Differences between Securities and commercial papers as per Kuwait legislations

Differences and similarities between Internal and External Audit activities

The term “Audit,” with the advancement of knowledge, has become a word that needs a definition to understand what it means.

Of the most prevalent audit types are financial audit, which is usually called External Audit, and Internal Audit.

Financial auditing is an important activity used by business entities to express an opinion on the validity and fair presentation of financial statements.

Meanwhile, Internal Audit is an important tool used to verify integrity of internal control systems and their implementation, thus achieving internal control.

There are broad differences between both types of audits. However, both are integral to each other. The following illustrates the differences and similarities between both types:

Meet Our Internal Audit Experts


1. Mandatory Application

Internal Audit External Audit
Statuary to listed companies and companies licensed by Capital Markets Authority (CMA). However, it is voluntary for other forms of legal entities. Statuary to all business entities.

2. Conducted By

Internal Audit External Audit
Employees of the organization usually have an internal auditing department.However, there is an increasing number of outsourced, or co-sourced internal audit functions, where internal audit service is provided by an external entity

For the companies subject to CMA and CBK supervision

Independent third-party auditors licensed by the regulators, including the Ministry of Commerce and Industry, Capital Markets Authority, and Central Bank of Kuwait (CBK).For other business entities: Independent third-party auditors licensed by the Ministry of Commerce and Industry only.

3. Appointed by, reporting to, and responsible before

Internal Audit External Audit
Board of Directors. Shareholders.

4. Objective

Internal Audit External Audit

Seeks to advise the board of directors on whether the entity’s major operations:

  • Have sound systems of risk management and internal controls.
  • Are in compliance with regulatory requirements
  • Are aligned with business strategic objectives
  • Are aligned with best practices
Seeks to provide positive assurance that accounting records and financial statements are true and accurate

5. Scope of Audit

Internal Audit External Audit
Covering all organizational units Limited to financial unit

6. Binding Standards

Internal Audit External Audit

No binding standards in Kuwait.

However, best practices are applied such as:

  • Standards issued by the Institute of Internal Auditors (IIA)
  • Other standards, such as Information Systems Auditing Standards
  • Other frameworks issued by international organizations such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO), and Control Objectives for Information and Related Technology (COBIT)

From the perspective of accounting

Business Entities to apply International Financial Reporting Standards (IFRS) in accounting.

From the perspective of an external audit

Auditors to perform their audit activities by applying International standards of auditing (ISA).

7. Binding rules and regulations

Internal Audit External Audit

For companies subject to CMA and CBK supervision

Requirements of regulators: CBK and CMA

For other business entities


For companies subject to CMA and CBK supervision

  • Companies law 25/2012
  • Requirements of regulators: CBK and CMA

For other business entities

Companies Law 25/2012

8. Period of audit

Internal Audit External Audit

Annually, for all companies subject to CMA and CBK to cover the financial year of the company quarterly, it is not mandatory but is normally required by companies for internal use.

For other business entities

No internal audit services are mandated. However, voluntary internal audit services can apply.

Annually for all companies as per the regulations of the Ministry of Commerce and Industry Quarterly to meet the requirements of CMA & CBK

For other business entities

Annually, as per the financial year set forth in the company memorandum of association, to comply with the requirements of the Ministry of Commerce and Industry.

9. Approach

Internal Audit External Audit
A risk-based approach covering business risks A risk-based approach covering risks of material financial misstatement.

10. The final report

Internal Audit External Audit
Customized report format: Forms an opinion on the adequacy and effectiveness of risk management systems and internal control, many of which fall outside the main accounting systems. A standardized report in a format required by Auditing Standards consists of two main parts: One part focuses on whether the financial statements give a true and fair view of the financial position of the entity, and the other part covers the entity’s compliance with legal and regulatory requirements.

11. Recipients of the report

Internal Audit External Audit
  • Board of directors
  • Company executive management
  • External auditors
  • Regulators
  • Shareholders
  • Other stakeholders
  • Regulators
  • Company executive management

12. Public disclosure

Internal Audit External Audit
Not applicable Mandatory for listed companies

13. Service Nature

Internal Audit External Audit
Consulting Assurance

14. Staffing

Internal Audit External Audit
Any university degree trained in internal Auditing University degree in accounting

15. Career path

Internal Audit External Audit
Professional certificate as Certified Internal Auditor (CIA) Professional certificate as Certified Public Accountant (CPA) or Chartered Accountant (CA).Academically: Masters/Ph.D. in Accounting


Similarities between internal and external audits are as follows:

  • Testing

    Both the external and internal auditors carry out testing routines and this may involve examining and analyzing many transactions.

  • Internal Control Systems

    The internal auditor and the external auditor are concerned with authenticated procedures, the organization’s systems of internal control, and relevant implementation. Further, both tend to be deeply involved in information systems, since this is a major element of managerial control, as well as being fundamental to the financial reporting process.

  • Standards

    Both adopt a professional discipline and operate to professional standards.

  • Cooperation

    Both seek active cooperation between the two functions, as they are inter-dependable.

  • Reporting

    Both produce formal audit reports on their activities.

You can share the article with others through the following communication channels:

About the Author

BTK Editorial Team

Baker Tilly Kuwait's editorial team comprises seasoned financial experts and industry analysts with a wealth of expertise and accredited certifications in areas such as CIA, CIPA, and CPA, dedicated to delivering in-depth analysis and expert insights across a wide spectrum of finance-related topics & latest market updates.

Meet Our Experts