Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorCertificationBreadcrumb SeparatorCIA CertificationBreadcrumb SeparatorCIA Exam Syllabus, Part 1

​2019 CIA Exam Syllabus, Part 1 – Essentials of Internal Auditing

125 questions l 2.5 Hours (150 minutes)

The revised CIA exam Part 1 is well aligned with The IIA’s International Professional Practices Framework (IPPF) and includes six domains covering the foundation of internal auditing; independence and objectivity; proficiency and due professional care; quality assurance and improvement programs; governance, risk management, and control; and fraud risk. Part One tests candidates’ knowledge, skills, and abilities related to the International Standards for the Professional Practice of Internal Auditing, particularly the Attribute Standards (series 1000, 1100, 1200, and 1300) as well as Performance Standard 2100.​

Domains
  •   I. Foundations of Internal Auditing (15%)
    Cognitive Level
    A​ ​​Interpret The IIA's Mission of Internal Audit, Definition of Internal Auditing, and Core Principles for the Professional Practice of Internal Auditing, and the purpose, authority, and responsibility of the internal audit activity Proficient
    ​B ​Explain the requirements of an internal audit charter (required components, board approval, communication of the charter, etc.) Basic
    ​C ​Interpret the difference between assurance and consulting services provided by the internal audit activity ​Proficient
    ​D ​Demonstrate conformance with the IIA Code of Ethics ​Proficient
  •   II. ​Independence and Objectivity (15%)
    Cognitive Level
    A​ ​​Interpret organizational independence of the internal audit activity (importance of independence, functional reporting, etc.) Basic
    ​B ​Identify whether the internal audit activity has any impairments to its independence Basic
    ​C ​Assess and maintain an individual internal auditor's objectivity, including determining whether an individual internal auditor has any impairments to his/her objectivity ​Proficient
    ​D ​Analyze policies that promote objectivity ​Proficient
  •   III. Proficiency and Due Professional Care (18%)​
    Cognitive Level
    A​ ​​Recognize the knowledge, skills, and competencies required (whether developed or procured) to fulfill the responsibilities of the internal audit activity Basic
    ​B ​Demonstrate the knowledge and competencies that an internal auditor needs to possess to perform his/her individual responsibilities, including technical skills and soft skills (communication skills, critical thinking, persuasion/negotiation and collaboration skills, etc.) Proficient
    ​C Demonstrate due professional care ​Proficient
    ​D Demonstrate an individual internal auditor's competency through continuing professional development ​Proficient
  •   IV. Quality Assurance and Improvement Program (7%)​
    Cognitive Level
    A​ ​​Describe the required elements of the quality assurance and improvement program (internal assessments, external assessments, etc.) Basic
    ​B ​Describe the requirement of reporting the results of the quality assurance and improvement program to the board or other governing body Basic
    ​C ​​Identify appropriate disclosure of conformance vs. nonconformance with The IIA’s International Standards for the Professional Practice of Internal Auditing Basic
  •   V. Governance, Risk Management, and Control (35%)
    Cognitive Level
    A​ ​​Describe the concept of organizational governance Basic
    ​B ​Recognize the impact of organizational culture on the overall control environment and individual engagement risks and controls Basic
    ​C ​Recognize and interpret the organization's ethics and compliance-related issues, alleged violations, and dispositions Basic
    ​D ​Describe corporate social responsibility ​Basic
    ​E ​Interpret fundamental concepts of risk and the risk management process Proficient
    ​F ​Describe globally accepted risk management frameworks appropriate to the organization (COSO - ERM, ISO 31000, etc.) Basic
    G​ ​Examine the effectiveness of risk management within processes and functions Proficient
    ​H ​Recognize the appropriateness of the internal audit activity’s role in the organization's risk management process Basic
    ​I ​Interpret internal control concepts and types of controls Proficient
    ​J ​Apply globally accepted internal control frameworks appropriate to the organization (COSO, etc.) Proficient
    ​K ​Examine the effectiveness and efficiency of internal controls Proficient
  •   VI. Fraud Risks (10%)​
    Cognitive Level
    A​ ​​Interpret fraud risks and types of frauds and determine whether fraud risks require special consideration when conducting an engagement Proficient
    ​B ​Evaluate the potential for occurrence of fraud (red flags, etc.) and how the organization detects and manages fraud risks Proficient
    ​C ​Recommend controls to prevent and detect fraud and education to improve the organization's fraud awareness ​Proficient
    ​D ​Recognize techniques and internal audit roles related to forensic auditing (interview, investigation, testing, etc.) ​Basic

Additional noteworthy elements related to the revised CIA Part One exam syllabus:

  • IPPF elements such as the Mission of Internal Audit and Core Principles for the Professional Practice of Internal Auditing are included.
  • The syllabus features greater alignment with The IIA’s Attribute Standards.
  • The exam covers the differences between assurance and consulting engagements.
  • The exam covers appropriate disclosure of conformance vs. nonconformance with the Standards.
  • The largest domain is “Governance, Risk Management, and Control,” which makes up 35%of the exam.
  • A portion of the exam requires candidates to demonstrate a basic comprehension of concepts; another portion requires candidates to demonstrate proficiency in their knowledge, skills, and abilities.

CIA Part 1 Reference List

  • IPPF – Mission, Definition of Internal Auditing, Core Principles, Code of Ethics,
  • Standards, Implementation Guides, and Practice Guides (including GTAGs), by The IIA
  • Internal Auditing Assurance and Advisory Services, by Urton Anderson, Michael Head, and Sridhar Ramamoorti
  • Sawyer's Guide for Internal Auditors, by Larry Sawyer
  • Quality Assessment Manual, by The IIA
  • Enterprise Risk Management Framework, by COSO
  • Internal Control – Integrated Framework, by COSO
  • The Global Internal Audit Competency Framework, by The IIA
  • Position Paper “The Three Lines of Defense in Effective Risk Management and
  • Control,” by The IIA
  • Understanding Management, by Richard Daft and Dorothy Marcic
  • Current textbooks on internal auditing and relevant topics

Candidates from the following countries must refer to their local IIA Institute web-site or contact their local representative for more information about local certification processes:


The information contained on this website pertains to all other countries.