This action might not be possible to undo. Are you sure you want to continue?
125 questions | 2.5 Hours (150 minutes) The new CIA exam Part 1 topics tested include aspects of mandatory guidance from the IPPF; internal control and risk concepts; as well as tools and techniques for conducting internal audit engagements. Note: All items in this section of the syllabus will be tested at the Proficiency knowledge level unless otherwise indicated below.
I. Mandatory Guidance (35(35-45%)
A. Definition of Internal Auditing 1. Define purpose, authority, and responsibility of the internal audit activity B. Code of Ethics 1. Abide by and promote compliance with The IIA Code of Ethics C. International Standards 1. Comply with The IIA's Attribute Standards 1. Determine if the purpose, authority, and responsibility of the internal audit activity are documented in audit charter, approved by the Board and communicated to the engagement clients 2. Demonstrate an understanding of the purpose, authority, and responsibility of the internal audit activity Maintain independence and objectivity 1. Foster independence 1. Understand organizational independence 2. Recognize the importance of organizational independence 3. Determine if the internal audit activity is properly aligned to achieve organizational independence 2. Foster objectivity 1. Establish policies to promote objectivity 2. Assess individual objectivity 3. Maintain individual objectivity 4. Recognize and mitigate impairments to independence and objectivity Determine if the required knowledge, skills, and competencies are available 1. Understand the knowledge, skills, and competencies that an internal auditor needs to possess 2. Identify the knowledge, skills, and competencies required to fulfill the responsibilities of the internal audit activity Develop and/or procure necessary knowledge, skills and competencies collectively required by the internal audit activity Exercise due professional care Promote continuing professional development
4. 5. 6.
Conduct engagement to assure identification of key risks and controls 6. discovery sampling. input. Data Gathering (Collect and analyze data on proposed engagements): 1. Data Analysis and Interpretation: Interpretation: 1.g.. Conduct quality assurance procedures and recommend improvements to the performance of the internal audit activity II. output. Develop and implement an organization-wide risk and control framework D. Conduct interviews as part of a preliminary survey of the engagement area 4. data mining and extraction. Conducting Internal Audit Engagements – Audit Tools and Techniques (28(28-38%) A. Risk Vocabulary and Concepts F.g. Enhance individual competency through continuing professional development 7. Management Control Techniques C..g. Alternative Control Frameworks E. Monitor the effectiveness of the quality assurance and improvement program 2.) B. Use computerized audit tools and techniques (e. etc. Use observation to gather data 5. Types of fraud 2. COSO. automated work papers. Sampling (non-statistical [judgmental] sampling method.. Promote quality assurance and improvement of the internal audit activity 1. Develop and implement a plan for continuing professional development for internal audit staff 2. Review previous audit reports and other relevant documentation as part of a preliminary survey of the engagement area 2. Internal Control / Risk (25(25-35%) – Awareness Level (A) A. statistical sampling. Types of Controls (e. and statistical analyses techniques) B. Conduct spreadsheet analysis . detective. continuous monitoring. Report the results of the quality assurance and improvement program to the board or other governing body 3. Develop checklists/internal control questionnaires as part of a preliminary survey of the engagement area 3. Fraud Risk Awareness 1. preventive.1. Cadbury) 1. embedded audit modules) 2. Fraud red flags III. Internal Control Framework Characteristics and Use (e.
3. Conduct benchmarking 5. budget vs. and Competence of Evidence 1.g. Report test results to auditor in charge 2. Process Mapping. variance analysis. Sufficiency. other reasonableness tests) 4. Data Reporting 1. actual. Including Flowcharting F. Documentation / Work Papers 1. Develop preliminary conclusions regarding controls D. Identify potential sources of evidence . Develop work papers E.. Use analytical review techniques (e. trend analysis. ratio estimation. Draw conclusions C. Evaluate Relevance.
analysis. Report on the effectiveness of corporate risk management processes to senior management and the board 6. and business process improvement 4. be a change catalyst. and determine disposition of ethics violations 2. human resources) of the internal audit department 4. Formulate policies and procedures for the planning.g. and report on compliance 5.0 Hours (120 minutes) The new CIA exam Part 2 topics tested include managing the internal audit function via the strategic and operational role of internal audit and establishing a risk-based plan. Assess the adequacy of the performance measurement system. manage. Maintain effective Quality Assurance Improvement Program C.CIA 2013 Exam Syllabus. supervision. Communicate internal audit key performance indicators to senior management and the board on a regular basis 7. Direct administrative activities (e.g. Strategic Role of Internal Audit 1. Initiate. Interview candidates for internal audit positions 5. organizing. I. risk management. and compliance 6. Investigate and recommend resolution for ethics/compliance complaints. Maintain and administer business conduct policy (e. control.. Assess and foster the ethical climate of the board and management 1. achievement of corporate objective – Awareness Level (A) B. Establish RiskRisk-Based IA Plan . Review the role of the internal audit function within the risk management framework 3. as well as fraud risks and controls. Organize and lead a team in mapping. Managing the Internal Audit Function (40(40-50%) A. regulatory oversight bodies and other internal assurance functions 8.. Educate senior management and the board on best practices in governance. Build and maintain networking with other organization executives and the audit committee 3. conflict of interest). Report on the effectiveness of the internal control and risk management frameworks 7. Operational Role Role of IA 1. Coordinate IA efforts with external auditor. and monitoring outcomes). the steps to manage individual engagements (planning. Part 2 – Internal Audit Practice 100 questions | 2. communicating results. directing. Note: All items in this section of the syllabus will be tested at the Proficiency knowledge level unless otherwise indicated below. and monitoring of internal audit operations 2. and cope with change 2. budgeting.
Use a risk framework to identify sources of potential engagements (e. Complete a detailed risk assessment of each audit area (prioritize or evaluate risk/control factors) 4.3 Quality audit engagements a.. Direct / supervise individual engagements 2. Managing Individual Engagements (40(40-50%) A.1. Determine engagement procedures and prepare engagement work program 5.2 Business process mapping c. and industry knowledge to identify new internal audit engagement opportunities 2. Plan Engagements 1. Communicate areas of significant risk and obtain approval from the board for the annual engagement plan 7. Determine the level of staff and resources needed for the engagement 6.5 Design of performance measurement systems II.7 Performance audit engagements (key performance indicators) a.g. regulatory mandates) 3. Establish a framework for assessing risk 4.8 Operational audit engagements (efficiency and effectiveness) a. product.4 System development reviews c.6 Privacy audit engagements a. build bonds. Consulting engagements c. Types of engagements 1. Conduct assurance engagements a.1 Risk and control self-assessments a) Facilitated approach (1) Client-facilitated (2) Audit-facilitated b) Questionnaire approach c) Self-certification approach a.1 Internal control training c. Construct audit staff schedule for effective use of time B. Supervise Engagement 1. management requests. Establish engagement objectives/criteria and finalize the scope of the engagement 2. Nurture instrumental relations.5 Security audit engagements a. Plan engagement to assure identification of key risks and controls 3. Rank and validate risk priorities to prioritize engagements in the audit plan 5.2 Audits of third parties and contract auditing a. audit cycle requirements.9 Financial audit engagements 2. Identify internal audit resource requirements for annual IA plan 6. audit universe. and work with others toward shared goals . Compliance audit engagements 3. Use market.3 Benchmarking c.4 Due diligence audit engagements a.
Support a culture of fraud awareness. Complete performance appraisals of engagement staff C. Interrogation/investigative techniques – Awareness Level (A) H. Coordinate work assignments among audit team members when serving as the auditorin-charge of a project 4. Determine if fraud risks require special consideration when conducting an engagement C. Conduct follow-up and report on management's response to internal audit recommendations 4. Forensic auditing – Awareness Level (A) . Communicate Engagement Results 1. and encourage the reporting of improprieties G. Employ audit tests to detect fraud F. Monitor engagement outcomes and conduct appropriate follow-up by the internal audit activity 3. 4. Monitor Engagement Engagement Outcomes 1. 6. Initiate preliminary communication with engagement clients Communicate interim progress Develop recommendations when appropriate Prepare report or other communication Approve engagement report Determine distribution of the report Obtain management response to the report Report outcomes to appropriate parties D. 5. 8. Conduct exit conference 6. Determine if any suspected fraud merits investigation D. Review work papers 5.3. 3. Identify appropriate method to monitor engagement outcomes 2. Complete a process review to improve controls to prevent fraud and recommend changes E. Fraud Risks and Controls (5(5-15%) A. 2. 7. Consider the potential for fraud risks and identify common types of fraud associated with the engagement area during the engagement planning process B. Report significant audit issues to senior management and the board periodically III.
. sales. Note: All items in this section of the syllabus will be tested at the Awareness knowledge level unless otherwise indicated below.Proficiency Level (P) A. Risk Management Techniques B. procurement. management and leadership principles. organizational structure. theory of constraints) E. Risk Management (10(10-20%)20%). centralized/decentralized) C. and the global business environment.g. Typical Schemes in Various Business Cycles (e. Organizational Structure/Business Processes and Risks (15 (15-25%) A. Governance / Business Ethics (5(5-15%) A. Structure (e. information technology and business continuity. management. supplysupply-chain management) D. Risk/Control Implications of Different Organizational Organizational Structures B.g.CIA 2013 Exam Syllabus. Corporate/Organizational Governance Principles – Proficiency Level (P) B. Business Development Life Cycles H. Inventory Management Techniques and Concepts F.g. Organizational Use of Risk Frameworks III. Environmental and Social Safeguards C. Corporate Social Social Responsibility II. Outsourcing Business Processes . Part 3 – Internal Audit Knowledge Elements 100 questions | 2.. Business Process Analysis (e. financial management. communication. including business processes and risks. risk management. knowledge. The International Organization for Standardization (ISO) Framework Framework I.0 Hours (120 minutes) The new CIA exam Part 3 topics tested include governance and business ethics. Electronic Funds Transfer (EFT)/Electronic Data Interchange (EDI)/E(EDI)/E-commerce G. I.. workflow analysis and bottleneck management.
Organizational Behavior Organizational theory (structures and configurations) Organizational behavior (e. Sources/impediments 2. impact of job design. individual performance management. Declining industries 2. Global analytical techniques 1.g. the process. Competitive analysis 4. effectiveness. personnel sourcing/staffing. development stages. . Capacity expansion 3. motivation. organizational politics. Competitive strategies (e.. etc. Industry evolution 2.g. Six Sigma) 6. Management Skills/Leadership Styles 1. schedules) Group dynamics (e. Lead. Structural analysis of industries 2. 3.IV.. impact of computerization) B. supervision. TQM.) C. Stakeholder Relationships V. Risk/control implications of different leadership styles 6. 4. effectiveness) Knowledge of human resource processes (e. Porter's model) 3.. Competitive strategies related to: 1. Create group synergy in pursuing collective goals 1.g. Competition in global industries 1. Communication (5(5-10%) A... Emerging industries 3. Management / Leadership Principles (10(10-20%) A. organizational dynamics. staff development) 5.. 2. Strategic Management 1. Industry environments 1. Analysis of integration strategies 2. Forecasting 5. Evolution of global markets 3. Strategic alternatives 4. Market signals 5. building organizational commitment and entrepreneurial orientation 2. Fragmented industries 2. Strategic decisions 1.g. Entry into new businesses 4. Quality management (e.g. mentor.g. Decision analysis B. rewards. and guide people. Performance (productivity. Trends affecting competition 3. Communication (e. inspire. traits.
4. SAP R/3) 6. Application Development 1. 3. and WAN) 7. and network communications/connections (e.. competitive. Software licensing 9. VAN.g. Operating systems 11. Security 1. 3.g.. Conflict resolution (e. Functional areas of IT operations (e. Databases 3. eSAC. System Infrastructure 1. Business Continuity 1. Workstations 2.g... Project Management / Change Management Management 1. End-user computing Change control Systems development methodology Application development Information systems development C. 3. IT contingency planning . Web infrastructure D. 2. 2. Physical/system security (e. Team-building and assessing team performance D.g. COBIT) 4.. Enterprise-wide resource planning (ERP) software (e. voice. firewalls.3. IT control frameworks (e. 5.g. Server 8. IT / Business Continuity (15(15-25%) A. Mainframe 10. Data.g. privacy) Application authentication Encryption B.g... and compromise) Negotiation skills Conflict management Added-value negotiating E. Project management techniques VI. 4. Conflict Management 1. viruses. 4. Change management 2. data center operations) 5. LAN. 2. access control) Information protection (e. cooperative.
General concepts Costing systems (e.. RandD) 3. 2. Balancing global requirements and local imperatives Global mindsets (personal characteristics/competencies) Sources and methods for managing complexities and contradictions. leases.g. Economic / Financial Environments 1. Taxation schemes (e. ratios) 5. tax shelters. multinational. Cultural / Political Environments 1. Intermediate concepts of financial accounting (e. treasury functions) 8. Valuation models 9. standard) Cost concepts (e. fixed) Relevant cost Cost-volume-profit analysis Transfer pricing Responsibility accounting Operating budget VIII..g.. relationships) 2. Financial Accounting and Finance 1. Basic concepts and underlying principles of financial accounting (e.VII..g. consolidation.. Inventory valuation 11. 7. terminology. Capital budgeting (e... 4. cost of capital evaluation) 12. international. 3. Business valuation 10. and multi-local compared and contrasted Requirements for entering the global marketplace Creating organizational adaptability Managing training and development B.g.. Global Business Environment (0(0-10%) A.. 3. Managerial Accounting 1. 2. variable. activity-based. Legal and Economics — General Concepts (e. contracts) .g.g. pensions.g.g. 4. 6.g. 2.. bonds. 5. Financial instruments (e. 4. Advanced concepts of financial accounting (e. Types of debt and equity 6.g. Global. partnerships. Managing multicultural teams C.g. absorption. intangible assets.. derivatives) 7. VAT) B. foreign currency transactions) 4. Financial statement analysis (e. statements. 8. 3. Cash management (e. Financial Management (13(13-23%) A.
D. .g. Impact of Government Legislation and Regulation on Business (e.. trade legislation) Candidates from the following countries must refer to their local IIA Institute web-site or contact their local representative for more information about local certification processes: Argentina Australia Austria Belgium Brazil Bulgaria China Chinese Taiwan Czech Republic France Germany Greece Indonesia Italy Japan Korea Malaysia Mexico Morocco Netherlands New Zealand Norway Philippines Singapore South Africa Spain Sweden Switzerland Thailand Turkey The information contained on the Global IIA website pertains to all other countries.
This action might not be possible to undo. Are you sure you want to continue?