Skip Ribbon Commands
Skip to main content
Sign In
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorCertificationBreadcrumb SeparatorCCSA CertificationBreadcrumb SeparatorExam Syllabus Domain 5
Certifications & Qualifications
Expand/CollapseNew to Certification?

Expand/CollapseCurrently Enrolled?

Expand/CollapseAlready Certified?

Expand/CollapseCIA Certification

Expand/CollapseQIAL Qualification

Expand/CollapseCGAP Certification
Expand/CollapseCFSA Certification
Expand/CollapseCCSA Certification
Get Started
Eligibility Requirements
Exam Syllabus
Sample Exam Questions
CPE Requirements
Exam Preparation Resources
Expand/CollapseCRMA Certification

Access CCMS & User Guide
Administrative Directives
CBT Exam Tutorial
CCMS Single Sign On
Certification Corner News
Certifications Merchandise
Candidate Eligibility Extension
Document Upload Portal
Download Handbook
Exam Language Offerings
Pricing Structure
Social Media & Open Badging
Certification FAQ

Certification in Control Self-Assessment® (CCSA®) Exam Syllabus — Domain V

Domain V: Risk Identification and Assessment (15-20%)

(P) = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in these topic areas.

(A) = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.

A. Risk Theory (P)

  1. Defining risk
  2. Relationship of risk to strategic, operational, or process objectives
  3. Risk tolerance, residual risk, and exposure
  4. Impact assessment

B. Risk models/frameworks (including COSO's Enterprise Risk Management/Integrated Framework) (P)

C. Understanding the risks inherent in common business processes (P)

D. Application of risk identification and assessment techniques (P)

E. Risk management techniques/cost-benefit analysis (P)

  1. Transfer, manage, or accept
  2. Impact/cost-benefit analysis

F. Using CSA in enterprise risk management (P) 

IMPORTANT! CCMS users go here to prepare for Single Sign On.

Access CCMS

Candidates from the following countries must refer to their local IIA Institute web-site or contact their local representative for more information about local certification processes:


The information contained on this website pertains to all other countries.