Part or all of the internal audit function may be outsourced, or provided at group level, subject to the requirements of Section RM-7.6. Amongst other things, these require licensees to retain responsibility for their internal audit programme, and that appropriate safeguards are built into the outsourcing contract. Furthermore, a licensee cannot outsource its internal audit function to its external auditor (with limited exceptions). Prior approval from the CBB is required for significant outsourcing arrangements, including all outsourcing of internal audit. A licensee's head of internal audit is a controlled function and requires CBB approval prior to being appointed (see Section AU-1.2).