The IIA’s New Cybersecurity Topical Requirement
Description
The Institute of Internal Auditors Presents: All Things Internal Audit Tech
In this episode, Logan Wamsley talks with George Barham about The IIA’s Cybersecurity Topical Requirement. They discuss how internal audit functions should prepare for its 2026 effective date, and why CAEs should take action now. The conversation also highlights the requirement's companion user guide, outsourcing considerations, framework references, and IIA resources available to help internal audit functions conform with confidence.
HOST:
Logan Wamsley
Associate Manager, Content Development, The IIA
GUEST:
George Barham, CIA, CRMA, CISA,
Director, Standards & Guidance, The IIA
KEY POINTS:
- Introduction [00:00-00:00:21 ]
- Background on the Cybersecurity Topical Requirement [00:00 :21-00:01:31 ]
- Key Feedback and Early Implementation Advice [00:01 :31-00:03:09 ]
- Tips from CAEs on Getting Started [00:03 :09-00:04:37 ]
- How to Use the Companion User Guide [00:04 :37-00:05:57 ]
- Outsourcing Considerations [00:05 :57-00:07:30 ]
- Framework References and Mapping [00:07 :30-00:09:37 ]
- Keeping Up with the Evolving Cyber Landscape [00:09 :37-00:11:30 ]
- Annual Review and Updates [00:11 :30-00:12:24 ]
- Advice as the Effective Date Approaches [00:12 :24-00:14:26 ]
- Additional IIA Resources and Support [00:14 :26-00:16:38 ]
- Final Thoughts [00:16 :38-00:18:23 ]
THE IIA RELATED CONTENT:
Interested in this topic? Visit the links below for more resources:
- Cybersecurity Topical Requirement
- Executive Knowledge Brief: The Cybersecurity Topical Requirement in Practice
- GTAG: Assessing Cybersecurity Risk
- 2025 Cybersecurity Virtual Conference
- Cyber Resource Center
- A New Tool to Monitor Established Risks
Visit The IIA's website or YouTube channel for related topics and more.
Follow All Things Internal Audit:
Apple Podcasts
Spotify
Libsyn
Deezer
United States
