Audit-Ready TPRM: Aligning Your Third-Party Risk Program with the IIA’s 2025 Topical Requirement

Amy Zu • June 4, 2025

Big changes ahead: The IIA's new third-party requirement could reshape internal audit


The Institute of Internal Auditors (IIA) has released a public consultation draft of its new topical requirement on third parties1, and it’s poised to become one of the most significant updates to third-party risk management in years.


This topical requirement is planned for issuance by Q3, 2025. Once finalized, this new standard will require mandatory conformance for internal auditors conducting assurance engagements related to vendors, contractors, and other third-party service providers.

Is your organization ready?

This update introduces new expectations, and for many audit teams, it raises critical questions:

  • Can your third-party risk management (TPRM) program demonstrate full lifecycle coverage, from onboarding to offboarding?
  • Are your governance, control, and risk management procedures clearly documented?
  • Will your program withstand the increased scrutiny from audit committees and regulators?

If you’re unsure, now is the time to act.

Start with our Readiness Questionnaire


Quickly evaluate how well your third-party risk program aligns with the IIA’s draft expectations. It’s a fast, practical way to identify gaps before the requirement becomes mandatory.

Download checklist
Audit-Ready TPRM Questionaire

Go deeper with the white paper

Audit-Ready TPRM Program Whitepaper

Audit-Ready: Aligning Your Third-Party Risk (TPRM) Program with the IIA’s 2025 Topical Requirements


This practical resource maps our proven TPRM white paper to the IIA’s proposed requirements for governance, risk, and control, giving you a clear, actionable framework to evaluate, improve, and document your program.


It’s designed for:

  • Internal auditors assessing conformance with the new requirement
  • Risk and compliance leaders building or maturing TPRM programs
  • Executives seeking stronger board visibility into vendor risk


What’s Inside the white paper:

  • A plain-language breakdown of the IIA’s draft expectations
  • A checklist of must-have controls across the third-party lifecycle
  • A crosswalk between the TPRM white paper and IIA assurance areas
  • Guidance on documentation, escalation, and board oversight
  • KPI and reporting strategies to demonstrate program maturity
Download whitepaper

Take the next step

Don't be caught off guard. Prepare now and gain a critical advantage.


Here’s how to get started:

  • Download the readiness checklist – Pinpoint gaps in your TPRM lifecycle and assess audit readiness
  • Get the white paper – Align your program with the IIA’s upcoming assurance requirements
  • Schedule a readiness review – Meet with our team for a personalized consultation

Laptop with split screen: left shows academic thesis in library; right shows business data charts.

Your Major Could Make You a Great Auditor — Here’s How.

By Dorina Hamzo December 11, 2025
Think audit is just for accountants? Think again. From English to PoliSci, find out how your non-traditional major builds the critical skills modern firms need.
Businessman is handing money to another business person

Protect Healthcare Revenue Before CMS Audits Cost You

By Allyson Edwards (guest writer) December 1, 2025
Protect revenue and reduce audit risk. Learn what CMS audits cover and how healthcare organizations can strengthen documentation, oversight, and readiness.

Scaling AI Starts with SOX

By Dorina Hamzo September 21, 2025
A weak SOX foundation can derail AI innovation. Learn how to cut compliance costs and future-proof your internal controls with our free checklist.
More posts