CIA-II Exam Information and Guideline
IIA Certified Internal Auditor Part 2 (Practice of Internal Auditing CIA Part 2)
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
2019 CIA Exam Syllabus, Part 2 – Practice of Internal Auditing
100 questions l 2.0 Hours (120 minutes)
The CIA exam Part 2 includes four domains focused on managing the internal audit activity, planning the engagement, performing the engagement, and communicating engagement results and monitoring progress. Part 2 tests candidates knowledge, skills, and abilities particularly related to Performance Standards (series 2000, 2200, 2300, 2400, 2500, and 2600) and current internal audit practices.
Domains Collapse All
I. Managing the Internal Audit Activity (20%)
Cognitive Level
1. Internal Audit Operations
A Describe policies and procedures for the planning, organizing, directing, and monitoring of internal audit operations Basic
B Interpret administrative activities (budgeting, resourcing, recruiting, staffing, etc.) of the internal audit activity Basic
2. Establishing a Risk-based Internal Audit Plan
A Identify sources of potential engagements (audit universe, audit cycle requirements, management requests, regulatory mandates, relevant market and industry trends, emerging issues, etc.) Basic
B Identify a risk management framework to assess risks and prioritize audit engagements based on the results of a risk assessment Basic
C Interpret the types of assurance engagements (risk and control assessments, audits of third parties and contract compliance, security and privacy, performance and quality audits, key performance indicators, operational audits, financial and regulatory compliance audits) Proficient
D Interpret the types of consulting engagements (training, system design, system development, due diligence, privacy, benchmarking, internal control assessment, process mapping, etc.) designed to provide advice and insight Proficient
E Describe coordination of internal audit efforts with the external auditor, regulatory oversight bodies, and other internal assurance functions, and potential reliance on other assurance providers Basic
3. Communicating and Reporting to Senior Management and the Board
A Recognize that the chief audit executive communicates the annual audit plan to senior management and the board and seeks the board's approval Basic
B Identify significant risk exposures and control and governance issues for the chief audit executive to report to the board Basic
C Recognize that the chief audit executive reports on the overall effectiveness of the organization's internal control and risk management processes to senior management and the board Basic
D Recognize internal audit key performance indicators that the chief audit executive communicates to senior management and the board periodically Basic
II. Planning the Engagement (20%)
Cognitive Level
1. Engagement Planning
A Determine engagement objectives, evaluation criteria, and the scope of the engagement Proficient
B Plan the engagement to assure identification of key risks and controls Proficient
C Complete a detailed risk assessment of each audit area, including evaluating and prioritizing risk and control factors Proficient
D Determine engagement procedures and prepare the engagement work program Proficient
E Determine the level of staff and resources needed for the engagement Proficient
III. Performing the Engagement (40%)
Cognitive Level
1. Information Gathering
A Gather and examine relevant information (review previous audit reports and data, conduct walk-throughs and interviews, perform observations, etc.) as part of a preliminary survey of the engagement area Proficient
B Develop checklists and risk-and-control questionnaires as part of a preliminary survey of the engagement area Proficient
C Apply appropriate sampling (nonstatistical, judgmental, discovery, etc.) and statistical analysis techniques Proficient
2. Analysis and Evaluation
A Use computerized audit tools and techniques (data mining and extraction, continuous monitoring, automated workpapers, embedded audit modules, etc.) Proficient
B Evaluate the relevance, sufficiency, and reliability of potential sources of evidence Proficient
C Apply appropriate analytical approaches and process mapping techniques (process identification, workflow analysis, process map generation and analysis, spaghetti maps, RACI diagrams, etc.) Proficient
D Determine and apply analytical review techniques (ratio estimation, variance analysis, budget vs. actual, trend analysis, other reasonableness tests, benchmarking, etc.) Basic
E Prepare workpapers and documentation of relevant information to support conclusions and engagement results Proficient
F Summarize and develop engagement conclusions, including assessment of risks and controls Proficient
3. Engagement Supervision
A Identify key activities in supervising engagements (coordinate work assignments, review workpapers, evaluate auditors' performance, etc.) Basic
IV. Communicating Engagement Results and Monitoring Progress (20%)
Cognitive Level
1. Communicating Engagement Results and the Acceptance of Risk
A Arrange preliminary communication with engagement clients Proficient
B Demonstrate communication quality (accurate, objective, clear, concise, constructive, complete, and timely) and elements (objectives, scope, conclusions, recommendations, and action plan) Proficient
C Prepare interim reporting on the engagement progress Proficient
D Formulate recommendations to enhance and protect organizational value Proficient
E Describe the audit engagement communication and reporting process, including holding the exit conference, developing the audit report (draft, review, approve, and distribute), and obtaining management's response Basic
F Describe the chief audit executive's responsibility for assessing residual risk Basic
G Describe the process for communicating risk acceptance (when management has accepted a level of risk that may be unacceptable to the organization) Basic
2. Monitoring Progress
A Assess engagement outcomes, including the management action plan Proficient
B Manage monitoring and follow-up of the disposition of audit engagement results communicated to management and the board Proficient
Additional noteworthy elements related to the revised CIA Part Two exam syllabus:
The syllabus features greater alignment with The IIAs Performance Standards.
The exam covers the chief audit executives responsibility for assessing residual risk and communicating risk acceptance.
The largest domain is “Performing the Engagement,” which makes up 40% of the exam.
A portion of the exam requires candidates to demonstrate a basic comprehension of concepts; another portion requires candidates to demonstrate proficiency in their knowledge, skills, and abilities.