Audit-Ready TPRM: Aligning Your Third-Party Risk Program with the IIA’s 2025 Topical Requirement

Big changes ahead: The IIA's new third-party requirement could reshape internal audit

The Institute of Internal Auditors (IIA) has released a public consultation draft of its new topical requirement on third parties¹, and it’s poised to become one of the most significant updates to third-party risk management in years.

This topical requirement is planned for issuance by Q3, 2025. Once finalized, this new standard will require mandatory conformance for internal auditors conducting assurance engagements related to vendors, contractors, and other third-party service providers.

Is your organization ready?

This update introduces new expectations, and for many audit teams, it raises critical questions:

• Can your third-party risk management (TPRM) program demonstrate full lifecycle coverage, from onboarding to offboarding?
• Are your governance, control, and risk management procedures clearly documented?
• Will your program withstand the increased scrutiny from audit committees and regulators?
  

If you’re unsure, now is the time to act.

Start with our Readiness Questionnaire

Quickly evaluate how well your third-party risk program aligns with the IIA’s draft expectations. It’s a fast, practical way to identify gaps before the requirement becomes mandatory.

Go deeper with the white paper

Take the next step

Don't be caught off guard. Prepare now and gain a critical advantage.

Here’s how to get started:

• Download the readiness checklist – Pinpoint gaps in your TPRM lifecycle and assess audit readiness
• Get the white paper – Align your program with the IIA’s upcoming assurance requirements
• Schedule a readiness review – Meet with our team for a personalized consultation
  
  

Resources

1. International Professional Practices Framework (IPPF) Topical Requirement in Third Party (newly published in April 2025)