The Global Internal Audit Standards, 2024 (GIAS) states:
‘The Standards apply to any individual or function that provides internal audit services, whether an organization employs internal auditors directly, contracts them through an external service provider, or both.’
This means that regardless of the resource models used for internal audit services, the GIAS applies to all. In addition, the chief audit executive (CAE) is ‘accountable for the internal audit function’s implementation of and conformance with all principles and standards’ with every internal auditor also being responsible for conformance with the principles and standards which relate to their role.
The GIAS defines outsourcing and co-sourcing in its glossary but does not provide any great detail for either of these and there is no inclusion of outsourcing or co-sourcing within the mandated standards or essential conditions. Outsourcing is highlighted in the Considerations for Implementation in relation to challenges in resourcing the internal audit function from within the organisation itself. The Glossary defines outsourcing as:
‘Contracting with an independent external provider of internal audit services. Fully outsourcing a function refers to contracting the entire internal audit function, and partially outsourcing (also called “co-sourcing”) indicates that only a portion of the services are outsourced.’