Learn About Topical Requirements
The IIA is developing Topical Requirements as a new element of the International Professional Practices Framework (IPPF), which also includes the Global Internal Audit Standards™ and Global Guidance.
Topical Requirements include mandatory requirements for evaluating and assessing the effectiveness of governance, risk management, and control processes, as well as nonmandatory considerations to help internal auditors validate those requirements.
Public Comment Drafts
Cybersecurity Topical Requirement
- The draft Cybersecurity Topical Requirement was released for a 90-day public comment period, from April 3 to July 3, 2024.
- The Global Guidance Council is currently reviewing the comments received and making changes to address the feedback and create a final version.
The public comment drafts for other Topical Requirements will appear here. Check back frequently for updates.
The Topical Requirements expected for public consultation in 2025 include:
- Third-party Risk
- Culture
- Business Resiliency
Learn About The New Topical Requirements
Learn all about Topical Requirements including what they are, what they are not, and how to read and comment on the first one about Cybersecurity. Access a playback of a June 11 webinar.
Questions? Email Standards-Guidance@theiia.org.