Topical Requirements
Topical Requirements, the newest component of the International Professional Practices Framework, will ensure that all internal audit functions – large, small, private, or public – apply consistent audit methodology when assessing the effectiveness of governance, risk management, and controls of a particular topical area.
The use of Topical Requirements will be mandatory when an internal audit function scopes an audit engagement that includes the topic covered.
Topical Requirements ARE:
- Required when providing assurance on a specified risk area.
- Subject to applicability as determined by risk-based internal audit plan. Limitations must be documented.
- Baseline for engagement performance when the risk area is subject to review.
- Inclusive of aspects of governance, risk management, and control processes.
- Subject to external quality assessment.
Topical Requirements ARE NOT:
- Requirements to perform an
engagement on the topic. - Comprehensive work programs.
- Designed to address emerging topics.
- Substitutes for risk assessments or professional judgment.
- Designed to circumvent or supplant legal and regulatory requirements.
Conforming with Topical Requirements will support internal auditors in the specific challenges of auditing that topic. These requirements are designed to strengthen the ongoing relevance of internal auditing to address the evolving risk landscape and enhance the consistency and quality of internal audit services across industries and sectors.
The IIA to Release its First Topical Requirement
The Draft Cybersecurity Topical Requirement was available in multiple languages for a 90-day public comment period, from April 3 to July 3, 2024. The Global Guidance Council is currently reviewing the comments received and making changes to address the feedback and create a final version. Watch this space for news about the final version, to be released in Q1 2025.
Topical Requirements on various areas within the audit universe will be available on this page later.
The Topical Requirements expected for public consultation in 2025 include:
- Third-party Risk
- Culture
- Business Resiliency
Watch Archived Webinar | Register for Upcoming Webinar | Public Consultation Drafts