IIA-MCP Server

Overview Inspect Schema Related Servers Score Discussions

topical-requirements.md•7.09 kB

--- title: "Topical Requirements" url: "https://www.theiia.org/en/standards/2024-standards/topical-requirements/" category: "standards" standard_number: "2024" last_updated: "2025-07-15T02:45:34.239Z" scraped_at: "2025-07-15T02:45:34.239Z" ---# Topical Requirements Copyright Notice All content is protected by international copyright laws. You may reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that, other than for your own personal use, is strictly prohibited and may constitute a violation of copyright law, resulting in civil and criminal penalties. [Contact copyright@theiia.org for permission to use our materials.](mailto:copyright@theiia.org) **Topical Requirements** are a new, mandatory component of the International Professional Practices Framework. ## Topics ### Issued - [Cybersecurity](/en/standards/2024-standards/topical-requirements/cybersecurity/) (February 5, 2025) ### Issuance planned - Third-Party (September 2025) ### Public Consultation - [Organizational Behavior](/en/standards/2024-standards/topical-requirements/public-comment-period/) now open ### Upcoming Public Consultation - Organizational Resilience ## What Are Topical Requirements? Depending on the results of the internal audit function’s risk assessment, internal auditors must apply Topical Requirements in conformance with the [Global Internal Audit Standards](/en/standards/2024-standards/global-internal-audit-standards/) when providing **assurance services** on the topic. Topical Requirements are recommended but not required for **advisory services**. Each Topical Requirement becomes effective 12 months after it is issued. Each Topical Requirement is accompanied by a **user guide** to help internal audit functions implement the requirements. Both documents are available in multiple languages. The final publication results from the diligent work of the [Global Guidance Council](/en/standards/2024-standards/governance-process-and-due-diligence/global-guidance-council/) and IIA staff to follow a due process that includes public consultation and revision based on the feedback received. To read the details, download [Report on the Development and Public Consultation Processes for the Cybersecurity Topical Requirement](/globalassets/site/standards/topical-requirements/cybersecurity/report_on_cybersecurity_topical_requirement_processes.pdf). ## Frequently Asked Questions What is the purpose of Topical Requirements? Topical Requirements enhance the consistency and quality of internal audit services, increasing the professionalism of internal auditors’ performance. They help strengthen the relevance of internal auditing to address pervasive and evolving risks. They provide minimum baseline and relevant criteria for a consistent, comprehensive approach to assessing the design and implementation of governance, risk management, and control processes in particular risk areas (the topics). How do the Topical Requirements fit into the IPPF? The 2024 IPPF includes Global Internal Audit Standards and Topical Requirements, which are mandatory, and Global Guidance, which is recommended but not mandatory. When are Topical Requirements applicable? Internal auditors must apply Topical Requirements in conformance with the Global Internal Audit Standards for assurance engagements when applicable. Topical Requirements are applicable when a risk assessment leads to the topic being one of the following: - The subject of an assurance engagement in the internal audit plan. - Identified while performing an engagement. - The subject of an engagement request not on the original internal audit plan. Evidence that each requirement in the Topical Requirement was assessed for applicability must be documented and retained. Not all individual requirements may apply in every engagement; if requirements are excluded, a rationale must be documented and retained. Is The IIA recommending internal auditors use specific frameworks? The IIA recognizes that organizations globally use various risk, control, and governance frameworks and adhere to specific laws and regulations. Internal audit functions may apply these frameworks. To demonstrate conformance with a Topical Requirement, functions must be able to demonstrate the framework covers the applicable requirements. The IIA’s Topical Requirements may provide mapping between the requirements and globally recognized frameworks. For example, the Cybersecurity Topical Requirement User Guide maps the NIST and COBIT cybersecurity frameworks. Referencing these specific frameworks does not mean that The IIA requires their application. When will the Topical Requirements be in effect? Topical Requirements are effective 12 months after issuance, meaning that the relevant requirements must be implemented by this time. Additionally, quality assessments conducted after the effective date will assess conformance with effective Topical Requirements. The quality assessor will review the documentation for relevant engagements to determine conformance. Early adoption of the Topical Requirement is encouraged. For more information about external quality assessments, please visit [Quality Services](/en/group-services/quality-assurance/quality-services/). Will the Quality Assessment Manual for the internal audit function be updated to reflect the Topical Requirements? The Quality Assessment Manual’s methodology already indicates how to verify conformance with Topical Requirements in the testing of Standards 13.2 Engagement Risk Assessment and 13.3 Engagement Objectives and Scope using the D5 and D6 templates. Will exams for IIA certifications be updated to reflect the Topical Requirements? In accordance with our current policy, questions on new Topical Requirements will not appear on the CIA exam until at least 6 months after the effective date. The Cybersecurity Topical Requirement effective date is February 5, 2026. Please check [CIA Updates/General FAQs](/en/certifications/general-faqs/) frequently for additional information. How does the Global Guidance Council set the Topical Requirements? The chart below shows the stages of developing Topical Requirements. Details about the most recent processes also appear in the [*Report on the Standard-setting and Public Comment Processes for the Cybersecurity Topical Requirement*](/globalassets/site/standards/topical-requirements/cybersecurity/report_on_cybersecurity_topical_requirement_processes.pdf). Can I download, copy, and distribute the Topical Requirements? The IIA receives many questions concerning downloading, copying, and distributing the Global Internal Audit Standards, Topical Requirements, and related materials available. [Find answers to the most common questions.](/en/standards/2024-standards/global-internal-audit-standards-copyright-notice/) ## Learn about IIA programs and partners. We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands.

Latest Blog Posts

OpenTelemetry for Model Context Protocol (MCP) Analytics and Agent Observability
By Om-Shree-0709 on .
observability
mcp
opentelemetry
Securing Enterprise AI Agents with Unique Identities in the Model Context Protocol (MCP)
By Om-Shree-0709 on .
When Your Year of Work Gets Copied Overnight: What Actually Matters?
By punkpeye on .
startups

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/rp4/IIA-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server