The independence of mind and independence of appearance is what gives assurance services their value and credibility. Globally, the Financial Action Task Force’s (FATF) Recommendation 18 speaks to financial institutions’ (FIs) programs against money laundering, including “an independent audit function to test the system”. Locally, the Financial Transactions Reporting Act (FTRA), 2018, Section 19(2)(iv) requests every FI to implement procedures based on its nature and size to, at minimum, secure “independent audit arrangements to review and verify compliance with the effectiveness of the measures taken within the act”.
By tradition, external audit focuses more on providing assurance to financial statements while internal audit specializes in examining internal processes, procedures and controls. The distinction above appears fundamental and critical to the ongoing discussions of independence and objectivity. Even more consequentially, whether the local inclusion of the words, “independent audit arrangements”, gives rise to the obligation of an internal audit, external audit, and/or both across the many professions that are captured under FTRA, in particular designated non-financial businesses and professions (DNFBPs). This article will proctor no position and only seeks to offer contextual facts surrounding the options.
To appreciate “independent audit arrangements” as it relates to internal and external audits, here is an exploration of their objectives, independence and objectivity, and similarities and differences.
The Institute of Internal Auditors’ (IIA) Standards and Guidance states, “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” This definition emphasizes independence and objectiveness of IIA in both assurance and consulting services.
Similarly, but not exactly, an external independent audit is primarily conducted to review the financial records of a company. They examine the records and financial statements of the client’s firm, and provide objective reports on any irregularities.
Simply, an internal audit assesses the risk management and control functions as a core component of governance, risk and compliance (GRC), compared to the latter that expresses a professional opinion on financial statements of a company.
Objectivity and independence
It is imperative to note that independence and objectivity go hand in hand. Both of these terminologies are synonymous with internal and external audits. Objectivity is considered a mental attitude that allows internal auditors to perform engagements in a way that they have an honest belief in their work and that no significant quality compromises have been made. Objectivity concern is also present in external audits because the independent auditors want to self-preserve the financial relationship.
Independence refers to freedom from influences affecting and threatening objectivity or appearance of objectivity. These threats to objectivity should be dealt with on an individual auditor, engagement, functional and organizational level.
Similarities and differences
Besides a different underlying objective between internal audits and external audits, there are surprising similarities and several additional differences regarding skills, timing, employment relationship and primary audience amongst others. Both provide assurance, an auditor’s report, and communicate issues in the financial process. Also, both can be performed by an independent accounting firm. However, traditionally, internal audits are conducted by internal staff auditors and external audits are completed by independent accounting firms. Internal audits are voluntarily scheduled by management, whereas external audits are generally involuntary and prescribed by legal necessity. The primary audience of the recommendations of an internal audit is the board, executive management and regulators. Conversely, the primary audience of the external auditors’ expressed opinion is internal and external investors.
In short, both internal and external audits have critical roles to play in providing positions on various aspects of a financial institution. My career has afforded me opportunities to function as both an internal auditor and an external auditor. Additionally, as a lead risk and compliance professional, the pleasure was afforded me to assist executive management with and sometimes responding directly to requests of both audit function/arrangement. These occasions have provided me with a distinct appreciation of how both internal and external functions can assist each other in the execution of their various objectives.
FIs must, where in doubt and where there is no legal obligation to complete external audits, seek legal opinions regarding the obligation of FTRA, 2018, as it relates to internal controls.
• Derek Smith Jr., a Top 40 Under 40 leader, is the compliance officer & money laundering reporting officer (MLRO) at Higgs & Johnson, a leading law firm in The Bahamas and former AVP, compliance MLRO at an international private bank. His professional career started at a ‘Big Four’ accounting firm and has spanned over 15 years including business risk management, compliance, internal audit, external audit and other accounting services. He is also a certified anti-money laundering specialist (CAMS) and certified risk & compliance management professional (CRCMP).