CIA® 1&2

Certified Internal Auditor

Part 1&2

125 questions | 2.5 Hours (150 minutes) The revised CIA Part One is well aligned with The IIA’s International Professional Practices Framework (IPPF) and includes six domains covering the foundation of internal auditing; independence and objectivity; proficiency and due professional care; quality assurance and improvement programs; governance, risk management, and control; and fraud risk.
*Note: All items in this section of the syllabus will be tested at the Basic (B) knowledge level unless otherwise indicated below.
(B) - Basic: The candidate is responsible for comprehension and recall of information.
(P) - Proficient: The candidate is responsible not only for comprehension and recall of information but also for higher-level mastery of the content, including application, analysis, synthesis and evaluation.
1. Foundations of Internal Auditing (15%)
a. IIA’s Mission of Internal Audit, Definition and Core Principles (P)
b. Internal audit charter
c. Difference between assurance and consulting services (P)
d. IIA Code of Ethics (P)
2. Independence and Objectivity (15%)
a. Organizational independence of the internal audit activity
b. Impairments to internal audit independence
c. Individual internal auditor’s objectivity (P)
d. Policies that promote objectivity (P)
3. Proficiency and Due Professional Care (18%)
a. Knowledge, skills, and competencies of the internal audit activity
b. Knowledge and competencies that an internal auditor (P)
c. Due professional care (P)
d. Continuing professional development (P)
4. Quality Assurance and Improvement Program (7%)
a. Quality assurance and improvement program
b. Reporting the results of the quality assurance and improvement program
c. Disclosure of conformance vs. nonconformance with the Standards

5. Governance, Risk Management, and Control (35%)
a. Concept of organizational governance
b. Impact of organizational culture
c. Organization’s ethics and compliance-related issues
d. Corporate social responsibility
e. Fundamental concepts of risk and risk management process (P)
f. Globally accepted risk management frameworks
g. Effectiveness of risk management (P)
h. Internal audit role in the organization’s risk management
i. Internal control concepts and types of controls (P)
j. Globally accepted internal control frameworks (P)
k. Effectiveness and efficiency of internal controls (P)
6. Fraud Risks (10%)
a. Fraud risks and types of frauds (P)
b. Potential for occurrence of fraud (red flags, etc.) (P)
c. Recommend controls to prevent and detect fraud (P)
d. Techniques and internal audit roles related to forensic auditing

100 questions | 2.0 Hours (120 minutes)
The revised CIA Part Two includes four domains focused on managing the internal audit activity, planning the engagement, performing the engagement, and communicating engagement results and monitoring progress.
*Note: All items in this section of the syllabus will be tested at the Basic (B) knowledge level unless otherwise indicated below.
(B) - Basic: The candidate is responsible for comprehension and recall of information.
(P) - Proficient: The candidate is responsible not only for comprehension and recall of information but also for higher-level mastery of the content, including application, analysis, synthesis and evaluation.
1. Managing the Internal Audit Activity (20%)
I. Internal Audit Operations
a. Describe policies and procedures
b. Administrative activities (budgeting, resourcing, recruiting, staffing, etc.)
II. Establishing a Risk-based Internal Audit Plan
a. Sources of potential engagements
a. Risk management framework to assess risks and prioritize engagements
b. Types of assurance engagements (P)
c. Types of consulting engagements (P)
d. Coordination of internal audit efforts with other assurance providers
III. Communicating and Reporting to Senior Management and the Board
a. Communicates the annual audit plan to senior management and the board
b. Significant issues for the chief audit executive to report to the board
c. Reports on the overall effectiveness to senior management and the board
d. Internal audit key performance indicators
2. Planning the Engagement (20%)
a. Engagement objectives, criteria and scope (P)
b. Plan the engagement (P)
c. Risk assessment of each audit area (P)
d. Engagement procedures and the engagement work program (P)
e. Level of staff and resources needed for the engagement (P)

3. Performing the Engagement (40%)
I. Information Gathering
a. Gather and examine relevant information (P)
b. Checklists and risk-and-control questionnaires (P)
c. Sampling and statistical analysis techniques (P)
II. Analysis and Evaluation
a. Computerized audit tools and techniques (P)
b. Relevance, sufficiency, and reliability of potential sources of evidence (P)
c. Analytical approaches and process mapping techniques (P)
d. Analytical review techniques
e. Workpapers and documentation of relevant information (P)
f. Engagement conclusions (P)
III. Engagement Supervision
a. Key activities in supervising engagements
4. Communicating Engagement Results and Monitoring Progress (20%)
I. Engagement Results and the Acceptance of Risk
a. Preliminary communication with engagement clients (P)
b. Communication quality and elements (P)
c. Interim reporting on the engagement progress (P)
d. Recommendations to enhance and protect organizational value (P)
e. Audit engagement communication and reporting process
f. Chief audit executive’s responsibility for assessing residual risk
g. Process for communicating risk acceptance
II. Monitoring Progress a. Engagement outcomes, including the management action plan (P)
b. Monitoring and follow-up of the audit engagement results (P)