Riskweise provides risk-based internal audit services for GCC financial institutions — delivered as co-sourced specialist resource, fully outsourced internal audit function, or advisory engagements supporting an existing IA team — covering IFRS 9, ICAAP, stress testing, treasury, ALM, compliance, and quality assurance reviews.
Three engagement models cover the full range of need: a major bank using us for specialist depth on a specific audit (co-sourced), a mid-sized NBFC or fintech where we own the entire IA mandate (outsourced), or an established IA team using us to assess and improve their own function (advisory).
We supplement your existing internal audit team with specialist resources for specific engagements — credit risk, model risk, IFRS 9, treasury. Your team leads; we provide the technical depth. Common arrangement for banks with a strong generalist IA function but specific specialist gaps.
We serve as your internal audit function — full ownership of the annual audit plan, execution, reporting, and audit committee interface. Ideal for NBFCs and fintechs without a full-time IA team, or where the institution prefers an independent third-party IA function for governance reasons.
Gap assessments, methodology reviews, and quality assurance of your existing IA function. We help your team improve without taking over their mandate. Particularly relevant where the IA function has identified weaknesses but the institution wants to develop in-house capability rather than replace it.
Co-sourced suits banks with established IA teams that need specialist support on specific audits — most common for IFRS 9, ICAAP, stress testing, and model risk audits where in-house specialist depth is hard to maintain. Outsourced suits NBFCs and fintechs that need full IA function but cannot justify a full-time team. Advisory suits established IA functions wanting an independent assessment and capability uplift. We can move between models as your needs evolve.
Yes — this is one of our most-requested specialist services. ECL model audits require both IA methodology and quantitative model expertise, which most institutions struggle to maintain in-house. We deliver the audit to internal audit standards (independent, evidence-based, methodology-driven) while bringing the quantitative depth needed to genuinely test the model rather than just review documentation.
We run mock audits against the specific themes the regulator has flagged or is expected to focus on. This identifies gaps before the regulator does, gives the bank time to remediate, and builds the evidence pack the regulator will look for. Common themes: IFRS 9 model governance, ICAAP scenario assumptions, stress testing rigour, MMS compliance, three-lines-of-defence operation.
Depends entirely on plan size and institution complexity. Most NBFCs and fintechs find outsourced IA less expensive than building an in-house function once you account for hiring, retention, certification, and methodology costs. Mid-sized and large banks find co-sourced more cost-effective — keep the generalist function in-house, bring specialists in for the audits where it matters.
Where it matters, yes. If Riskweise has built your IFRS 9 ECL model, we will not also internal-audit that model — that would compromise IA independence. We staff such engagements with separate teams that have not been involved in the original build, and document the independence safeguards explicitly in the engagement letter. The cleanest setup is using Riskweise for one and a different provider for the other.
Under outsourced and advisory models, yes — that's standard. Under co-sourced, we report through your Head of Internal Audit. The reporting line is set in the engagement letter and reflected in the audit committee charter. Direct audit committee access is one of the things that makes IA independence operationally meaningful, not just a policy statement.
We respond within one business day. No agency-style discovery process — straight to scope, fit, and what you actually need.
Start the conversation