Dashboard
Chapter 4: Internal Audit and Corporate GovernanceCertificate Level
Chapter 4: Internal Audit and Corporate Governance

65% Complete

Understood
Needs Study
Chapter 1: The Concept and Purpose of Assurance
Chapter 2: Internal Controls and Information Flows
Chapter 3: Business Cycle Controls
Chapter 4: Internal Audit and Corporate Governance
Purpose and Learning Goals
4.1 What Is Internal Audit?
4.2 Internal vs External Audit
4.3 Audit Committees
4.4 Corporate Governance Principles
4.5 Limitations of Internal Audit
4.6 Internal Audit and Assurance
Chapter 5: Gathering Assurance Evidence
Chapter 6: Professional Ethics and Independence
Chapter 7: Sustainability, ESG, and Assurance
Chapter 8: Exam Practice and Integration
Purpose and Learning Goals

This chapter introduces the role of internal audit and its place within corporate governance. It explains how internal audit differs from external audit, what audit committees do, and why governance matters for trust, accountability, and assurance.

By the end of this chapter, you will be able to:

  • ● Explain the purpose and functions of internal audit.
  • ● Distinguish between internal audit and external audit.
  • ● Understand the role of audit committees.
  • ● Describe how corporate governance supports accountability.
  • ● Recognise the limitations of internal audit.
  • ● Appreciate how internal audit contributes to assurance and risk management.
4.1 What Is Internal Audit?

Internal audit is an independent function within an organisation that evaluates how effectively risks are managed and controls are operating.

Key purposes:

  • ● Provide assurance to management and the board that systems and controls are working.
  • ● Recommend improvements to processes, efficiency, and compliance.
  • ● Support risk management by identifying weaknesses.

Internal audit adds value by helping organisations achieve their objectives more effectively, not just by focusing on financial reporting but also on operational and compliance matters.

4.2 Internal vs External Audit

Although their names are similar, internal and external audit differ in purpose, scope, and reporting:

AspectInternal AuditExternal Audit
AppointmentBy management or boardBy shareholders (Companies Act)
ObjectiveImprove operations, risk management, and controlsProvide opinion on financial statements
ScopeBroader – covers operations, controls, complianceNarrower – focused on financial reporting
ReportingTo management and audit committeeTo shareholders
IndependenceIndependent within organisationIndependent of organisation

Example: An internal audit might review whether payroll processes are efficient, while an external audit tests whether payroll expenses are correctly shown in the financial statements.

4.3 Audit Committees

Audit committees are sub-committees of the board of directors, typically composed of independent non-executive directors (NEDs).

Main responsibilities:

  • ● Oversee the financial reporting process.
  • ● Monitor the effectiveness of internal controls and risk management.
  • ● Supervise the work of internal audit.
  • ● Recommend the appointment of external auditors and oversee their independence.

The UK Corporate Governance Code requires all listed companies to have an audit committee.

4.4 Corporate Governance Principles

Corporate governance refers to the system by which companies are directed and controlled.

Good governance ensures:

  • ● Accountability of directors to shareholders.
  • ● Transparency of operations and reporting.
  • ● Fairness to all stakeholders.
  • ● Long-term sustainability of the business.

The UK Corporate Governance Code sets out best practices for listed companies, covering board leadership, effectiveness, accountability, remuneration, and stakeholder relations.

4.5 Limitations of Internal Audit

While internal audit strengthens assurance, it has limitations:

  • ● Internal auditors are employees of the organisation → potential independence threats.
  • ● Effectiveness depends on resources and management support.
  • ● Internal audit cannot eliminate all risks — it only identifies and mitigates them.

Auditors (both internal and external) must exercise professional scepticism, recognising that no system is flawless.

4.6 Internal Audit and Assurance

In an assurance engagement, external auditors may rely on internal audit if:

  • ● Internal audit is independent and objective.
  • ● Work is performed competently.
  • ● Scope of work is relevant to the financial statements.

However, external auditors remain responsible for their own opinion.

Test Your Understanding – Quick Check

1. What is the main difference between internal audit and external audit?

2. Who typically sits on an audit committee, and why is this important?

3. What are the three main purposes of corporate governance?

4. Give one limitation of internal audit.