Insights: Article

Forensic Audit vs. Internal Audit: What’s the Difference?

By Doug Cash

March 07, 2019

Many organizations don’t know the difference between a forensic and internal audit and wonder which they need. The answer to this question is not always easy to determine. In many organizations, members of the audit committee, board of directors, owners, managers or other individuals in supervisor positions have limited (if any) experience with forensic or internal audits. If they are unsure of which direction to turn, they may go seeking the wrong solution.

Let’s look at the differences between these two audits. According to the Cambridge Dictionary, a forensic accountant is defined as “someone whose job is examining financial records to help find out whether a crime has been committed, or help with a legal case.” Cambridge also defines an internal auditor to be “a person who does internal audits for a company.” Taking it a step further, a forensic audit examination is defined as “an examination of financial records to find any illegal financial activity,” while an internal audit is defined as “an examination of a company’s accounts or activities by its own accountants or managers.”

The word “forensic” is often misunderstood in the context of an audit. Forensic simply means “suitable to courts of judicature or to public discussion and debate.” When you compare that to the definition of the an audit, which is “a formal examination of an organization’s or individual’s accounts or financial situation,” you will see a major difference between the two: a forensic audit is conducted with the understanding the matter will appear in court for some type of trial or mediation, and an audit is prepared to be presented to the company’s governing body or owners to discuss the financial health of the organization.

Most of forensic audits and forensic examinations are conducted by Certified Fraud Examiners (CFEs), or forensic accountants who are normally considered experts in a specific field of forensic accounting. Internal audits are often conducted by either Certified Internal Auditors (CIAs) or other accounting professionals.

To determine the need for an internal audit or a forensic audit/examination, consider the following:

Your organization may need an internal audit if:

• Ethical or accuracy lapses have occurred and/or accountability is lacking.
• Specialized expertise is required to accomplish projects beyond regular operations.
• Risks in operations, compliance and reporting are unrecognized or are increasing due to significant changes in the industry, technology, laws and regulations.
• Existing policies and procedures are not being followed.
• Information technology data breaches have occurred or there is significant concern that such risk exists.
• Compliance with laws and regulations is a significant burden; noncompliance may become a serious issue if not monitored and evaluated.
• Those charged with governance are focused on the "big picture," but remain concerned about what they may not know about the specifics (or vice versa).
• Communications internally have led to morale and turnover issues, and/or external communication quality has led to an air of skepticism from stakeholders about operations.

On the other hand, your organization may need a forensic audit/examination if:

• Suspicions of fraud or theft arise.
• Turnover has occurred and account balances are not what they should be (positively or negatively).
• Accounts that were thought to be in your entity’s name are not really owned by your entity.
• Reconciliation procedures result in timing differences or unidentified differences, or they don’t reconcile at all.
• Vendors that should have been paid have not been paid, and/or customers that should have paid have not.
• Theft of personally identifiable information has occurred or business systems have been hacked.
• Labor and materials have resulted in poor quality products that are not selling (or worse, are out of compliance with laws and regulations).
• A whistleblower hotline identified issues such as assets stolen or other defalcations.

While some matters require both a forensic audit/examination and an internal audit, the key to determining which service to use is to determine the time and objectives of the project(s). A forensic audit/examination is designed to focus on reconstructing past financial transactions for a specific purpose, such as concerns of fraud, whereas an internal audit is typically focused more on compliance and/or the performance of the organization.

When in doubt, your organization should reach out to both a forensic accountant (also known as forensic auditor) and an internal auditor to further discuss your needs. These professionals can assist you with determining which service offering is more appropriate for the scope of the matter as well as ensure that the most qualified person(s) are on your engagement team. Contact us today to learn more.