Skip to Content

Topical Requirements

Read the Draft Cybersecurity Topical Requirement

Topical Requirements, the newest component of the International Professional Practices Framework, will ensure that all internal audit functions – large, small, private, or public – apply consistent audit methodology when assessing the effectiveness of governance, risk management, and controls of a particular topical area.

The use of Topical Requirements will be mandatory when an internal audit function scopes an audit engagement that includes the topic covered.

A Topical Requirement IS:

  • A cornerstone in defining the potential scope of an internal audit engagement.
  • Required when providing assurance over a specified area.
  • Designed to provide structure and consistency for frequently audited global topics that are typically higher risk.
  • Inclusive of requirements (which are mandatory) and considerations (which serve as best practices).
  • Inclusive of a tool to help internal auditors explain the rationale for including or excluding requirements.

A Topical Requirement IS NOT:

  • A requirement to perform an engagement on the topic.
  • A detailed step-by-step approach for the execution of internal audit engagements.
  • A comprehensive work program.
  • Designed to replace risk assessments or professional judgment.
  • Designed to address emerging risks.

The IIA has released its first Topical Requirement and would like your feedback!

The Draft Cypersecurity Topical Requirement is available in multiple languages. Take the short survey to provide your comments before 3 July 2024.

Read the Draft Cybersecurity Topical Requirement

Find your local chapter.

Learn About The New Topical Requirements

Learn all about Topical Requirements including what they are, what they are not, and how to read and comment on the first one about Cybersecurity. Access a playback of a June 11 webinar.

Conforming with Topical Requirements will support internal auditors in the specific challenges of auditing that topic. These requirements are designed to strengthen the ongoing relevance of internal audit to the evolving risk landscape and enhance the consistency and quality of internal audit services across industries and sectors.

Topical Requirements on a variety of areas within the audit universe will be available on this page later.