Forensic Audit vs. Internal Audit: Differences in Accounting

When it comes to auditing your organization, many think it’s simply a financial requirement to ensure compliance. However, this type of financial audit is just one of many types of audits your organization can go through. Other types of audits can be used to review and report the health of your organization, uncover potential areas of vulnerability and ensure proper controls are in place.

Understanding the difference between different types of audits is essential to knowing which is the right type for your organization to conduct.

Learn more about the different types of audits.

Watch the Video

What is a Forensic Audit vs. Internal Audit: Understanding the Difference

An audit is defined as “a formal examination of an organization’s or individual’s accounts or financial situation.” It is conducted by a public accounting firm for the purpose of providing “comfort” in relation to an organization’s financial statements.

In many organizations, members of the audit committee, board of directors, owners, managers or other individuals in supervisor positions have limited (if any) experience with other types of audits, including forensic or internal audits. If they are unsure of which direction to turn, they may go seeking the wrong investigative solution.

Let’s look at the differences between forensic accounting and auditing. To start, what is a forensic audit and what is forensic accountant? A forensic accountant is defined as “someone whose job is examining financial records to help find out whether a crime has been committed, or help with a legal case.”

An internal auditor is defined as “a person who does internal audits for a company.”

Taking it a step further, the definition of a forensic auditing is “an examination of financial records to find any illegal financial activity,” while an internal audit is defined as “an examination of a company’s accounts or activities by its own accountants or managers.”

The word “forensic” is often misunderstood in the context of an audit. Forensic simply means “suitable to courts of judicature or to public discussion and debate.”

When you compare that to the definition of an audit, you will see a major difference between the two. The objective of a forensic accounting audit is to investigate the matter with the intention of finding evidence that will appear in a court of law for some type of litigation or mediation. An audit, on the other hand, is prepared to be presented to the company’s governing body or owners to discuss the financial health of the organization.

What is a Forensic Audit?

Forensic audits are conducted with the understanding the matter will appear in court. This investigation could be in relation to a trial or some form of mediation.

Most of forensic audits and forensic examinations are conducted by Certified Fraud Examiners (CFEs), or forensic accountants who are normally considered experts in a specific field of forensic accounting.

Internal audits are often conducted by either Certified Internal Auditors (CIAs) or other accounting professionals.

How to Determine if You Need a Forensic or Internal Audit

After determining what is a forensic audit, the next concern is to determine the need for an internal audit or a forensic audit/examination, consider the following: Your organization may need to implement an internal audit process if:

• Ethical or accuracy lapses have occurred and/or accountability is lacking.
• Specialized expertise is required to accomplish projects beyond regular operations.
• Risks in operations, compliance and reporting are unrecognized or are increasing due to significant changes in the industry, technology, laws and regulations.
• Existing policies and procedures are not being followed.
• Information technology data breaches have occurred or there is significant concern that such risk exists.
• Compliance with laws and regulations is a significant burden; noncompliance may become a serious issue if not monitored and evaluated.
• Those charged with governance are focused on the "big picture," but remain concerned about what they may not know about the specifics (or vice versa).
• Communications internally have led to morale and turnover issues, and/or external communication quality has led to an air of skepticism from stakeholders about operations.

As you can see, an internal audit is about more than just money. It provides a complete picture of how the organization operates and where it needs to improve policies, procedures, and practices.

On the other hand, your organization may need a forensic audit/examination if:

• Suspicions of fraud or theft arise.
• Turnover has occurred and account balances are not what they should be (positively or negatively).
• Accounts that were thought to be in your entity’s name are not really owned by your entity.
• Reconciliation procedures result in timing differences or unidentified differences, or they don’t reconcile at all.
• Vendors that should have been paid have not been paid, and/or customers that should have paid have not.
• Theft of personally identifiable information has occurred or business systems have been hacked.
• Labor and materials have resulted in poor quality products that are not selling (or worse, are out of compliance with laws and regulations).
• A whistleblower hotline identified issues such as assets stolen or other defalcations.

By reviewing the above information, it’s easy to see that a forensic audit is much more focused on financial operations than an internal audit.

What is Forensic Auditing vs. Internal Auditing? The Importance of Knowing the Difference

While some matters require both a forensic audit/examination and an internal audit, the key to determining which service to use is to determine the time and objectives of the project(s).

So what is a forensic audit’s purpose? A forensic audit/examination is designed to focus on reconstructing past financial transactions for a specific purpose, such as concerns of fraud, whereas an internal audit is typically focused more on compliance and/or the performance of the organization.

When in doubt, your organization should reach out to both a forensic accountant (also known as a forensic auditor) and an internal auditor to further discuss your needs. These professionals can assist you with determining which service offering is more appropriate for the scope of the matter as well as ensure that the most qualified person(s) are on your engagement team.

Want to learn more?
We recommend these resources:

• Listen to Eide Bailly’s senior manager + Fraud Investigator discuss how to prevent, detect and respond to dishonest employees during the Monday Morning Radio podcast.
• How Forensic Accounting Uncovers the Secrets Behind Fraud
• Internal Audit Risk Assessment Checklist
• Forensic Audit vs. Financial Audit: What’s the Difference?