Audit may sound like a "four-letter word," but last we checked, the term definitely had five letters!
A bank audit isn't as intimidating or frustrating as you may think, especially when you and your business team have realistic expectations about the process.
Many companies utilize both internal and external audits to help maximize the integrity of their bank or credit union’s operational systems.
In this article, we'll explain what both these types of audits are, how they're different, and how they may apply to your financial institution.
Internal audits come from a department within the organization.
An internal auditing committee's main task is to monitor the company's processes, controls, and overall efficiency for securing financial information.
Internal auditors help with important jobs like:
Large, complex, and/or publicly held businesses often rely heavily on internal audits, since these more nuanced organizations are more at risk for cybersecurity breaches and systemic failures.
External audits come from independent accountants from outside an organization.
An external auditor provides an objective assessment of:
Sometimes, external audits are also triggered to search for fraud.
Now that we have a clearer idea of what internal vs. external audits are, it may be helpful to more clearly define how these two important processes differ.
Here are at least eight key differences between an internal audit and an external audit when it comes to financial institutions:
Internal Audit |
External Audit |
|
What Is The Goal Of The Audit? |
To identify and highlight any issues pertaining to an organization's risks and business practices. |
To evaluate a company's financial records and issue an audit opinion of the company to the relevant parties. |
Who Leads The Audit? |
A person who is hired by an organization—he or she is considered a company employee. |
An independent contractor from an auditing firm who has been appointed to audit a company based on shareholder votes. |
What Credentials Does The Auditor Need? |
An internal auditor can but does not have to be a certified public accountant (CPA). |
An external auditor must be directed by a CPA. |
Who Holds The Auditor Responsible? |
An internal auditor is responsible to the organization, particularly the organization's upper-level management and regulatory board. |
External auditors are responsible to (effectively "looking out for") the organization's shareholders. This is why external audits are so important for publicly held companies, although publicly held and traded companies may also benefit from internal audits, too. |
How Do Audit Notes Support The Institution? |
Audit notes can be disseminated by the auditor as a way to offer advice and assistance to employees. |
External auditors are not supposed to support the organization or its personnel too closely, out of a concern for conflict of interest. |
What Format Should The Audit Take? |
An internal audit can be formatted into a report of any type or style. |
An external audit requires the use of specific and formalized formats. |
Who Receives The Audit Reports? |
An organization's leaders and upper management |
An organization's lenders, investors, stakeholders, and creditors |
How Often Are Audits Conducted? |
An internal audit may be held multiple times throughout the year, typically at the organization's discretion. |
A formal external audit is conducted in a single annual event. Publicly held organizations will also be reviewed three times by an external auditor. |
As you can see, internal audits and external audits are quite different in terms of implementation and intended use.
But depending on the size and nature of your organization, you may very well need both.
Additional Reading:
Integrity specializes in GLBA compliance and provides support for audits and exams. We have extensive experience working with auditors from many firms, as well as examiners from the OCC and FDIC. We also follow guidelines outlined in your financial institution’s due diligence process. To learn more about preparing for your next audit, or remediating existing vulnerabilities, please download our complimentary GLBA Compliance Checklist!