News

IIA-Australia News

How the Updated CIA® Exam Keeps Current and Relevant

by IIA-Global | Apr 08, 2019

The newly updated Certified Internal Auditor® (CIA®) exam is more current, relevant and balanced than ever.

The CIA exam tests a candidate’s knowledge and skills required for current internal auditing practices. The IIA began a process in 2017 to review the material within all three parts of the CIA exam. The CIA underwent a global job analysis study to determine the knowledge, skills, and abilities most applicable to today’s internal audit practitioners, and the study results in the revised CIA exam to reflect the evolution of the internal audit profession worldwide.

While there are important changes to all three parts of the new CIA syllabi, the most exciting changes are in Part 3. Part 3 has always been the most challenging and intimidating exam because the scope was massive. The new syllabus for Part 3 is streamlined to focus on four core areas that are the most critical for internal auditors: Business Acumen, Information Security, Information Technology, and Financial Management. To keep up with technological disruptions, it is essential for internal auditors to possess advanced technology skills such as data privacy and cybersecurity; which is why 45% of Part Three is focused on these areas. Internal audit’s roles in strategic risks and data analytics were also added.

Part 1 and Part 2 have been revised to more closely align with The IIA’s Standards. 

The new Part 1 exam assesses Attribute Standards, such as the foundations of internal auditing, fraud, and governance, risk management, and controls. The nature of internal auditors work is evaluating and contributing to the improvement of an organization’s governance, risk management, and controls processes; therefore, 35% of Part 1 is focused on these areas.

The new Part 2 focuses on Performance Standards, such as managing the internal audit activity and performing internal audit engagements. Planning and performing engagements, and communicating results are what internal auditors do every day, which is why 80% of Part 2 is focused on internal audit engagements.


Here’s a look at what specifically has been updated in each part.

Part 1 – Essentials of Internal Auditing

The CIA exam Part 1 is well aligned with The IIA’s International Professional Practices Framework (IPPF) and includes six domains covering the foundation of internal auditing; independence and objectivity; proficiency and due professional care; quality assurance and improvement programs; governance, risk management, and control; and fraud risk. Part one tests candidates’ knowledge, skills, and abilities related to the International Standards for the Professional Practice of Internal Auditing, particularly the Attribute Standards (series 1000, 1100, 1200, and 1300) as well as Performance Standard 2100.

CIA Part 1 domains are allocated as follows:

  • Foundations of Internal Auditing (15%)
  • ​Independence and Objectivity (15%)
  • Proficiency and Due Professional Care (18%)​
  • Quality Assurance and Improvement Program (7%)​
  • Governance, Risk Management, and Control (35%)
  • Fraud Risks (10%)​

    Additional noteworthy elements related to the revised Part 1 exam syllabus:

  • IPPF elements such as the Mission of Internal Audit and Core Principles for the Professional Practice of Internal Auditing are included.
  • The syllabus features greater alignment with The IIA’s Attribute Standards.
  • The exam covers the differences between assurance and consulting engagements.
  • The exam covers appropriate disclosure of conformance vs. nonconformance with the Standards.
  • The largest domain is “Governance, Risk Management, and Control,” which makes up 35%of the exam.
  • A portion of the exam requires candidates to demonstrate a basic comprehension of concepts; another portion requires candidates to demonstrate proficiency in their knowledge, skills, and abilities

Part 2 – Practice of Internal Auditing

The CIA exam Part 2 includes four domains focused on managing the internal audit activity, planning the engagement, performing the engagement, and communicating engagement results and monitoring progress. Part 2 tests candidates’ knowledge, skills, and abilities particularly related to Performance Standards (series 2000, 2200, 2300, 2400, 2500, and 2600) and current internal audit practices.

CIA Part 2 domains are allocated as follows:

  • Managing the Internal Audit Activity (20%)​
  • Planning the Engagement (20%)​
  • Performing the Engagement (40%)
  • Communicating Engagement Results and Monitoring Progress (20%)

    Additional noteworthy elements related to the revised Part 2 exam syllabus:

  • The syllabus features greater alignment with The IIA’s Performance Standards.
  • The exam covers the chief audit executive’s responsibility for assessing residual risk and communicating risk acceptance.
  • The largest domain is “Performing the Engagement,” which makes up 40% of the exam.
  • A portion of the exam requires candidates to demonstrate a basic comprehension of concepts; another portion requires candidates to demonstrate proficiency in their knowledge, skills, and abilities.

Part 3 – Business Knowledge for Internal Auditing

The CIA exam Part 3 includes four domains focused on business acumen, information security, information technology, and financial management. Part 3 is designed to test candidates’ knowledge, skills, and abilities particularly as they relate to these core business concepts.

CIA Part 3 domains are allocated as follows:

  •    I. Business Acumen (35%)
  •    II. Information Security (25%)
  •    III. Information Technology (20%)
  •    IV. Financial Management (20%)

    Additional noteworthy elements related to the revised Part 3 exam syllabus:

  • The number of topics covered on the Part 3 exam has been greatly refocused to the core areas that are most critical for internal auditors.
  • The exam syllabus features a new subdomain on data analytics.
  • The information security portion of the exam has been expanded to include additional topics such as cybersecurity risks and emerging technology practices.
  • The largest domain is “Business Acumen,” which makes up 35% of the exam.
  • A portion of the exam requires candidates to demonstrate a basic comprehension of concepts; another portion requires candidates to demonstrate proficiency in their knowledge, skills, and abilities.

Wherever your journey takes you, as the only globally recognized internal audit certification, the CIA accelerates your success as a credible and proficient internal auditor. Join the over 157,000 CIAs in 170+ countries awarded the designation that adds immeasurable distinction with only three letters.

For more information on the updated CIA exam, click here.

Comment

  1.