Lake Mary, FL – (March 6, 2025) – The Institute of Internal Auditors® (The IIA®) today released the draft of the Third-Party Topical Requirement, open for public comment until April 20. Internal auditors and stakeholders are invited to participate in the public comment survey to share their feedback on the draft and help shape the criteria and requirements for providing assurance on governance, risk management, and control processes related to third parties.
The Topical Requirements are a key element of The IIA’s broader International Professional Practices Framework® (IPPF®), alongside the Global Internal Audit Standards™ and Global Guidance. While they do not mandate that a specific risk area be included in audit plans, they provide practitioners with a set of baseline requirements for assessing key risk areas that impact organizations globally and are likely to be included in most audit plans.
Developed with input from internal audit practitioners and stakeholders globally, the Third-Party Topical Requirement provides a consistent and comprehensive approach to assessing the design and implementation of third-party governance, risk management, and control processes.
“We’ve developed a Topical Requirement on third-party relationships due to the pervasiveness of third-party risks for organizations today,” said Anthony Pugliese, CIA, CPA, CGMA, CITP, President and CEO of The IIA. “Particularly in light of geopolitical shifts that are driving global trade and supply chain disruptions, third-party relationships can present a number of threats to organizations including operational, reputational and compliance risks. It’s more important than ever that organizations today have a robust and consistent approach to assessing third-party risk management and control processes.”
The first Topical Requirement was released in February and provided requirements for internal auditors providing assurance on Cybersecurity governance, risk management and control processes. Additional topics in development include business culture, business resilience, and anti-corruption and bribery.
Participants are invited to review the draft Third-Party Topical Requirement in English and submit their feedback between March 6 – April 20 via the survey. Both the draft and the survey are available in several languages. The Third-Party Topical Requirement is also accompanied by user guide that provides supplementary considerations. All documents are available at www.theiia.org/comment.
About The Institute of Internal Auditors and Internal Audit Profession
Internal auditing is an independent, objective assurance and advisory service designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.
The Institute of Internal Auditors (The IIA) is an international professional association that serves more than 260,000 global members and has awarded more than 200,000 Certified Internal Auditor (CIA) certifications worldwide. Established in 1941, The IIA is recognized throughout the world as the internal audit profession's leader in standards, certifications, education, research, and technical guidance. For more information, visit theiia.org.