In addition to this concept, there are three other concepts designed to assess, describe and improve internal control:

- an instruction to review the structure of internal control in the audit of financial statements (SAS 55 of 1988), approved by the American Institute of Chartered Accountants, later amended (SAS 78 of 1995);

 - the report "Control and Audit of Systems" (SAC), prepared by the research fund of the Institute of Internal Auditors (1991); 

- the standard "Objectives of control in the use of information technology" (COBIT), developed by the Association for Audit and Control of Information Systems ISACA 1996.

Internal audit (ISA 610) Internal control (model COSO) Definition Internal audit means performance assessment activities performed by an organization or provided to it as a service Internal control is a process performed by the board of directors, management and other personnel of the company.

Purpose the scope and objectives of internal audit in each case is different and depends on the scope and requirements of its management and the representative of the owners Providing "reasonable assurance" regarding the achievement of the objectives in the following categories:

 - efficiency and productivity of operations; 

- reliability of financial statements;

 - compliance with laws and regulations

 

The objectives of internal audit are determined by the management of the company or the representative of the owners, and the purpose of internal control is to provide "reasonable assurance" in the effectiveness of operations, reliability of financial reporting, compliance with legislation. To operate the internal control system in the enterprise, a certain environment should be created, consisting of five interrelated components: a control environment, risk assessment, controls, information and communication, monitoring. Therefore, internal control is organizationally more complex than internal audit. To operate the internal audit, a separate unit consisting of one or more employees can be created. 

 

The subject of the research in both internal control and internal audit largely coincide:

- assessment of the effectiveness of economic activity;

- evaluation of financial statements;

- assessment of compliance with legislation. 

 

Partially coincide and functions - an estimation of reliability of the reporting, its completeness, reliability, appropriateness of external and internal information. But at the same time, the functions of internal control are wider - this is not just a statement of this or that fact, but also participation in the creation of an effective management system. 

The internal control system should not only ensure the reliability and adequacy of information created at the enterprise, but also ensure:

 - detection of deviations of actual indicators from planned ones and to identify the causes of deviations;

- the timely creation of an information base for management used to make managerial decisions. 

Another function of the internal control system is to ensure the physical safety of the company's assets, prevent fraud and theft. At the same time, an internal audit can give an assessment of the proper functioning of the internal control system. In Russia, there is a standard that regulates internal audit (Rule (standard) No. 29, "Consideration of the Internal Audit Function" (Approved by Resolution of the Government of the Russian Federation No. 696 of September 23, 2002.)

This Standard applies only to the sphere of internal audit in the part that has the attitude to the audit of financial (accounting) statements, therefore the scope of its application is limited only by the audit of financial statements and does not affect the scope of management accounting and other internal reporting of enterprises. in 1990. In 2000, the Russian Institute of Internal Auditors was established, which translated "International Standards for Internal Audit" into Russian in 2011. Under this Standard, the head of internal audit should draw up a risk-oriented plan that determines the priorities for internal audit in accordance with the objectives of the organization.

The internal audit should evaluate and contribute to the improvement of corporate governance, risk management and control processes, using a systematic and consistent approach. Thus, the standards divide the activity of internal audit into three components: risk management, control and corporate governance.