Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books


The difference between internal audits and external

Jun 12, 2020

Does the word “audit” evoke an experience similar to a trip to the dentist — necessary but uncomfortable? To be avoided if possible?

If so, your organization might be missing out on a key tool for growth: the internal audit.

Internal audits are a hidden gem that many organizations have used to:

  • Streamline operations
  • Reduce potential for fraud
  • Remedy problems that could show up in future external audits
  • Save time and money

Many companies use internal audits to pinpoint potential ways to work smarter and optimize resources. Can your organization do the same?

Internal audit or external audit which is better?

An internal audit is an independent, objective activity designed to identify opportunities for improvement across your organization’s operational, financial, and technology controls. It evaluates and gives guidance on improving the effectiveness of your organization’s controls and operations, risk management and governance processes.

Internal audits aren’t limited to financial reporting controls. Rather, they can help you evaluate risk across any area of your organization.

While external audit can sometimes be seen as a “check-the-box” activity required by regulators, bankers or shareholders, internal audit provides a more proactive and consultative approach to evaluating an organization and providing a fresh perspective on operations and controls.

How does it work?

An internal audit team’s objective is to examine the how as well as the what of your processes and controls.

Whereas an external audit asks whether the balance sheet is accurate, an internal audit looks at the efficiencies and effectiveness of your internal controls, including financial reporting and other operating areas that could ultimately affect the numbers on the balance sheet. To take this deeper dive, the internal audit team:

  • Assesses the location and source of potential risks
  • Evaluates the adequacy, effectiveness and necessity of existing controls
  • Determines whether and where additional controls might be necessary

The resulting recommendations enable management to make informed decisions about everything from technology and human resources to industry-specific workflows.

What can you expect from internal auditing?

One key benefit of internal auditing is that it’s extremely customizable. An internal audit can be as broad or as granular as you need.

For example, Wipfli’s internal audit specialists start by sitting down with management for a high-level discussion. We identify options that match the organization’s concerns, goals and resources. Many clients start with a risk assessment to determine where to spend the most time and energy, and what departments, business processes or functions to focus on first.

In general, the internal audit begins with a walk-through of the processes to be evaluated. For example, an internal audit of your accounts payable process would start with the internal audit team working with the AP team to determine whether money is going out the door as it should. The following questions are likely to be explored:

  • How does an item go through the system?
  • Which controls are in place to ensure appropriate segregation of duties?
  • Is there adequate management oversight?
  • Is more than one person involved in each step (e.g., does one person approve an invoice and a different person cut the check)?
  • Are controls working (e.g., is one signature on the invoice and another on the check)?
  • Who needs access rights to journal entries, and what types of rights are needed?

This deep dive helps to form a picture of the true reasons processes and workflows occur as they do. Many times, the answer is simply “We’ve always done it this way” — not a signpost of efficiency or effectiveness.

Next, detailed testing is completed to ensure that processes (as determined through the walkthrough) are truly operating as intended and agree with any written policies or procedures.

Finally, the internal audit team provides a detailed report of their findings. This report includes recommendations for how to fix problem areas and industry best practices for management to consider.

Not sure where to start? Accounts payable, accounts receivable and IT cybersecurity often see the most benefit from an internal audit.

A competitive advantage hidden in plain sight

The value of internal audits is that they tell a richer story than external audits can. Armed with the details these audits reveal, many organizations experience a competitive advantage through:

  • Increased efficiency
  • Long-term cost savings
  • Optimal efficiency of internal controls

Better still, the operational improvements that internal auditing inspires tend to promote a culture of continuous improvement. As departments implement new or improved workflows, they often find additional ways to apply those improvements in other areas.

If you’re worried about the time or personnel needed to perform an internal audit or initial risk assessment, consider hiring an independent internal auditor. Such experts are not only objective, they’re also likely to be familiar with a wide variety of processes and industries and can quickly discern potential problem areas and solutions. Many also offer remediation and consulting services to help management build policies or program for streamlining operations and addressing trouble spots, leaving your team with more time to implement these solutions and focus on their key responsibilities.

Want to learn more?

Click here to learn more about internal audit services, or continue reading these articles:

3 steps to building an internal audit process

The impact of AI on internal audits

What is continuous auditing?

Are you following IIA standards with your internal audit?


Sarah G. Lutzke, CIA
Principal, Risk Advisory Services
View Profile