Topical Requirements: A New Concept | INTERNAL AUDIT DEPARTMENT
» ARTICLE » Topical Requirements: A New Concept

List of Articles
Topical Requirements: A New Concept

Article Search By : Mohd Azis Abdullah

Source : Institute of Internal Audit (IIA)

 

Purpose of Topical Requirements

Internal audit practices vary across the globe. The purpose of Topical Requirements is to enhance consistency and quality in internal audit services. In simple terms, they complement the newly proposed IPPF structure, which consists of the Global Internal Audit Standards and related guidance.

 

Scope of Application

While the Standards cover core elements of internal audit and are universally applicable, Topical Requirements apply only to specific audit topics or engagements included in an organization’s audit plan.

 

Are Topical Requirements Mandatory?

Auditors are not required to include Topical Requirements in their audit plans. They become mandatory only if the subject matter covered by the Topical Requirements is included in the audit plan. In such cases, auditors must demonstrate conformance when executing testing related to the specific topic or engagement.

 

Intent of Topical Requirements

Topical Requirements are designed to ensure that all internal audit functions – regardless of size, sector, or structure – apply consistent methodologies when assessing governance, risk management, and controls in a given topical area. Their key purposes are to:

  • Elevate professionalism and performance in internal auditing.
  • Improve the quality and value of internal audit services.
  • Provide assurance to stakeholders that critical elements are addressed in the audited area.

 

Content of Topical Requirements

Draft versions have included an overview of the topic and guidance on applying the Global Internal Audit Standards to the engagement. They also list attributes that must be considered and documented to ensure internal auditors have the context and clarity needed to assess governance, risk management, and control effectiveness.

 

Subjects to be Addressed

Organizations face evolving risk areas such as cybersecurity, sustainability, privacy, and fraud. Topical Requirements strengthen the relevance of the IPPF to this evolving risk landscape. Eight subjects are currently under consideration:

  • Assessing Organizational Governance
  • Cybersecurity
  • Fraud Risk Management
  • Information Technology Governance
  • Privacy Risk Management
  • Sustainability: Environmental, Social & Governance (ESG)
  • Third-party Management
  • Public Sector-specific: Performance Audits
  • Development Process

 

A rigorous process of due diligence will be followed to identify topics. This includes market research, surveys, and input from auditors and stakeholders. Once approved, each topic will undergo a public comment period before implementation.

Date of Input: 30/09/2025 | Updated: 30/09/2025 | muhammad.isam

MEDIA SHARING

SEE ALSO
LKAN 1/2026 tabled in Dewan Rakyat, 273 new issues identified
Weak Financial Literacy, Hidden Loans Cause Teachers to Go Bankrupt – NUTP
Third-Party Relationship Control: Strengthening Organizational Governance and Risk Management
INTERNAL AUDIT DEPARTMENT
Universiti Putra Malaysia
43400 UPM Serdang
Selangor Darul Ehsan
03-9769 1346
03-9769 6176
audit_dalam@upm.edu.my
S, (07:54:45pm-07:59:45pm, 02 Mar 2026)   [*LIVETIMESTAMP*]