CIA 2013 Exam Syllabus, Part 1 – Internal Audit Basics

125 questions | 2.5 Hours (150 minutes) The new CIA exam Part 1 topics tested include aspects of mandatory guidance from the IPPF; internal control and risk concepts; as well as tools and techniques for conducting internal audit engagements. Note: All items in this section of the syllabus will be tested at the Proficiency knowledge level unless otherwise indicated below.

I. Mandatory Guidance (35(35-45%)
A. Definition of Internal Auditing 1. Define purpose, authority, and responsibility of the internal audit activity B. Code of Ethics 1. Abide by and promote compliance with The IIA Code of Ethics C. International Standards 1. Comply with The IIA's Attribute Standards 1. Determine if the purpose, authority, and responsibility of the internal audit activity are documented in audit charter, approved by the Board and communicated to the engagement clients 2. Demonstrate an understanding of the purpose, authority, and responsibility of the internal audit activity Maintain independence and objectivity 1. Foster independence 1. Understand organizational independence 2. Recognize the importance of organizational independence 3. Determine if the internal audit activity is properly aligned to achieve organizational independence 2. Foster objectivity 1. Establish policies to promote objectivity 2. Assess individual objectivity 3. Maintain individual objectivity 4. Recognize and mitigate impairments to independence and objectivity Determine if the required knowledge, skills, and competencies are available 1. Understand the knowledge, skills, and competencies that an internal auditor needs to possess 2. Identify the knowledge, skills, and competencies required to fulfill the responsibilities of the internal audit activity Develop and/or procure necessary knowledge, skills and competencies collectively required by the internal audit activity Exercise due professional care Promote continuing professional development



4. 5. 6.

Management Control Techniques C. Review previous audit reports and other relevant documentation as part of a preliminary survey of the engagement area 2. Develop checklists/internal control questionnaires as part of a preliminary survey of the engagement area 3. Develop and implement an organization-wide risk and control framework D. input.1.g. continuous monitoring. Conduct spreadsheet analysis . and statistical analyses techniques) B. Monitor the effectiveness of the quality assurance and improvement program 2. Types of Controls (e.. Data Gathering (Collect and analyze data on proposed engagements): 1. discovery sampling. preventive. Develop and implement a plan for continuing professional development for internal audit staff 2. data mining and extraction. automated work papers. Sampling (non-statistical [judgmental] sampling method. COSO. Cadbury) 1. Report the results of the quality assurance and improvement program to the board or other governing body 3. Risk Vocabulary and Concepts F. Fraud Risk Awareness 1. Use computerized audit tools and techniques (e. detective. Data Analysis and Interpretation: Interpretation: 1. Use observation to gather data 5. Conduct interviews as part of a preliminary survey of the engagement area 4. embedded audit modules) 2. Alternative Control Frameworks E. etc. Promote quality assurance and improvement of the internal audit activity 1. output... Internal Control Framework Characteristics and Use (e. statistical sampling. Conduct quality assurance procedures and recommend improvements to the performance of the internal audit activity II. Types of fraud 2. Conducting Internal Audit Engagements – Audit Tools and Techniques (28(28-38%) A.) B. Internal Control / Risk (25(25-35%) – Awareness Level (A) A. Conduct engagement to assure identification of key risks and controls 6. Enhance individual competency through continuing professional development 7.g. Fraud red flags III.g.

g. budget vs. Draw conclusions C. Develop preliminary conclusions regarding controls D. Process Mapping. Sufficiency.. actual. Evaluate Relevance. trend analysis. Report test results to auditor in charge 2.3. Identify potential sources of evidence . Develop work papers E. Including Flowcharting F. Data Reporting 1. and Competence of Evidence 1. variance analysis. Use analytical review techniques (e. Documentation / Work Papers 1. Conduct benchmarking 5. ratio estimation. other reasonableness tests) 4.

and cope with change 2. organizing. supervision. risk management. Interview candidates for internal audit positions 5. regulatory oversight bodies and other internal assurance functions 8. Assess and foster the ethical climate of the board and management 1. and report on compliance 5. directing.CIA 2013 Exam Syllabus. Coordinate IA efforts with external auditor. Formulate policies and procedures for the planning. Investigate and recommend resolution for ethics/compliance complaints. the steps to manage individual engagements (planning. Report on the effectiveness of corporate risk management processes to senior management and the board 6.0 Hours (120 minutes) The new CIA exam Part 2 topics tested include managing the internal audit function via the strategic and operational role of internal audit and establishing a risk-based plan. Report on the effectiveness of the internal control and risk management frameworks 7. Part 2 – Internal Audit Practice 100 questions | 2. and monitoring of internal audit operations 2. Note: All items in this section of the syllabus will be tested at the Proficiency knowledge level unless otherwise indicated below. Operational Role Role of IA 1. conflict of interest). Strategic Role of Internal Audit 1. Maintain effective Quality Assurance Improvement Program C. Communicate internal audit key performance indicators to senior management and the board on a regular basis 7. I. Direct administrative activities (e. and determine disposition of ethics violations 2. budgeting. Educate senior management and the board on best practices in governance. Assess the adequacy of the performance measurement system. Maintain and administer business conduct policy (e.g. as well as fraud risks and controls. Organize and lead a team in mapping. manage. and compliance 6. Managing the Internal Audit Function (40(40-50%) A..g. achievement of corporate objective – Awareness Level (A) B. Initiate. and business process improvement 4. Build and maintain networking with other organization executives and the audit committee 3. Establish RiskRisk-Based IA Plan . analysis. and monitoring outcomes). Review the role of the internal audit function within the risk management framework 3. human resources) of the internal audit department 4. control. communicating results.. be a change catalyst.

Plan engagement to assure identification of key risks and controls 3.1 Risk and control self-assessments a) Facilitated approach (1) Client-facilitated (2) Audit-facilitated b) Questionnaire approach c) Self-certification approach a.5 Security audit engagements a. Compliance audit engagements 3. and work with others toward shared goals . Complete a detailed risk assessment of each audit area (prioritize or evaluate risk/control factors) 4. Use a risk framework to identify sources of potential engagements (e. Direct / supervise individual engagements 2. and industry knowledge to identify new internal audit engagement opportunities 2. audit universe.g.3 Quality audit engagements a. Establish a framework for assessing risk 4. Types of engagements 1.2 Business process mapping c. Identify internal audit resource requirements for annual IA plan 6.9 Financial audit engagements 2.1.7 Performance audit engagements (key performance indicators) a. Determine the level of staff and resources needed for the engagement 6. product. Rank and validate risk priorities to prioritize engagements in the audit plan 5. audit cycle requirements. Managing Individual Engagements (40(40-50%) A.4 System development reviews c.3 Benchmarking c. Nurture instrumental relations.6 Privacy audit engagements a. Consulting engagements c. Conduct assurance engagements a.1 Internal control training c. management requests. build bonds. Plan Engagements 1. Construct audit staff schedule for effective use of time B. Establish engagement objectives/criteria and finalize the scope of the engagement 2.2 Audits of third parties and contract auditing a. Use market.4 Due diligence audit engagements a.8 Operational audit engagements (efficiency and effectiveness) a. Supervise Engagement 1. regulatory mandates) 3.. Communicate areas of significant risk and obtain approval from the board for the annual engagement plan 7.5 Design of performance measurement systems II. Determine engagement procedures and prepare engagement work program 5.

7. Complete performance appraisals of engagement staff C. Determine if any suspected fraud merits investigation D. and encourage the reporting of improprieties G. Identify appropriate method to monitor engagement outcomes 2. Review work papers 5. 3. Initiate preliminary communication with engagement clients Communicate interim progress Develop recommendations when appropriate Prepare report or other communication Approve engagement report Determine distribution of the report Obtain management response to the report Report outcomes to appropriate parties D. Complete a process review to improve controls to prevent fraud and recommend changes E. Forensic auditing – Awareness Level (A) . Communicate Engagement Results 1. Interrogation/investigative techniques – Awareness Level (A) H. 2. Report significant audit issues to senior management and the board periodically III. Consider the potential for fraud risks and identify common types of fraud associated with the engagement area during the engagement planning process B. 4. 8. Coordinate work assignments among audit team members when serving as the auditorin-charge of a project 4. Conduct follow-up and report on management's response to internal audit recommendations 4. Support a culture of fraud awareness. Conduct exit conference 6. Employ audit tests to detect fraud F. Fraud Risks and Controls (5(5-15%) A. Monitor Engagement Engagement Outcomes 1. 6.3. Determine if fraud risks require special consideration when conducting an engagement C. Monitor engagement outcomes and conduct appropriate follow-up by the internal audit activity 3. 5.

Risk Management Techniques B. The International Organization for Standardization (ISO) Framework Framework I. Structure (e. Business Development Life Cycles H. communication. theory of constraints) E. Part 3 – Internal Audit Knowledge Elements 100 questions | 2. information technology and business continuity. Outsourcing Business Processes . I. supplysupply-chain management) D. Corporate Social Social Responsibility II..Proficiency Level (P) A. and the global business environment. centralized/decentralized) C. management. procurement. Governance / Business Ethics (5(5-15%) A. including business processes and risks. Organizational Use of Risk Frameworks III. Risk/Control Implications of Different Organizational Organizational Structures B. knowledge. financial management. Electronic Funds Transfer (EFT)/Electronic Data Interchange (EDI)/E(EDI)/E-commerce G. Corporate/Organizational Governance Principles – Proficiency Level (P) B.0 Hours (120 minutes) The new CIA exam Part 3 topics tested include governance and business ethics.g. Note: All items in this section of the syllabus will be tested at the Awareness knowledge level unless otherwise indicated below. Inventory Management Techniques and Concepts F. Organizational Structure/Business Processes and Risks (15 (15-25%) A.g. Typical Schemes in Various Business Cycles (e. organizational structure. workflow analysis and bottleneck management. Business Process Analysis (e.CIA 2013 Exam Syllabus. Environmental and Social Safeguards C.. management and leadership principles.. risk management. sales.g. Risk Management (10(10-20%)20%).

Stakeholder Relationships V.IV. building organizational commitment and entrepreneurial orientation 2. Industry environments 1.g. Global analytical techniques 1. Communication (5(5-10%) A. impact of computerization) B.) C. Market signals 5. Lead. Performance (productivity. Organizational Behavior Organizational theory (structures and configurations) Organizational behavior (e. staff development) 5. Decision analysis B. Management / Leadership Principles (10(10-20%) A.. Six Sigma) 6.. impact of job design.g. development stages. schedules) Group dynamics (e. effectiveness) Knowledge of human resource processes (e. Competitive analysis 4. . Quality management (e. Risk/control implications of different leadership styles 6. Evolution of global markets 3. Competitive strategies (e. rewards.. Entry into new businesses 4. Trends affecting competition 3. 4. personnel sourcing/staffing. Forecasting 5. Create group synergy in pursuing collective goals 1. Porter's model) 3.g. Capacity expansion 3. Industry evolution 2. Declining industries 2. Strategic decisions 1. inspire. motivation. effectiveness. Emerging industries 3.g. individual performance management. supervision. 3. Communication (e.g. etc. Competitive strategies related to: 1. mentor.g. Sources/impediments 2.. 2. the process. Strategic Management 1. organizational politics.. organizational dynamics. Competition in global industries 1. Strategic alternatives 4. traits.. and guide people. Analysis of integration strategies 2. Management Skills/Leadership Styles 1. Structural analysis of industries 2. Fragmented industries 2. TQM.

2. Functional areas of IT operations (e. Software licensing 9..g. Databases 3.. viruses.g. IT control frameworks (e. Team-building and assessing team performance D. eSAC. privacy) Application authentication Encryption B.g. Business Continuity 1. IT contingency planning . and compromise) Negotiation skills Conflict management Added-value negotiating E. 2. 3. voice. 3. 4. End-user computing Change control Systems development methodology Application development Information systems development C. Project Management / Change Management Management 1.3. Change management 2. Workstations 2. 5. Operating systems 11. 4. SAP R/3) 6. and network communications/connections (e. System Infrastructure 1. LAN. Conflict resolution (e. access control) Information protection (e. VAN. Project management techniques VI.g. 2.g. Mainframe 10. Web infrastructure D. 3. Conflict Management 1. cooperative. Physical/system security (e. data center operations) 5.. Application Development 1. Data.. 4. Server 8. Enterprise-wide resource planning (ERP) software (e. and WAN) 7. COBIT) 4. IT / Business Continuity (15(15-25%) A..g..g.. competitive. firewalls. Security 1.

. treasury functions) 8. pensions. statements.VII. Intermediate concepts of financial accounting (e. derivatives) 7. 3.. Inventory valuation 11.g.g. Financial instruments (e. Business valuation 10. consolidation. Taxation schemes (e. Financial Management (13(13-23%) A.. intangible assets. Cultural / Political Environments 1. activity-based. 2. partnerships.g.g. 4. 3. Managing multicultural teams C.. Cash management (e.g. Economic / Financial Environments 1...g. 4. 3. cost of capital evaluation) 12.. terminology. General concepts Costing systems (e.. tax shelters. foreign currency transactions) 4. Global Business Environment (0(0-10%) A. Advanced concepts of financial accounting (e..g.g. standard) Cost concepts (e. relationships) 2.g. international. 8. contracts) . Balancing global requirements and local imperatives Global mindsets (personal characteristics/competencies) Sources and methods for managing complexities and contradictions. absorption. Types of debt and equity 6. multinational. Financial Accounting and Finance 1. RandD) 3.g. Financial statement analysis (e. 5. fixed) Relevant cost Cost-volume-profit analysis Transfer pricing Responsibility accounting Operating budget VIII. 2. bonds. VAT) B. Capital budgeting (e. ratios) 5. and multi-local compared and contrasted Requirements for entering the global marketplace Creating organizational adaptability Managing training and development B. 2. 4. Valuation models 9.. 7. variable. Global. Managerial Accounting 1.g. 6. leases.. Legal and Economics — General Concepts (e. Basic concepts and underlying principles of financial accounting (e.

.D. trade legislation) Candidates from the following countries must refer to their local IIA Institute web-site or contact their local representative for more information about local certification processes: Argentina Australia Austria Belgium Brazil Bulgaria China Chinese Taiwan Czech Republic France Germany Greece Indonesia Italy Japan Korea Malaysia Mexico Morocco Netherlands New Zealand Norway Philippines Singapore South Africa Spain Sweden Switzerland Thailand Turkey The information contained on the Global IIA website pertains to all other countries. . Impact of Government Legislation and Regulation on Business (e.g.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.