An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited.Users of these entities’ financial information, such as investors, government agencies, and the general public, rely on the external auditor to present an unbiased and independent audit report.
Difference from internal auditor
Internal auditors who are members of a professional organization would be subject to the same code of ethics and professional code of conduct as applicable to external auditors. They differ, however, primarily in their relationship to the entities they audit. Internal auditors, though generally independent of the activities they audit, are part of the organization they audit, and report to management. Typically, internal auditors are employees of the entity, though in some cases the function may be outsourced. The internal auditor’s primary responsibility is appraising an entity’s risk management strategy and practices, management (including IT) control frameworks and governance processes. They are also responsible for the internal control procedures of an organization and the prevention of fraud.
Detection of fraud
If an external auditor detects fraud, it is their responsibility to bring it to the management’s attention and consider withdrawing from the engagement if management does not take appropriate actions. Normally, external auditors review the entity’s information technology control procedures when assessing its overall internal controls. They must also investigate any material issues raised by inquiries from professional or regulatory authorities, such as the local taxing authority.
External Auditors’ Liability to Third Parties
Auditors may be liable to 3rd parties who are damaged by making decisions based on information in audited reports. This risk of auditors’ liability to third parties is limited by the doctrine of privity. An investor or creditor, for instance, cannot generally sue an auditor for giving a favorable opinion, even if that opinion was knowingly given in error.
The extent of liability to 3rd parties is established (in general) by 3 accepted standards: Ultra mares, restatement, and foreseeability.
Under the Ultra mares doctrine, auditors are only liable to 3rd parties who are specifically named. The Restatement Standard opens up their liability to named “classes” of individuals. The foreseeability standard puts accountants at the most risk of liability, by allowing anyone who might be reasonably foreseen to rely on an auditor’s reports to sue for damages sustained by relying on material information.
While the Ultra mares doctrine is the majority rule, (to the relief of many new and budding accountants pursuing an auditing career!) the restatement standard is preferred in several states and is growing in popularity. The foreseeability standard will not likely be widely adopted anytime soon because the cost (time and financial) of litigation would be enormous.
CFOs, company accountants, and other employees are not provided the same luxuries of the doctrine of privity. Their material actions and statements open them (and their companies) up to liability from third parties damaged by relying on these statements.
The audit committee has become the primary focus for the company’s relationship with the external auditor.
The role of the audit committee involves making recommendations to the board about the appointment of the auditor, agreeing audit fees, reviewing the scope of external audit work, and holding private meetings with the auditor to discuss its findings. It also includes reviewing, with the external auditor, the external auditor’s independence.
The objective of an external audit of financial statements is to determine whether, in the auditor’s opinion, the statements present fairly in all material respects – that is, they show a true and fair view in all material respects of the company’s financial position, results of operations, and cash flows, in conformity with national or international generally accepted accounting principles (GAAP).
This covers a range of matters, many of which are a part of the audit committee’s responsibilities. Hence, regular communication with the external auditor can be extremely valuable in assisting the audit committee’s work.
Broadly, discussions with the external auditor can cover four key areas, which range from specifics about the auditor and its relationship with the company, to discussion about the industry, business and control environment of the company. These areas can be summarized as follows:
- service approach (the auditor’s qualifications, including independence, to perform the work, and its approach to the audit)
- audit plan (the key risks identified by the auditor in relation to the financial statements and the company’s controls, and the resulting audit plan and response to the risks)
- financial reporting (accounting policies, disclosures and observations about the overall quality of financial reporting)
- governance matters (matters noted by the auditor in the course of its work that it believes should be brought to the audit committee’s attention).
The difference between internal and external audits
There are multiple differences between the internal audit and external audit functions, which are as follows:
- Internal auditors are company employees, while external auditors work for an outside audit firm.
- Internal auditors are hired by the company, while external auditors are appointed by a shareholder vote.
- Internal auditors do not have to be CPAs, while a CPA must direct the activities of the external auditors.
- Internal auditors are responsible to management, while external auditors are responsible to the shareholders.
- Internal auditors can issue their findings in any type of report format, while external auditors must use specific formats for their audit opinions and management letters.
- Internal audit reports are used by management, while external audit reports are used by stakeholders, such as investors, creditors, and lenders.
- Internal auditors can be used to provide advice and other consulting assistance to employees, while external auditors are constrained from supporting an audit client too closely.
- Internal auditors will examine issues related to company business practices and risks, while external auditors examine the financial records and issue an opinion regarding the financial statements of the company.
- Internal audits are conducted throughout the year, while external auditors conduct a single annual audit. If a client is publicly-held, external auditors will also provide review services three times per year.
In short, the two functions share one word in their names, but are otherwise quite different. Larger organizations typically have both functions, thereby ensuring that their records, processes, and financial statements are closely examined at regular intervals