Role of Internal Audit in Internal Controls and Internal Financial Controls: A
line of difference
Internal control is broadly defined as a process, effected by an entity's board of directors, management and other
personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following
1. Effectiveness and efficiency of operations;
2. Reliability of financial reporting and
3. Compliance with applicable laws and regulations.
(As given in COSO Framework)
Internal financial controls mean the policies and procedures adopted by the company for ensuring the:
1. Orderly and efficient conduct of its business, including adherence to company’s policies;
2. Safeguarding of its assets;
3. Prevention and detection of frauds and errors and
4. Accuracy and completeness of the accounting records and the timely preparation of reliable financial information.
(As given in clause (e) of Section 134(5) of New Companies Act 2013)
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an
organization's operations. It helps an organization accomplish its objectives (Operational/Reporting/Compliance)by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control,
and governance processes.
As given by the Institute of Internal Auditors (IIA)
Understanding: Coverage of Internal Control is wider then internal financial controls as it covers all
objectives (Operation/reporting/compliance) of organization.
Author Note: Internal Audit was covering the IFC through Internal Audit in past however as a regulatory requirement
it (i.e. IFC) has been classified separately.
a. Structured demonstration approach has been introduced in The New Companies Act 2013.
b. More regulatory reporting responsibilities have been added for compliance with internal financial controls (IFC).
c. Meeting the requirements of IFC will automatically robust the internal control framework of the organisation.
Connect on email: firstname.lastname@example.org