Technically, what are the fundamental differences between Internal Control and Internal Audit?
According to the definition by the Institute of Internal Auditors (IIA), internal control (IC) is a system of processes carried out by management, the board of directors, and employees of an organization. It is established to provide reasonable assurance of achieving efficient and effective operations, reliable financial reporting, compliance with laws and regulations, and safeguarding assets.
On the other hand, internal audit (IA) is considered an independent and objective assurance and consulting function within an organization to add value and help an organization achieve its objectives. In short, internal control refers to the entire system of processes throughout all levels and functions of an entity, including the internal audit function's role in independent monitoring.
However, in practice, components of an internal control system may have narrower understandings of internal audit, such as being a single point or a single control activity carried out by an individual or department. Alternatively, a function called "internal control department" may serve as a coordination, support, or supervisory role in implementing internal control within an organization.
What is the relationship between the Audit Committee and the internal audit department? Are there clear regulations regarding this relationship? Decree 05/2019/ND-CP on internal audit in Vietnam does not specify a clear relationship between the internal audit department and the Audit Committee. The decree only mentions that the internal audit department must submit its internal audit plan for the following year to various stakeholders, including the Audit Committee.
Besides, according to the Enterprise Law 2014 with a governance model per Article 134.1a, the Audit Committee has the authority to inspect, monitor, and evaluate the effectiveness of internal audit activities. It also has the right to use the internal audit department of the company to carry out assigned tasks. The Credit Institutions Law 2010 and Circular 13/2018/TTNHNN also specify that internal audit falls under the high-level supervision of the Audit Committee in banks. Therefore, the role of internal audit is often understood as a part of the Audit Committee's function.
In reality, many organizations have misconceptions about their organizational structure, the roles and responsibilities of the Audit Committee, leading to the belief that the internal audit function falls under the Audit Committee's purview rather than being two separate entities in the governance model. To ensure the effectiveness of a governance model with an Audit Committee and an internal audit function, it is essential to have a clear understanding that the Audit Committee plays a guiding and supervisory role, while the internal audit function executes detailed examination activities. Currently, Decree 05 does not provide detailed guidance on resolving the relationship between the Audit Committee, the board of directors, and the internal audit function in a governance model with an Audit Committee..
What are the differences between Internal Audit and Independent Audit?
In short, the primary responsibility of an independent audit is to provide an opinion on the fairness and reasonableness of an entity's financial statements in accordance with accounting standards as a third-party independent entity, often including an assessment of the framework of internal controls affecting financial reporting (if applicable) before the entity publicly releases its financial information. In contrast, the main task of internal audit is to review and evaluate the operational processes, risk management systems, and internal control framework within an entity, including internal controls related to the financial reporting process and other accounting activities. Based on this, internal audit provides audit opinions and improvement recommendations as a part of the entity's internal structure but independent from the audited entity. Internal audit should have a well-planned and rational audit plan to avoid overlapping scopes and evaluated objects with independent audit, as well as other independent monitoring functions if they exist. As per convention, internal audit reports are only disclosed to relevant parties within the organization.
Source: collected.