CIA-I Exam Format | CIA-I Course Contents | CIA-I Course Outline | CIA-I Exam Syllabus | CIA-I Exam Objectives

Part 1 – Essentials of Internal Auditing

125 questions I 2.5 hours (150 minutes)



The CIA exam Part 1 is well aligned with The IIAs International Professional Practices Framework (IPPF) and includes six domains covering the foundation of internal auditing; independence and objectivity; proficiency and due professional care; quality assurance and improvement programs; governance, risk management, and control; and fraud risk. Part one tests candidates knowledge, skills, and abilities related to the International Standards for the Professional Practice of Internal Auditing, particularly the Attribute Standards (series 1000, 1100, 1200, and 1300) as well as Performance Standard 2100.



Part 2 – Practice of Internal Auditing

100 questions I 2.0 hours (120 minutes)



The CIA exam Part 2 includes four domains focused on managing the internal audit activity, planning the engagement, performing the engagement, and communicating engagement results and monitoring progress. Part 2 tests candidates knowledge, skills, and abilities particularly related to Performance Standards (series 2000, 2200, 2300, 2400, 2500, and 2600) and current internal audit practices.



Part 3 – Business Knowledge for Internal Auditing

100 questions I 2.0 hours (120 minutes)



The CIA exam Part 3 includes four domains focused on business acumen, information security, information technology, and financial management. Part Three is designed to test candidates knowledge, skills, and abilities particularly as they relate to these core business concepts.



CIA Exam Development and Scoring

The CIA exam is developed following best practices with the support of experts and professionals. Learn more about the exam development process and how exams are scored.



The revised CIA exam Part 1 is well aligned with The IIAs International Professional Practices Framework (IPPF) and includes six domains covering the foundation of internal auditing; independence and objectivity; proficiency and due professional care; quality assurance and improvement programs; governance, risk management, and control; and fraud risk. Part One tests candidates knowledge, skills, and abilities related to the International Standards for the Professional Practice of Internal Auditing, particularly the Attribute Standards (series 1000, 1100, 1200, and 1300) as well as Performance Standard 2100.​


Domains Collapse All

I. Foundations of Internal Auditing (15%)

​ ​ ​Cognitive Level

A​ ​​Interpret The IIA's Mission of Internal Audit, Definition of Internal Auditing, and Core Principles for the Professional Practice of Internal Auditing, and the purpose, authority, and responsibility of the internal audit activity Proficient

​B ​Explain the requirements of an internal audit charter (required components, board approval, communication of the charter, etc.) Basic

​C ​Interpret the difference between assurance and consulting services provided by the internal audit activity ​Proficient

​D ​Demonstrate conformance with the IIA Code of Ethics ​​Proficient

II. ​Independence and Objectivity (15%)

​ ​ ​Cognitive Level

A​ ​​Interpret organizational independence of the internal audit activity (importance of independence, functional reporting, etc.) Basic

​B ​Identify whether the internal audit activity has any impairments to its independence Basic

​C ​Assess and maintain an individual internal auditor's objectivity, including determining whether an individual internal auditor has any impairments to his/her objectivity ​Proficient

​D ​Analyze policies that promote objectivity ​​Proficient

III. Proficiency and Due Professional Care (18%)​

​ ​ ​Cognitive Level

A​ ​​Recognize the knowledge, skills, and competencies required (whether developed or procured) to fulfill the responsibilities of the internal audit activity Basic

​B ​Demonstrate the knowledge and competencies that an internal auditor needs to possess to perform his/her individual responsibilities, including technical skills and soft skills (communication skills, critical thinking, persuasion/negotiation and collaboration skills, etc.) Proficient

​C Demonstrate due professional care ​Proficient

​D Demonstrate an individual internal auditor's competency through continuing professional development ​​Proficient

IV. Quality Assurance and Improvement Program (7%)​

​ ​ ​Cognitive Level

A​ ​​Describe the required elements of the quality assurance and improvement program (internal assessments, external assessments, etc.) Basic

​B ​Describe the requirement of reporting the results of the quality assurance and improvement program to the board or other governing body Basic

​C ​​Identify appropriate disclosure of conformance vs. nonconformance with The IIAs International Standards for the Professional Practice of Internal Auditing Basic

V. Governance, Risk Management, and Control (35%)

​ ​ ​Cognitive Level

A​ ​​Describe the concept of organizational governance Basic

​B ​Recognize the impact of organizational culture on the overall control environment and individual engagement risks and controls Basic

​C ​Recognize and interpret the organization's ethics and compliance-related issues, alleged violations, and dispositions ​Basic

​D ​Describe corporate social responsibility ​​Basic

​E ​Interpret fundamental concepts of risk and the risk management process Proficient​

​F ​Describe globally accepted risk management frameworks appropriate to the organization (COSO - ERM, ISO 31000, etc.) Basic​

G​ ​Examine the effectiveness of risk management within processes and functions ​Proficient

​H ​Recognize the appropriateness of the internal audit activitys role in the organization's risk management process ​Basic

​I ​Interpret internal control concepts and types of controls ​Proficient

​J ​Apply globally accepted internal control frameworks appropriate to the organization (COSO, etc.) ​Proficient

​K ​Examine the effectiveness and efficiency of internal controls Proficient​

VI. Fraud Risks (10%)​

​ ​ ​Cognitive Level

A​ ​​Interpret fraud risks and types of frauds and determine whether fraud risks require special consideration when conducting an engagement Proficient

​B ​Evaluate the potential for occurrence of fraud (red flags, etc.) and how the organization detects and manages fraud risks Proficient

​C ​Recommend controls to prevent and detect fraud and education to improve the organization's fraud awareness ​Proficient

​D ​Recognize techniques and internal audit roles related to forensic auditing (interview, investigation, testing, etc.) ​​Basic

Additional noteworthy elements related to the revised CIA Part One exam syllabus:



IPPF elements such as the Mission of Internal Audit and Core Principles for the Professional Practice of Internal Auditing are included.

The syllabus features greater alignment with The IIAs Attribute Standards.

The exam covers the differences between assurance and consulting engagements.

The exam covers appropriate disclosure of conformance vs. nonconformance with the Standards.

The largest domain is “Governance, Risk Management, and Control,” which makes up 35%of the exam.

A portion of the exam requires candidates to demonstrate a basic comprehension of concepts; another portion requires candidates to demonstrate proficiency in their knowledge, skills, and abilities.



The Certified Internal Auditor® (CIA®) exam is developed following best practices with the support of experts and professionals. In accordance with exam development industry standards, a job analysis study is conducted with a diverse and experienced group of internal auditors to identify the essential knowledge and skills required for internal auditors.

This information is then distributed more broadly to the field through an online survey to obtain additional feedback from internal auditors around the world, to validate its importance and ensure that it reflects current internal audit practices.

Based on the results of the global job analysis study, the CIA exam syllabus is developed. The exam syllabus guides the development of exam questions to ensure the fairness and validity of the exam.