Skip to Content
Press Enter

Third-Party Topical Requirement

Issued: September 15, 2025 | Effective: September 15, 2026

Working with third parties introduces risks that must be identified, assessed, and managed. This Third-Party Topical Requirement provides a consistent, comprehensive approach to assessing the design and implementation of third-party governance, risk management, and control processes. As a new mandatory element of The IIA’s IPPF®, it establishes a baseline for providing assurance services in this specific risk area.

Copyright Notice All content is protected by international copyright laws. You may reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that, other than for your own personal use, is strictly prohibited and may constitute a violation of copyright law, resulting in civil and criminal penalties. Contact copyright@theiia.org for permission to use our materials.

About Topical Requirements

Topical Requirements

Topical Requirements, the newest component of the International Professional Practices Framework will ensure that all internal audit functions – large, small, private, or public – apply consistent audit methodology when assessing the effectiveness of governance, risk management, and controls of a particular topical area.

Public Comment Period

We need your input! The IIA is developing Topical Requirements as a new element of the International Professional Practices Framework (IPPF), which also includes the Global Internal Audit Standards™ and Global Guidance.

Learn about IIA programs and partners.

We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands.