1

APPENDIX A
THE IIA CIA EXAM SYLLABUS AND CROSS-REFERENCES

For your convenience, we have reproduced verbatim The IIA’s CIA Exam Syllabus for this CIA
exam part. Note that the “basic” cognitive level means the candidate must retrieve relevant knowledge
from memory and/or demonstrate basic comprehension of concepts or processes. Those levels labeled
“proficient” mean the candidate must apply concepts, processes, or procedures; analyze, evaluate, and
make judgments based on criteria; and/or put elements or material together to formulate conclusions
and recommendations. We also have provided cross-references to the study units and subunits in this
course that correspond to The IIA’s more detailed coverage. Please visit The IIA’s website for updates
and more information about the exam. Rely on the Gleim materials to help you pass each part of the
exam. We have researched and studied The IIA’s CIA Exam Syllabus as well as questions from prior
exams to provide you with an excellent review program.
PART 3 – BUSINESS KNOWLEDGE FOR INTERNAL AUDITING

Gleim
Cognitive
Domain Study Unit(s)
Level
or Subunit(s)
Business Acumen (35%)
1. Organizational Objectives, Behavior, and Performance
Describe the strategic planning process and key activities (objective setting,
A globalization and competitive considerations, alignment to the organization’s Basic SU 1
mission and values, etc.)
Examine common performance measures (financial, operational, qualitative vs.
B Proficient 2.5-2.7
quantitative, productivity, quality, efficiency, effectiveness, etc.)
Explain organizational behavior (individuals in organizations, groups, and how
C organizations behave, etc.) and different performance management techniques Basic 2.1-2.4
(traits, organizational politics, motivation, job design, rewards, work schedules, etc.)
Describe management’s effectiveness to lead, mentor, guide people, build
D Basic 3.1
organizational commitment, and demonstrate entrepreneurial ability
2. Organizational Structure and Business Processes
Appraise the risk and control implications of different organizational configuration
A Basic 3.2
structures (centralized vs. decentralized, flat structure vs. traditional, etc.)
I
Examine the risk and control implications of common business processes (human
B resources, procurement, product development, sales, marketing, logistics, Proficient 3.3-3.5
management of outsourced processes, etc.)
Identify project management techniques (project plan and scope, time/team/
C Basic 4.1-4.3
resources/cost management, change management, etc.)
Recognize the various forms and elements of contracts (formality, consideration,
D Basic 4.4-4.5
unilateral, bilateral, etc.)
3. Data Analytics
Describe data analytics, data types, data governance, and the value of using data
A Basic 7.4
analytics in internal auditing
Explain the data analytics process (define questions, obtain relevant data, clean/
B Basic 7.4
normalize data, analyze data, communicate results)
Recognize the application of data analytics methods in internal auditing (anomaly
C detection, diagnostic analysis, predictive analysis, network analysis, text analysis, Basic 7.4
etc.)

Copyright © 2018 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com.
2 Appendix A: The IIA CIA Exam Syllabus and Cross-References

Gleim
Cognitive
Domain Study Unit(s)
Level
or Subunit(s)
Information Security (25%)
1. Information Security
Differentiate types of common physical security controls (cards, keys, biometrics,
A Basic 8.1
etc.)
Differentiate the various forms of user authentication and authorization controls
B (password, two-level authentication, biometrics, digital signatures, etc.) and identify Basic 8.1-8.2
potential risks
Explain the purpose and use of various information security controls (encryption,
II C Basic 8.1-8.3
firewalls, antivirus, etc.)
Recognize data privacy laws and their potential impact on data security policies and
D Basic 8.3
practices
Recognize emerging technology practices and their impact on security (bring your
E Basic 8.3
own device [BYOD], smart devices, internet of things [IoT], etc.)
Recognize existing and emerging cybersecurity risks (hacking, piracy, tampering,
F Basic 8.3
ransomware attacks, phishing attacks, etc.)
G Describe cybersecurity and information security-related policies Basic 8.1
Information Technology (20%)
1. Application and System Software
Recognize core activities in the systems development lifecycle and delivery
A (requirements definition, design, developing, testing, debugging, deployment, Basic 5.2
maintenance, etc.) and the importance of change controls throughout the process
Explain basic database terms (data, database, record, object, field, schema, etc.)
B and internet terms (HTML, HTTP, URL, domain name, browser, click-through, Basic 5.1, 6.2
electronic data interchange [EDI], cookies, etc.)
Identify key characteristics of software systems (customer relationship management
C [CRM] systems; enterprise resource planning [ERP] systems; and governance, risk, Basic 5.1, 6.4
and compliance [GRC] systems; etc.)
2. IT Infrastructure and IT Control Frameworks
III
Explain basic IT infrastructure and network concepts (server, mainframe, client-
A server configuration, gateways, routers, LAN, WAN, VPN, etc.) and identify potential Basic 6.1-6.3
risks
Define the operational roles of a network administrator, database administrator, and
B Basic 5.1, 6.1
help desk
Recognize the purpose and applications of IT control frameworks (COBIT,
C Basic 7.1-7.3
ISO 27000, ITIL, etc.) and basic IT controls
3. Disaster Recovery
A Explain disaster recovery planning site concepts (hot, warm, cold, etc.) Basic 8.4
B Explain the purpose of systems and data backup Basic 8.4
C Explain the purpose of systems and data recovery procedures Basic 8.4

Copyright © 2018 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com.
 Appendix A: The IIA CIA Exam Syllabus and Cross-References 3

Gleim
Cognitive
Domain Study Unit(s)
Level
or Subunit(s)
Financial Management (20%)
1. Financial Accounting and Finance
Identify concepts and underlying principles of financial accounting (types of financial
A statements and terminologies such as bonds, leases, pensions, intangible assets, Basic SU 9
research and development, etc.)
Recognize advanced and emerging financial accounting concepts (consolidation,
B Basic 10.1-10.5
investments, fair value, partnerships, foreign currency transactions, etc.)
Interpret financial analysis (horizontal and vertical analysis and ratios related to
C Proficient 10.6-10.10
activity, profitability, liquidity, leverage, etc.)
IV Describe revenue cycle, current asset management activities and accounting, and 3.4, 9.1, 9.5,
D Basic
supply chain management (including inventory valuation and accounts payable) 9.7, SU 11
E Describe capital budgeting, capital structure, basic taxation, and transfer pricing Basic SU 12
2. Managerial Accounting
Explain general concepts of managerial accounting (cost-volume-profit analysis,
A Basic SU 13
budgeting, expense allocation, cost-benefit analysis, etc.)
Differentiate costing systems (absorption, variable, fixed, activity-based, standard,
B Basic 14.1-14.4
etc.)
Distinguish various costs (relevant and irrelevant costs, incremental costs, etc.) and
C Basic 14.5
their use in decision making

Copyright © 2018 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com.