Skip Ribbon Commands
Skip to main content
Sign In
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorCertificationBreadcrumb SeparatorCIA CertificationBreadcrumb SeparatorCIA Exam Syllabus, Part 1
Certifications & Qualifications
Expand/CollapseNew to Certification?

Expand/CollapseCurrently Enrolled?

Expand/CollapseAlready Certified?

Expand/CollapseCIA Certification
Get Started
Internal Audit Practitioner
Internal Audit Practitioner FAQ
Eligibility Requirements
Exam Syllabus
Sample Exam Questions
CPE Requirements
Prepare and Practice for Exams
Practice Tests
Exam Review Courses

Expand/CollapseQIAL Qualification

Expand/CollapseCGAP Certification
Expand/CollapseCFSA Certification
Expand/CollapseCCSA Certification
Expand/CollapseCRMA Certification

Access CCMS & User Guide
Administrative Directives
CBT Exam Tutorial
CCMS Single Sign On
Certification Corner News
Certifications Merchandise
Candidate Eligibility Extension
Document Upload Portal
Download Handbook
Exam Language Offerings
Pricing Structure
Social Media & Open Badging
Certification FAQ

​CIA Exam Syllabus, Part 1 – Internal Audit Basics

125 questions | 2.5 Hours (150 minutes)

The new CIA exam Part 1 topics tested include aspects of mandatory guidance from the IPPF; internal control and risk concepts; as well as tools and techniques for conducting internal audit engagements. Note: All items in this section of the syllabus will be tested at the Proficiency knowledge level unless otherwise indicated below.

I. Mandatory Guidance (35-45%)

A.  Definition of Internal Auditing

  1. Define purpose, authority, and responsibility of the internal audit activity

B. Code of Ethics

  1. Abide by and promote compliance with The IIA Code of Ethics

C.  International Standards

  1.  Comply with The IIA's Attribute Standards
    1.  Determine if the purpose, authority, and responsibility of the internal audit activity are documented in audit charter, approved by the Board and communicated to the engagement clients
    2.  Demonstrate an understanding of the purpose, authority, and responsibility of the internal audit activity
  2.  Maintain independence and objectivity
    1. Foster independence
      1. Understand organizational independence
      2. Recognize the importance of organizational independence
      3. Determine if the internal audit activity is properly aligned to achieve organizational independence
    2. Foster objectivity
      1. Establish policies to promote objectivity
      2. Assess individual objectivity
      3. Maintain individual objectivity
      4. Recognize and mitigate impairments to independence and objectivity
  3. Determine if the required knowledge, skills, and competencies are available
    1. Understand the knowledge, skills, and competencies that an internal auditor needs to possess
    2. Identify the knowledge, skills, and competencies required to fulfill the responsibilities of the internal audit activity
  4. Develop and/or procure necessary knowledge, skills and competencies collectively required by the internal audit activity
  5. Exercise due professional care
  6. Promote continuing professional development
    1. Develop and implement a plan for continuing professional development for internal audit staff
    2. Enhance individual competency through continuing professional development
  7. Promote quality assurance and improvement of the internal audit activity
    1. Monitor the effectiveness of the quality assurance and improvement program
    2. Report the results of the quality assurance and improvement program to the board or other governing body
    3. Conduct quality assurance procedures and recommend improvements to the performance of the internal audit activity

II. Internal Control / Risk (25-35%) – Awareness Level (A)

A. Types of Controls (e.g., preventive, detective, input, output, etc.)

B. Management Control Techniques

C. Internal Control Framework Characteristics and Use (e.g., COSO, Cadbury)

  1. Develop and implement an organization-wide risk and control framework

D. Alternative Control Frameworks

E. Risk Vocabulary and Concepts

F. Fraud Risk Awareness

  1. Types of fraud
  2. Fraud red flags

III. Conducting Internal Audit Engagements – Audit Tools and Techniques (25-35%)

A. Data Gathering (Collect and analyze data on proposed engagements):

  1. Review previous audit reports and other relevant documentation as part of a preliminary survey of the engagement area
  2. Develop checklists/internal control questionnaires as part of a preliminary survey of the engagement area
  3. Conduct interviews as part of a preliminary survey of the engagement area
  4. Use observation to gather data
  5. Conduct engagement to assure identification of key risks and controls
  6. Sampling  (non-statistical [judgmental] sampling method, statistical sampling, discovery sampling, and statistical analyses techniques)

B. Data Analysis and Interpretation:

  1. Use computerized audit tools and techniques (e.g., data mining and extraction, continuous monitoring, automated work papers, embedded audit modules)
  2. Conduct spreadsheet analysis
  3. Use analytical review techniques (e.g., ratio estimation, variance analysis, budget vs. actual, trend analysis, other reasonableness tests)
  4. Conduct benchmarking
  5. Draw conclusions

C. Data Reporting

  1. Report test results to auditor in charge
  2. Develop preliminary conclusions regarding controls

D. Documentation / Work Papers

  1. Develop work papers

E. Process Mapping, Including Flowcharting

F. Evaluate Relevance, Sufficiency, and Competence of Evidence

  1. Identify potential sources of evidence

Part 2 >

Candidates from the following countries must refer to their local IIA Institute web-site or contact their local representative for more information about local certification processes:


The information contained on this website pertains to all other countries.