To become a Certified Internal Auditor® (CIA®) and grow your internal audit career, you have to pass the CIA Exam: the three-part test that covers the standards you need to understand to provide high-value internal audit services. Find out exactly what you’re expected to know to pass the CIA Exam Part 1, Part 2, and Part 3—so there are no surprises on your exam days.
Summary
The Certified Internal Auditor (CIA) Exam is a three-part assessment that evaluates a candidate’s proficiency in internal audit fundamentals, the planning and execution of audit engagements, and the strategic management of the internal audit function.
What’s on the CIA Exam Part 1?
Part 1 covers all things Internal Audit Fundamentals. You’ll be asked to show knowledge, understanding, and the ability to apply learning from the following topic areas:
Foundations of Internal Auditing
35% of CIA Exam Part 1 questions will test your knowledge of the purpose of internal auditing, the responsibilities of the chief audit executive, and the requirements of an internal audit charter.
You should also be able to discern the differences between assurance and advisory services within the internal audit function, as well as the types of services of each.
And finally, you must identify situations in which the internal audit function’s independence might be impaired and recognize the internal auditor’s role in the risk management process.
Ethics and Professionalism
20% of Part 1 covers all things ethics: demonstration of integrity, assessment of impaired objectivity, policy analysis, skill application, and more. You must also show due professional care and appropriate data use and confidentiality during engagements.
Governance, Risk Management, & Control
30% of exam questions will cover topics related to the concept of organizational governance, impact of organizational culture, and risk and control-related topics like:
- Interpreting risk type
- Risk management processes
- Risk management within organizational functions
- Interpreting internal control concepts and types of controls
- Design, effectiveness, and efficiency of internal controls
Fraud Risks
You’ll spend 15% of CIA Exam Part 1 answering questions on fraud risks and types, determining whether fraud risks require special consideration, evaluating fraud potential and prevention, and understanding an internal auditor’s role related to fraud investigation.
What’s on the CIA Exam Part 2?
Part 2 covers Internal Audit Engagement, including engagement planning, information gathering and analysis, and supervision and communication.
Engagement Planning
Engagement planning concepts cover 50% of Part 2. This includes determining the engagement’s objectives and scope, evaluating criteria, and planning to assess key risks and controls.
You will also need to determine the appropriate approach to an engagement and complete a detailed risk assessment of each activity under review.
Be ready to prep the engagement program and determine all level of resources and skills required.
Information Gathering, Analysis, and Evaluation
This topic area covers 40% of exam questions. You’ll be tested on your ability to:
- Identify information sources
- Evaluate evidence gathered for its relevance, sufficiency, and reliability
- Recognize technology options that develop and support fundings
- Apply analytical approaches, process mapping, and review techniques
- Compare evaluation criteria and existing conditions
- Prepare workpapers with relevant information to support results
- Summarize and develop conclusions
Engagement Supervision and Communication
10% of CIA Exam Part 2 questions test your knowledge of engagement supervision and communication. You must show the ability to apply appropriate supervision and excellent stakeholder communication throughout the engagement.
What’s on the CIA Exam Part 3?
CIA Part 3 is dedicated to the Internal Audit Function.
Internal Audit Operations
Plan to spend 25% of questions in CIA Exam Part 3 on operations concepts. This includes describing methods for planning, organizing, and monitoring internal audit operations. You should also understand managing financial, human, and IT resources within the function, and how to strategize the inclusion of stakeholder expectations and leadership communication.
Internal Audit Plan
15% of CIA Exam Part 3 will cover the audit plan, including:
- Identifying sources of potential engagements
- Developing a risk-based audit plan
- Coordinating with assurance providers to support the audit work
Quality of the Internal Audit Function
Another 15% of the exam addresses the quality of the audit. You must demonstrate understanding of the required elements of a quality insurance program, identify how to disclose nonconformance, and establish KPIs that can be clearly communicated to leadership.
Engagement Results and Monitoring
The largest portion of the exam (45%) is dedicated to the audit engagement’s results. You must:
- Recognize and demonstrate effective result reporting and communication
- Describe the engagement closing, reporting, and communication process
- Assess results to determine best course of action: develop recommendations, request action, or collaborate with management to form an action plan
- Describe the chief audit executive’s role in assessing residual risk
- Communicate risk acceptance when management chooses this pathway
- Describe how to apply and monitor action items post-engagement, and what to do if management fails to implement
How to Prepare for CIA Exam Part 1, 2, and 3
When you look at all three parts of the CIA Exam, there is a lot of information to learn. Prepping to pass requires organized discipline and dedicated study—and Becker can help you achieve both.
Becker—The IIA CIA® Exam Review is the only course built with The IIA team who wrote and administers the exam. Study content that’s 100% aligned with the topics you’ll face on exam-day, taught by expert instructors through a structure, supportive course that leverages adaptive learning tech and customized guidance to lead you to success. Try Becker’s CIA Exam Review FREE for 14 days!