You are on page 1of 12




NEW EXAM AVAILABILITY: The new exam is expected to be made available in English during the latter half of 2013. there are no changes to the entry and experience requirements for the CIA exam. and the findings were incorporated into the development and realignment of exam content. ■ The realignment of the exam content outline and question count for each part.CERTIFIED INTERNAL AuDITOR® (CIA®) 2013 CONTENT CHANGE OVERVIEW: This document is provided by IIA Global Headquarters to explain the impending changes to the Certified Internal Auditor® (CIA®) program scheduled for 2013.000 internal audit practitioners worldwide in the JAS allowed the Exam Development Committee (EDC) to evaluate the knowledge.globaliia. The JAS determined that the body of knowledge related to the profession of internal auditing has changed since the last exam content update in 2004.theiia. Information on exam preparation resources can be found on The IIA’s Global (www. The IIA provided current review providers with the final content outline in October 2011. Our plan is to roll out the new exam in additional languages using a phased approach. Internal Audit Practice. However. Two years of professional experience are still required to obtain the Certified Internal Auditor designation. The data examined included the frequency and importance of tasks performed by internal auditors. and Internal Audit Knowledge Elements. ENTRY AND EXPERIENCE REQUIREMENTS: At the present time. In 2011.globaliia. Individuals interested in viewing a mapping of content from the current four-part exam to the 2013 three-part exam may do so by visiting www. ■ Elimination of recognition credit previously applicable to Part 4. A more detailed timeline will be made available upon launch of the English version. and therefore needs to be adjusted to reflect those websites. 2013 Program Changes To The CIA ® Program 1 . EXAM CoNTENT: The three-part exam structure allows for the alignment of content in three segments: Internal Auditing Basics. The IIA conducted a Job Analysis Study (JAS) for the CIA. as part of the ongoing examination and North American (www. and skills required by today’s internal auditors as addressed in more than 100 knowledge statements. candidates may sit for the exam before meeting the experience requirement and receive their CIAs upon completion of the two-year experience period. Review providers have been made aware of a mid-2013 projected release for the new three-part exam. As a result of these findings. The participation of more than 40. the Professional Certifications Board (PCB) and the Board of Directors of The IIA have approved key changes to the program: ■ A new three-part exam structure. A detailed outline of the new three-part exam content is provided at the end of this brochure. CIA EXAM PREPARATIoN MATERIALS: The development of materials by review providers is independent of the exam development process. provided that the experience is acquired during the program eligibility window.

The table communicates the equivalency of items completed in the previous four-part structure and their relation to the new three-part exam. Part 4 (without Part 3) Both Part 3 and Part 4 Experience Form Character Reference Education Verification No credit given Part 3 Experience Form Character Reference Education Verification Must complete new Part 3 None None None None The new exam content and format will be as rigorous and complex as the current exam. you must complete one of the following items: • Pass Part 4 of the previous exam •A  pply and receive PRC 4 Credit through the previous exam process •A  pply for and receive Professional Experience Recognition (PER) Candidates who do not complete one of these three options within the six-month transition window will be required to take the new Part 3 exam. Candidates currently in the process of earning their CIAs are encouraged to continue their path toward certification in the current exam format. 2013 Program Changes To The CIA ® Program 2 . CANDIDATES WHO HAVE cOMPLETED: WILL REcEIVE cREDIT UNDER THE NEW STRUcTURE FOR: ADDITIONAL REQUIREMENTS FOR REcEIVING IDENTIFIED cREDIT: Application Part 1 Part 2 Part 3 (without Part 4) Application Part 1 Part 2 Part 3 None None None Within six months of the new structure implementation. Doing so will ensure that any adjustments to the implementation schedule will not affect their ability to earn the only globally recognized internal audit credential in a reasonable time frame. The IIA has developed the transition plan below to assist candidates who are in the process of earning their CIA at the time of the new exam structure’s implementation.CIA CANDIDATE TRANSITIoN PLAN: In recognition of the varying lengths of time spent by candidates earning their CIAs and the level of exam rigor.

skills. internal control and risk concepts. I. Note: Exam topics and/or formats are subject to change as approved by The IIA’s Professional Certification Board (PCB). Foster objectivity 1) Establish policies to promote objectivity 2) Assess individual objectivity 3) Maintain individual objectivity 4) Recognize and mitigate impairments to independence and objectivity 3. Exercise due professional care 6. and responsibility of the internal audit activity B. Understand the knowledge. Foster independence 1) Understand organizational independence 2) Recognize the importance of organizational independence 3) Determine if the internal audit activity is properly aligned to achieve organizational independence b. Develop and/or procure necessary knowledge. Define purpose. Code of Ethics 1. and competencies that an internal auditor needs to possess b. Definition of Internal Auditing 1. MANDATORY GuIDANcE (35–45%) A. Note: All items in this section of the syllabus will be tested at the Proficiency knowledge level unless otherwise indicated below. and competencies required to fulfill the responsibilities of the internal audit activity 4. authority. with Part 1 consisting of 125 questions and Parts 2 and 3 consisting of 100 questions each. The redesigned exam will be offered in three parts. risks and remedies. EXAM NON-DIScLOSuRE The CIA exam is a non-disclosed examination. skills. Promote continuing professional development a. and competencies are available a. and responsibility of the internal audit activity are documented in the audit charter. and competencies collectively required by the internal audit activity 5. Demonstrate an understanding of the purpose. Comply with The IIA’s Attribute Standards a. and responsibility of the internal audit activity 2. International Standards 1. PART 1 – INTERNAL AuDIT BASIcS 125 questions | 2. Determine if the required knowledge.5 Hours (150 minutes) The new CIA exam Part 1 topics tested include aspects of mandatory guidance from the IPPF. as well as tools and techniques for conducting internal audit engagements. Enhance individual competency through continuing professional development 2013 Program Changes To The CIA ® Program 3 . Develop and implement a plan for continuing professional development for internal audit staff b. Identify the knowledge. Determine if the purpose.CIA 2013 EXAM SYLLABUS The CIA exam tests a candidate’s knowledge of current internal auditing practices and understanding of internal audit issues. Abide by and promote compliance with The IIA Code of Ethics C. skills. which means current exam questions and answers will not be published or released. Maintain independence and objectivity a. approved by the Board and communicated to the engagement clients b. authority. authority. skills.

and statistical analyses techniques) B. Alternative Control Frameworks E. ratio estimation. Sufficiency. Conduct spreadsheet analysis 3. Fraud Risk Awareness 1. trend analysis. Use observation to gather data 5. Use analytical review techniques (eg. Develop work papers E. Conduct benchmarking 5. Report test results to auditor in charge 2. other reasonableness tests) 4.. and Competence of Evidence 1.. Cadbury) 1. Conduct interviews as part of a preliminary survey of the engagement area 4. Monitor the effectiveness of the quality assurance and improvement program b. etc. Risk Vocabulary and Concepts F.) B. Types of fraud 2. Develop checklists/internal control questionnaires as part of a preliminary survey of the engagement area 3. statistical sampling. discovery sampling. Types of Controls (preventive. embedded audit modules) 2. detective. Documentation / Work Papers 1. Develop and implement an organization-wide risk and control framework D. automated work papers. variance analysis. continuous monitoring. Internal Control Framework Characteristics and Use (eg. Evaluate Relevance. budget vs. Conduct engagement to assure identification of key risks and controls 6. 7. Conduct quality assurance procedures and recommend improvements to the performance of the internal audit activity II. input. Develop preliminary conclusions regarding controls D. CONDucTING INTERNAL AuDIT ENGAGEMENTS – AuDIT TOOLS AND TEcHNIQuES (25–35%) A. Process Mapping. output. Use computerized audit tools and techniques (eg. Promote quality assurance and improvement of the internal audit activity a. S  ampling (non-statistical [judgmental] sampling method. Draw conclusions C. Data Reporting 1. Data Analysis and Interpretation 1. actual. Including Flowcharting F. data mining and extraction. Review previous audit reports and other relevant documentation as part of a preliminary survey of the engagement area 2. Management Control Techniques C. COSO. Report the results of the quality assurance and improvement program to the board or other governing body c. Identify potential sources of evidence 2013 Program Changes To The CIA ® Program 4 . INTERNAL CONTROL / RISK (25–35%) – AWARENESS LEVEL (A) A. Data Gathering (Collect and analyze data on proposed engagements) 1. Fraud red flags III..

Review the role of the internal audit function within the risk management framework 3. Formulate policies and procedures for the planning.0 Hours (120 minutes) The new CIA exam Part 2 topics tested include managing the internal audit function via the strategic and operational role of internal audit and establishing a risk-based plan. and determine disposition of ethics violations b. Types of engagements a. Build and maintain networking with other organization executives and the audit committee 3. regulatory mandates) 3.5 Security audit engagements a. audit universe. Assess and foster the ethical climate of the board and management a. as well as fraud risks and controls. Maintain and administer business conduct policy (eg. and monitoring of internal audit operations 2. supervision. budgeting. Investigate and recommend resolution for ethics/compliance complaints. communicating results. analysis. Establish Risk-Based IA Plan 1. and compliance 6. and cope with change 2. Initiate. Conduct assurance engagements a. Use market. Use a risk framework to identify sources of potential engagements (eg. control. and industry knowledge to identify new internal audit engagement opportunities 2.. conflict of interest). Identify internal audit resource requirements for annual IA plan 6. manage. Note: All items in this section of the syllabus will be tested at the Proficiency knowledge level unless otherwise indicated below. Strategic Role of Internal Audit 1. Maintain effective Quality Assurance Improvement Program C. product. management requests. Organize and lead a team in mapping. Interview candidates for internal audit positions 5. organizing.1 Risk and control self-assessments a) Facilitated approach (1) Client-facilitated (2) Audit-facilitated b) Questionnaire approach c) Self-certification approach a. the steps to manage individual engagements (planning. achievement of corporate objective – Awareness Level (A) B. human resources) of the internal audit department 4. Communicate areas of significant risk and obtain approval from the board for the annual engagement plan 7. Coordinate IA efforts with external auditor. MANAGING THE INTERNAL AuDIT FuNcTION (40–50%) A..PART 2 – INTERNAL AuDIT PRAcTIcE 100 questions | 2. Communicate internal audit key performance indicators to senior management and the board on a regular basis 7. be a change catalyst. Report on the effectiveness of the internal control and risk management frameworks 7. Direct administrative activities (eg. directing.3 Quality audit engagements a. Rank and validate risk priorities to prioritize engagements in the audit plan 5. risk management. Assess the adequacy of the performance measurement system. I. and report on compliance 5. Operational Role of IA 1.. Educate senior management and the board on best practices in governance.2 Audits of third parties and contract auditing a. Establish a framework for assessing risk 4. and monitoring outcomes).4 Due diligence audit engagements a. regulatory oversight bodies and other internal assurance functions 8.6 Privacy audit engagements 2013 Program Changes To The CIA ® Program 5 . and business process improvement 4. Report on the effectiveness of corporate risk management processes to senior management and the board 6. audit cycle requirements.

Establish engagement objectives/criteria and finalize the scope of the engagement 2. Support a culture of fraud awareness. Communicate Engagement Results 1. Interrogation / investigative techniques – Awareness Level (A) H. Approve engagement report 6.3 Benchmarking c. Complete a detailed risk assessment of each audit area (prioritize or evaluate risk/control factors) 4. Plan engagement to assure identification of key risks and controls 3. Plan Engagements 1. Employ audit tests to detect fraud F.7 Performance audit engagements (key performance indicators) a. Complete a process review to improve controls to prevent fraud and recommend changes E. a. and work with others toward shared goals 3. Construct audit staff schedule for effective use of time B. Supervise Engagement 1. Determine engagement procedures and prepare engagement work program 5. Report outcomes to appropriate parties D. Monitor Engagement Outcomes 1. Review work papers 5. Determine distribution of the report 7. Determine the level of staff and resources needed for the engagement 6. Obtain management response to the report 8. Determine if any suspected fraud merits investigation D. Conduct exit conference 6. Communicate interim progress 3. Prepare report or other communication 5. Forensic auditing – Awareness Level (A) 2013 Program Changes To The CIA ® Program 6 .9 Financial audit engagements b. Report significant audit issues to senior management and the board periodically III.8 Operational audit engagements (efficiency and effectiveness) a. FRAuD RISKS AND CONTROLS (5–15%) A. Coordinate work assignments among audit team members when serving as the auditor-in-charge of a project 4. build bonds. Determine if fraud risks require special consideration when conducting an engagement C. Consulting engagements c. Compliance audit engagements c. Complete performance appraisals of engagement staff C.5 Design of performance measurement systems II.4 System development reviews c.1 Internal control training c. MANAGING INDIVIDuAL ENGAGEMENTS (40–50%) A. Initiate preliminary communication with engagement clients 2. Identify appropriate method to monitor engagement outcomes 2. Monitor engagement outcomes and conduct appropriate follow-up by the internal audit activity 3. and encourage the reporting of improprieties G. Conduct follow-up and report on management’s response to internal audit recommendations 4. Develop recommendations when appropriate 4. Consider the potential for fraud risks and identify common types of fraud associated with the engagement area during the engagement planning process B. Nurture instrumental relations.2 Business process mapping c. Direct / supervise individual engagements 2.

centralized / decentralized) C. sales.. Competition in global industries 1) Sources / impediments 2) Evolution of global markets 3) Strategic alternatives 4) Trends affecting competition 2013 Program Changes To The CIA ® Program 7 . the process. management and leadership principles. Organizational Use of Risk Frameworks III. organizational dynamics.. COMMuNIcATION (5–10%) A. MANAGEMENT / LEADERSHIp PRINcIpLES (10–20%) A.0 Hours (120 minutes) The new CIA exam Part 3 topics tested include governance and business ethics. Industry evolution 2. workflow analysis and bottleneck management. Structural analysis of industries b. supply-chain management) D.PART 3 – INTERNAL AuDIT KNOWLEDGE ELEMENTS 100 questions | 2. Business Development Life Cycles H. financial management. Market signals e. theory of constraints) E. communication. Environmental and Social Safeguards C. Global analytical techniques a. RISK MANAGEMENT (10–20%) – PROFIcIENcY LEVEL (P) A. Typical Schemes in Various Business Cycles (eg. Inventory Management Techniques and Concepts F. Risk / Control Implications of Different Organizational Structures B. Competitive strategies (eg.. Strategic Management 1. I. Business Process Analysis (eg. impact of computerization) B. Corporate Social Responsibility II. The International Organization for Standardization (ISO) Framework I. ORGANIZATIONAL STRucTuRE / BuSINESS PROcESSES AND RISKS (15–25%) A. Competitive analysis d. knowledge. Note: All items in this section of the syllabus will be tested at the Awareness knowledge level unless otherwise indicated below.. Outsourcing Business Processes IV. Communication (eg.. organizational structure. risk management. Corporate / Organizational Governance Principles – Proficiency Level (P) B. procurement. Industry environments a.g. Structure (e. Stakeholder Relationships V. including business processes and risks. information technology and business continuity. Risk Management Techniques B. Competitive strategies related to: 1) Fragmented industries 2) Emerging industries 3) Declining industries b. GOVERNANcE / BuSINESS ETHIcS (5–15%) A. and the global business environment. Electronic Funds Transfer (EFT) / Electronic Data Interchange (EDI) / E-commerce G. Porter’s model) c.

Functional areas of IT operations (eg. motivation. Encryption B. System Infrastructure 1. Team-building and assessing team performance D. access control) 2. impact of job design. Conflict management 4. Organizational Behavior 1. Workstations 2. Physical / system security (eg. eSAC. Mainframe 2013 Program Changes To The CIA ® Program 8 . IT / BuSINESS CONTINuITY (15–25%) A.. Enterprise-wide resource planning (ERP) software (eg. Databases 3.. Decision analysis B. SAP R / 3) 6. Management Skills / Leadership Styles 1. and WAN) 7. Change management 2. Performance (productivity. VAN. and guide people. personnel sourcing / staffing. Data. firewalls. Conflict resolution (eg. Organizational theory (structures and configurations) 2. Systems development methodology 4. building organizational commitment and entrepreneurial orientation 2. viruses. privacy) 3. voice. Application Development 1. Organizational behavior (eg.. Analysis of integration strategies b. Quality management (eg. rewards. End-user computing 2. Group dynamics (eg. traits. supervision.. Lead.. Added-value negotiating E. data center operations) 5. staff development) 5. Six Sigma) 6. mentor. Security 1.. Software licensing 9. etc. TQM. COBIT. schedules) 3. Information systems development C. Forecasting 5. Information protection (eg. competitive. Application development 5. effectiveness) 4. Entry into new businesses 4. effectiveness. Create group synergy in pursuing collective goals 3. Knowledge of human resource processes (eg. Application authentication 4. 3. Risk / control implications of different leadership styles 6. Conflict Management 1. inspire...) C.. IT control frameworks (eg. Project management techniques VI.) 4. Project Management / Change Management 1. cooperative. and network communications / connections (eg. Server 8. individual performance management.. development stages. LAN. organizational politics. Negotiation skills 3. and compromise) 2. Strategic decisions a. Change control 3. Capacity expansion c.

Sources and methods for managing complexities and contradictions. fixed. Costing systems (eg. VAT) B. Inventory valuation 11.. Financial instruments ( 2013 Program Changes To The CIA ® Program 9 . standard) 3. pensions. Transfer pricing 7. Cost-volume-profit analysis 6. Managing multicultural teams C. Relevant cost 5. treasury functions) 8. bonds. derivatives) 7. Legal and Economics — General Concepts (eg. Financial statement analysis (eg. Impact of Government Legislation and Regulation on Business (eg. Valuation models 9. Creating organizational adaptability 4.. Operating budget VIII. contracts) D. General concepts 2. variable. Basic concepts and underlying principles of financial accounting (eg. multinational.. consolidation. absorption. foreign currency transactions) 4. trade legislation) Individuals interested in viewing a mapping of content from the current four-part exam to the 2013 three-part exam may do so by visiting www. relationships) 2..globaliia. Cash management (eg. ratios) 5. Web infrastructure D. leases. Cultural / Political Environments 1. Advanced concepts of financial accounting (eg.. IT contingency planning VII. GLObAL BuSINESS ENVIRONMENT (0–10%) A. Taxation schemes (eg. activity-based. Economic / Financial Environments 1. Global. 4.. partnerships. Types of debt and equity 6. FINANcIAL MANAGEMENT (10–20%) A. Managerial Accounting 1. Balancing global requirements and local imperatives 2. Operating systems 11.. and multi-local compared and contrasted 2.. Business valuation 10.. Global mindsets (personal characteristics/competencies) 3. Managing training and development B. Financial Accounting and Finance 1. 10. tax shelters. Business Continuity 1.) 4. Capital budgeting (eg. cost of capital evaluation) 12... Intermediate concepts of financial accounting (eg. Requirements for entering the global marketplace 3. intangible assets. international.. statements. Cost concepts (eg. R & D) 3. Responsibility accounting 8. terminology. 2/120228/CS/BT .Global Headquarters 247 Maitland Avenue Altamonte Springs. Florida 32701 USA T +1-407-937-1111 F +1-407-937-1101 W www.