Internal audit is the term given to the processes that ensure an organisation’s policies, procedures and systems are working as expected, and that any gaps or improvements that could be made are identified. It also includes evaluating and improving the effectiveness of any risk management, control and governance processes.
By carrying out an audit of systems and operations, internal auditors aim to identify how well risks are managed. This includes whether the right processes are in place, and whether agreed procedures are being adhered to.
Internal audits should also include suppliers and contractors (especially those who are operating under your licence and safety case) that you interact with so that you know the inputs to your end to end process are safe. These audits are sometimes referred to as ‘second party’ audits.
External audits by comparison are different in that they are performed by third parties independent of your organisation, and often for an audience outside your organisation. A good example would be the safety assessments performed by the Transport Agency.