Since the introduction of King III, the need for a risk based internal audit has been emphasised through the following five principles; 

Principle 7.1 The board should ensure that there is an Effective Risk Based Internal Audit.

Principle 7.2 Internal audit should follow a Risk Based Approach to its Plan

Principle 7.3 Internal Audit should provide a Written Assessment of the Effectiveness of the Company’s System of Internal Control and Risk Management.

Principle 7.4 The Audit Committee should be Responsible for Overseeing Internal Audit

Principle 7.5 Internal Audit should be Strategically Positioned to Achieve its Objectives.

This has elevated the status of Internal Auditors within their companies and has brought the assessment of the technical strength and capability to the radar screen of the Audit Committees and the respective boards. The diversity of the skills sets required to enable Internal Auditors to deliver on their expectations and the enormous increase in required budgets has made the decision of whether to outsource, co-source or retain or create an in-house internal audit department become crucial. 

In this publication we highlight the various options available for each company and the circumstances that make each choice most appropriate.


Internal Audit: Out-Source, Co-Source or In-House