两者的不同散见于教材的不同章节,主要是以掌握外审为主;要将重点放在实施审计过程中二者的异同以及内审与公司治理机制特有的关系；
　　二者的异同将在其他各个专题章节中予以讲解,在此只是进行宏观方面的介绍。
　　It is important to understand and recognize the differences and commonalities between internal and external audit – your examination syllabus covers both. Internal audit shares a common history with external audit and has grown out of the increasing focus on the need to have effective controls within an organisation.
　　The internal and external auditor should work closely together, in particular to coordinate activity and maximise effectiveness. However, there are a number of fundamental differences in their objectives, scope and responsibility.

	Internal auditing	External auditing
Objectives	To advise management on whether the organisation has sound systems of internal controls to protect the organisation against loss.	To provide an opinion on whether the financial statements provide a true and fair view/are presented faivly.
Legal basis	Generally not a legal requirement. However the latest corporate govemance advice recommends that if a listed company does not have an internal audit department, it should regularly assess the need for one.	Usually a legal requirement for larger limited companies and most public bodies.
Scope	All areas of the organization, operational as well as financial.	Financial focus
Approach	Increasingly risk-based. Assess risks. Evaluate the system of controls. Test operations of systems. Make recommendations for improvements.	Increasingly risk-based. Test underlying transactions that form the basis of the financial statements.
Responsibility	To advise and make recommendations on internal control and corporate governance.	To form an opinion on whether the financia statements provide a true and fair view/present fairly.

　　Supplementary Readings
　　Internal auditors, external auditors, and consultants who perform internal audit and review engagements provide reports to management （internal audit reports）. These reports are important because they provide documentary evidence of the work performed, the conclusions reached and the recommendations made. The quality and presentation of such reports makes a substantial difference to the value added by internal audit and those performing similar functions.
　　Internal audit reports are different to statutory auditors’ reports produced by external auditors because statutory reports are governed by legislation and either national auditing standards, or International Standards on Auditing. Statutory auditors’ reports are highly codified, and usually fairly brief by comparison with internal audit reports, and they are often available for public inspection. Statutory auditors’ reports are produced for the benefit of shareholders and other stakeholders whereas internal audit reports are produced for the benefit of management; they are generally private documents and are not normally available for public inspection.
　　On the other hand, internal audit reports are similar, in some respects, to reports to management on the design and implementation of controls provided by external auditors to management during the course of, and at the end of, statutory audits. The method of production of such reports is similar, for example. Both internal and external auditors draft these sorts of reports on the basis of the findings of their work and there will usually be a split between significant and insignificant matters, and a summary or overall evaluation of the more important matters. Draft reports will often be discussed with management to confirm the findings and to establish management’s likely response. Responses are often incorporated into the report. Reports will often be redrafted several times, particularly in large organisations, after which the report will be issued. If management have not commented at an earlier stage, a formal response may be expected later. It is normal to follow up on recommendations or agreed action points in order to establish how the issues have been dealt with.
　　External auditor reports to management deal in substance with, inter alia, issues relating to the design and implementation of internal controls that have come to the external auditors’ attention during the course of the statutory audit. They generally deal with weaknesses in systems, the potential consequences and provide recommendations to management. Whilst internal audit reports may appear to be similar, they are different in substance.
　　Internal audit engagements are usually undertaken as part of a pre-planned program of work with a variety of objectives as part of an entity’s overall corporate governance arrangements. These objectives can relate to the risks faced by the business, internally and externally, and / or they can deal with the enhancement of performance.
　　Whilst there are common elements to the two types of reporting, risk-based reporting tends to look at the current position and internal issues, whereas enhancement of performance tend to be more outward and forward-looking. Risk-based reports might include establishing whether existing systems are properly aligned with the overall objectives of the entity. For example, internal auditors may be requested to establish whether human resources systems are capable of, and are actually delivering, the development and retention of the best staff in an entity’s particular market. Where it is believed that systems are not properly aligned, internal audit may be requested to make recommendations in relation to changing the existing systems, or implementing new systems, in order to achieve corporate objectives. Reports relating to the enhancement of performance may involve a review of the market, and management’s business strategies and overall risk management systems at a higher level. Whatever the assignment, there will almost always be a formal report which should be clear, balanced and constructive, consistent in style and concise.
　　Internal audit reports will usually contain a header page giving a title （the subject matter of the report）, a distribution list, the date of production of the report, the identity of the authors and some sort of reference number. They will usually include an executive summary providing the background to the project （an introduction）, summary terms of reference, the major outcomes of the work, the key risks identified and key action points or recommendations, and a summary of any further work required. The main body of the report includes detailed findings, action points or recommendations and will often include alternative recommendations. It gives details of responsibility for actioning the points, the costs involved with the various recommendations, and time-scales for implementation. Appendices will often contain the full terms of reference, tables or questionnaires used, flowcharts and systems diagrams, timetables, details of tests performed, and any other relevant information.

责任编辑：虫虫