Forging cooperation between internal audit, external audit, audit committee

By Ken Tysiac

Although internal audit, external audit, and audit committees have different roles, their duties often intersect.

External auditors may use the work of internal auditors to the extent this is permitted by auditing standards and regulators. The audit committee, meanwhile, hires the external auditor and often oversees internal audit’s work.

The intersection sometimes is an uneasy one. PCAOB inspection reports over the past several years have noted occasions when external auditors relied on internal auditors’ work without a sufficient basis for doing so.

As a result, external auditors may be unwilling or unable to rely on internal auditors’ work. And audit committees may be reluctant to have internal audit working a lot as an extension of external auditors by doing testing on internal controls when internal audit has plenty of other duties to tackle.

These challenges are explored in a report released jointly Tuesday by the Center for Audit Quality (CAQ) and the Institute of Internal Auditors (IIA). The CAQ is affiliated with the AICPA.

According to the report, all three have roles in enterprise risk management (ERM). Internal audit can champion, advocate for, and facilitate ERM without losing its independence. External auditors also can provide the audit committee with support for and education on ERM, and audit committees can supply top-down support for ERM, the report says.

The report also suggests that:

  • Early, frequent communication between external and internal auditors can eliminate duplicate work and enhance audit quality. Formal and informal channels of communication among the audit committee, external auditors, and internal auditors are necessary.
  • Internal auditors receive training on the audit evidence that external auditors may desire.
  • Audit committees can act as intermediaries in managing expectations for external and internal auditors, and can facilitate communication between them.
  • Internal audit’s role in the external audit should not eclipse the other services internal audit provides the organization.
  • Under circumstances in which external auditors engage frequently with internal audit, they are well-positioned to share with the audit committee their observations of internal audit’s performance.

Ken Tysiac is a JofA editorial director.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.