ComplianceMarch 25, 2026

Third-party risk topical requirements: Bridging the gap between regulatory requirements and real-world challenges

By: Mike Levy, CIA, CRMA, CISSP, CISA, CDPSE

Position your audit team for 2026 compliance with the IIA’s Third-Party Topical Requirement—clear standards for governance, risk, and controls that turn third-party risk into strategic advantage.

Report objectives

  • A new global baseline for third-party risk oversight
    The IIA’s Third-Party Topical Requirement establishes a minimum, standardized
    framework for how internal audit evaluates third-party governance, risk management,
    and controls.
  • Compliance is needed by September 15, 2026
    Organizations have a defined preparation window to assess gaps, remediate
    weaknesses, and train audit teams before the requirement officially takes effect.
  • Focus is on highest-risk third parties, not all vendors
    The requirement does not qualify auditing every external relationship—rather focus on
    those with the greatest risk impact—while still prioritizing existing regulatory
    obligations.
  • Strong programs integrate governance, risk, and lifecycle controls
    Effective third-party risk management spans decision-making governance, standardized
    risk processes, and lifecycle controls from due diligence through offboarding.
Receive a copy of the full report.

Missing the form below?

To see the form, you will need to change your cookie settings. Click the button below to update your preferences to accept all cookies. For more information, please review our Privacy & Cookie Notice.

Solutions

TeamMate Audit

Audit management

Learn More

The world’s leading audit management software - empowering audit departments of all sizes.

Learn More
View a Demo
Contact Us

Related Insights

  • Report
    Compliance
    March 12, 2026

    The SOC 2 compliance checklist

    SOC 2 manages customer data based on five Trust Services Criteria (TSC): Security, Availability, Processing Integrity, Confidentiality, and Privacy.
    Learn More
  • Report
    Compliance
    March 12, 2026

    The ISO 42001 compliance checklist

    The ISO 42001 framework sets the tone for responsible AI management through its Artificial Intelligence Management System (AIMS).
    Learn More
  • Report
    Compliance
    February 26, 2026

    Making a difference: Strategies to grow your internal audit career

    In the dynamic field of internal audit, taking control of your career development is crucial for achieving long-term success in this increasingly complex and high-profile profession.
    Learn More
  • Report
    Compliance
    December 03, 2025

    Driving resilience through risk transparency

    Embracing a “no surprises” culture challenges organizations to anticipate the unexpected, develop peripheral vision for risk, and embed transparency across the three lines of defense.
    Learn More
Back To Top