriate intervals during the year on any major matters which may affect the work of either party.
  • Full and prompt access to reports issued by the internal audit function during the year.
  • Full and prompt access to the internal audit plan of work, audit files and testing.
  • The audit committee facilitating communication between internal audit and external audit.

Explore seven differences between external audit and internal audit

View article

The relationship between external audit and internal audit

By Alan Simpson CA

18 April 2018

2-23-marsh 2-23-marsh
ICAS logo

Footer links

  • Contact us
  • Terms and conditions
  • Modern slavery statement
  • Privacy notice
  • CA magazine

Connect with ICAS

  • Facebook (opens new window) Facebook Icon
  • Twitter (opens new window) Twitter Icon
  • LinkedIn (opens new window) LinkedIn Icon
  • Instagram (opens new window) Instagram Icon

ICAS is a member of the following bodies

  • Consultative Committee of Accountancy Bodies (opens new window) Consultative Committee of Accountancy Bodies logo
  • Chartered Accountants Worldwide (opens new window) Chartered Accountants Worldwide logo
  • Global Accounting Alliance (opens new window) Global Accounting Alliance
  • International Federation of Accountants (opens new window) IFAC
  • Access Accountancy (opens new window) Access Acountancy

Charities

  • ICAS Foundation (opens new window) ICAS Foundation
  • SCABA (opens new window) scaba

Accreditations

  • ISO 9001 - RGB (opens new window)
© ICAS 2022

The mark and designation “CA” is a registered trade mark of The Institute of Chartered Accountants of Scotland (ICAS), and is available for use in the UK and EU only to members of ICAS. If you are not a member of ICAS, you should not use the “CA” mark and designation in the UK or EU in relation to accountancy, tax or insolvency services. The mark and designation “Chartered Accountant” is a registered trade mark of ICAS, the Institute of Chartered Accountants of England and Wales and Chartered Accountants Ireland. If you are not a member of one of these organisations, you should not use the “Chartered Accountant” mark and designation in the UK or EU in relation to these services. Further restrictions on the use of these marks also apply where you are a member.

ICAS logo

Our cookie policy

ICAS.com uses cookies which are essential for our website to work. We would also like to use analytical cookies to help us improve our website and your user experience. Any data collected is anonymised. Please have a look at the further information in our cookie policy and confirm if you are happy for us to use analytical cookies: