Standards

Application Note Global Internal Audit Standards in the UK Public Sector (applicable from 1 April 2025)

This Application Note Global Internal Audit Standards in the UK Public Sector is to be applied with the Global Internal Audit Standards issued by the Institute of Internal Audits. The Relevant Internal Audit Standards Setters have adopted this application note from 1 April 2025, on advice of the UK Public Sector Internal Audit Standards Advisory Board (IASAB).

• Download the Application Note: Global Internal Audit Standards in the UK Public Sector (PDF, 372Kb)

Topical Requirements

The IIA explains that the purpose of a Topical Requirement is to enhance the consistency and quality of internal audit services, strengthen the internal audit function’s ongoing relevance in the evolving risk landscape, and raise the professionalism and quality of internal auditors’ performance. The IIA has a detailed development process for each topical requirement which includes consideration of a global public consultation before the final version is published. Each topical requirement will have a 12-month implementation period.

Topical requirements are a mandatory component of the IIA IPPF, but do not automatically apply to internal audit in the UK public sector.  IASAB notes that the topical requirements are for a global audience. Each IIA topical requirement will therefore be considered by IASAB for applicability to the UK public sector. If appropriate a UK consultation will be undertaken. IASAB will consider full or partial application as well as disapplication if appropriate for the sector.  IASAB will consider both the topical requirement and the associated user guidance.

Subject to IASAB’s pronouncement on applicability of each individual topical requirement, UK public sector auditors will also need to consider each area alongside local regulations which may impose a higher standard than the topical requirement.

Topical Requirement: Cybersecurity

IASAB have considered the IIA Cybersecurity topical requirements and user guide. Both are fully applicable for the UK public sector from 5th February 2026. Additional standards in the UK may be relevant and UK auditors may find the National Cyber Security Centre assessment framework beneficial (Cyber Assessment Framework - NCSC.GOV.UK).

The full topical requirements and user guide can be viewed on the IIA website.

Draft Topical Requirement: Third Party

IASAB have considered the draft Third-Party topical requirement and associated user guide. IASAB’s response to the IIA consultation considered the applicability of the topical requirement for the UK public sector especially considering the wide range of third-party relationships within the sector.

Read the IASAB response to the IIA consultaion on Third Party Topical Requirement

Older standards applicable to the UK Public Sector

• Public Sector Internal Audit Standards 2017 (Superseded)
• Public Sector Internal Audit Standards 2016 (Superseded)
• Public Sector Internal Audit Standards 2013 (Superseded)

Consultations

Have your say on the latest IASAB consultations