Skip to Content

Topical Requirements

Copyright Notice We are excited to share this publication with you. However, keep in mind that all content – including text, images, tables, and graphics – is protected by international copyright laws. You are welcome to reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that other than for your own personal use is strictly prohibited and may constitute a violation of copyright law resulting in civil and criminal penalties. If you would like to request permission to use our materials or have questions, please email copyright@theiia.org.

Topical Requirements are a new, mandatory component of the International Professional Practices Framework.

Topics

ISSUED

ISSUANCE PLANNED FOR SEPTEMBER 2025

  • Third-Party

PUBLIC CONSULTATION COMING SOON

  • Organizational Behavior: Draft expected to open in July for 45 days of public consultation.
  • Organizational Resilience

IPPF image

What Are Topical Requirements?

Depending on the results of the internal audit function’s risk assessment, internal auditors must apply Topical Requirements in conformance with the Global Internal Audit Standards when providing assurance services on the topic. Topical Requirements are recommended but not required for advisory services. Each Topical Requirement becomes effective 12 months after it is issued.

Each Topical Requirement is accompanied by a user guide to help internal audit functions implement the requirements. Both documents are available in multiple languages. The final publication results from the diligent work of the Global Guidance Council and IIA staff to follow a due process that includes public consultation and revision based on the feedback received. To read the details, download Report on the Development and Public Consultation Processes for the Cybersecurity Topical Requirement.