Skip to Content

Topical Requirements

Read the Draft Cybersecurity Topical Requirement

Topical Requirements, the newest component of the International Professional Practices Framework, will ensure that all internal audit functions – large, small, private, or public – apply consistent audit methodology when assessing the effectiveness of governance, risk management, and controls of a particular topical area.

The use of Topical Requirements will be mandatory when an internal audit function scopes an audit engagement that includes the topic covered.

Topical Requirements ARE:

  • Required when providing assurance on a specified risk area.
  • Subject to applicability as determined by risk-based internal audit plan. Limitations must be documented.​
  • Baseline for engagement performance when the risk area is subject to review.​
  • Inclusive of aspects of governance, risk management, and control processes.​
  • Subject to external quality assessment.

Topical Requirements ARE NOT:

  • Requirements to perform an ​
    engagement on the topic.​
  • Comprehensive work programs.​
  • Designed to address emerging topics.​
  • Substitutes for risk assessments or professional judgment.​
  • Designed to circumvent or supplant legal and regulatory requirements.

The IIA has released its first Topical Requirement.

The Draft Cybersecurity Topical Requirement is available in multiple languages. This draft is currently being revised by the Global Guidance Council to incorporate the feedback gathered during a 90-day public comment period.

Read the Draft Cybersecurity Topical Requirement

Find your local chapter.

Learn About The New Topical Requirements

Learn all about Topical Requirements including what they are, what they are not, and how to read and comment on the first one about Cybersecurity. Access a playback of a June 11 webinar.

Conforming with Topical Requirements will support internal auditors in the specific challenges of auditing that topic. These requirements are designed to strengthen the ongoing relevance of internal audit to the evolving risk landscape and enhance the consistency and quality of internal audit services across industries and sectors.

Topical Requirements on a variety of areas within the audit universe will be available on this page later.