Knowledge Session Series by CA, CIA, CRMA Arpit Garg

Certified Internal Auditor (CIA): Part 1

Session 1 – Orientation and Unit 1 – Foundations of Internal

Auditing
CIA PROGRAM

Part 1 Part 2 Part 3

Essentials of Practice of Internal Business
Internal Auditing Auditing knowledge for
Internal Auditing

8 Units 10 Units 15 Units

Section I: Foundations of
Internal Auditing
Section II: Independence, Section I : Managing the
Objectivity Internal Audit Activity Section I: Business
Acumen
Section III: Proficiency Section II: Planning the
and Due Professional Engagement Section II: Information
Care Security
Section III: Performing the
Section IV: Quality Engagement Section III: Information
Assurance and Technology
Improvement Program Section IV:
Communicating Section IV: Financial
Section V: Governance, Engagement Results and Management
Risk Management, and Monitoring Progress
Control
Section VI: Fraud Risks
CIA EXAMINATION

# of Questions Time Available

Break not
available
Part 1 – 2.5 hours
/ 150 Minutes
Part 1 – 125
Part 2 & 3 – 2
Part 2 & 3 – 100
hours/120
Minutes
 STEPS TO BE CERTIFIED INTERNAL AUDITOR AND EXAM
FEES
Step 1: Apply
The Entry Requirement are:
1. Bachelor’s Degree, Master’s Degree, Associate’s
Degree or Professional Certification ( CA, CPA,
ACCA, etc.). A student in final year of college
can be provisionally approved into the
certification program.
2. Character Reference
Candidates will require Proof of Identity and
Education to register.
Candidates have 3 years to complete all of the CIA
requirements. The countdown begins once the IIA
accepts application into the CIA program and you
officially become a candidate for the Certified Internal
Auditor certification.
Step 3: Verify
Proof of experience is an exit requirement of the
certification program. You may complete the
experience verification any time after your application
has been approved, but once you pass the required
exam(s), your experience must be verified for you to
become certified.
Step 2: Test
The exam window is 180 days. You have 180
days from the date you register for your CIA
exam to schedule and sit for the exam. After you
complete the exam registration process, the IIA
will email you your authorization to test. With this
authorization, you can contact Pearson VUE, the
administrator of the CIA exam, to schedule your
testing appointment.
Duration: 150 Minutes for CIA Part 1
Exam pattern = 100% Objective with 125 MCQ’s in CIA Part 1
Passing score : 600 out of 750 points (80%)
No negative marking
Exams in India and Abroad
Step 4: Maintain
To maintain your certification, you must earn
and report continuing professional education
(CPE) credit hours — including two hours of
ethics training — by 31 December annually, in
accordance with The IIA’s CPE Policy. .
BENEFITS OF BEING IIA MEMBERS

Member Savings
Invest in yourself and in your future.

IIA Members save USD 740 in completing CIA certification. Total Examination fee for
IIA member is USD 705 vs. USD 1445 for Non-Members

Pricing Non Members Global Members Special Pricing

for IIA India

Application fee USD 230 USD 115 USD 86

CIA Part 1 USD 425 USD 295 USD 221

CIA Part 2 USD 395 USD 265 USD 199

CIA Part 3 USD 395 USD 265 USD 199

REGISTRATION PROCESS WITH IIA

Step 1: Apply for IIA India Membership – Online from IIA India website.
New Member – INR 5500 + GST, Renewal – INR 4000 + GST,

Step 2: Received Global Membership ID from IIA India (Generally it takes not
more than two weeks to receive Global Membership ID)

Step 3: Create Profile in Certification Candidate Management System (CCMS)

Upload Required Documents

• Proof of Identity
• Proof of Education

Complete the Character Reference Process

Step 4: Register for Exam

Step 5: Access Pearson Vue Tab in your CCMS Account and Select the Date
of your nearest examination center
GLEIM SOFTWARE AND STUDY MATERIAL

• Printed Books for each Parts

• Unlimited access to Gleim Software for Practice Questions – Total 900+

Questions in Gleim for CIA Part 1

• You can practice questions - Unit wise in Gleim Software

• Recorded sessions in the LMS system

OUR APPROACH

• Clear perspective on what we are going to learn in the session

• What are the key topics in the Unit

• 100% coverage of Gleim Study Material

• Concept Clarity with Practical Examples

• Practical Learning to apply on field

• Things to Remember – Key Takeaways after each session

• Revision of each Session at the beginning of new session

• MCQs – Examination Oriented

• Q&A Sessions
 CIA PART 1 - SCHEDULE

Session # Coverage Date Day Tentative Timings

Session 1 Context Setting and Unit 1 07-Jan-23 Saturday 07:00 AM - 11:00 AM

Session 2 Unit 1 08-Jan-23 Sunday 07:00 AM - 11:00 AM

Session 3 Unit 2 14-Jan-23 Saturday 07:00 AM - 11:00 AM

Session 4 Unit 2 and Unit 3 15-Jan-23 Sunday 07:00 AM - 11:00 AM

Session 5 Unit 4 21-Jan-23 Saturday 07:00 AM - 11:30 AM

Session 6 Unit 5 22-Jan-23 Sunday 07:00 AM - 11:00 AM

Session 7 Unit 5 28-Jan-23 Saturday 07:00 AM - 11:00 AM

Session 8 Unit 6 29-Jan-23 Sunday 07:00 AM - 11:00 AM

Session 9 Unit 6 04-Feb-23 Saturday 07:00 AM - 11:00 AM

Session 10 Unit 7 05-Feb-23 Sunday 07:00 AM - 11:00 AM

Session 11 Unit 7 11-Feb-23 Saturday 07:00 AM - 11:00 AM

Session 12 Unit 8 12-Feb-23 Sunday 07:00 AM - 11:30 AM

GLEIM SOFTWARE AND STUDY
SOX
MATERIAL IFC
Internal
Audit Due
Diligence
Business
Process
Business Re-engineering Fraud
Excellence Forensics

Assurance
Concurrent
Intelligent Audits
Automation

ERM
Consulting
TPRM
Standard
Operating
Procedures
Risk Advisory IT Risk
Services Management

Galaxy CSA

GDPR Compliance Solutions GRC

ABAC
CCPA
Digitization
Tax,
ESG Legal AML
, Labour law
Credit
Cybersecurity ISO Risk
 SUMMARY OF CHANGE IN 2022 EDITION

General – Presentation

Specific:

Unit 2: Internal Audit Competency Framework

Internal Audit
Competency Framework

Unit 6: Controls – Types and Frameworks

• Control Types - Quick study guide

• ITGC and Application Controls - Quick study guide
• COBIT – 2019 Framework
• The revised unit covers only COSO and COBIT 2019 framework

Unit 6
CIA PART 1: COVERAGE

Topics to be covered Weightage

Foundations of Internal
Unit 1 15%
Auditing
Unit 2 Independence, Objectivity, and
Proficiency
40%
Unit 3 Due Professional Care and
QAIP
Unit 4 Governance

Unit 5 Risk Management

35%
Controls: Type and
Unit 6 Frameworks

Unit 7 Controls: Application

Unit 8 Fraud Risks and Controls 10%

CIA PART 1: UNIT 1 - COVERAGE

FOUNDATIONS OF INTERNAL AUDITING

1 Applicable Guidance (IPPF)

2 Internal Audit Ethics – Introduction and

Principles

3 Internal Audit Ethics – Integrity

Proficient
4 Internal Audit Ethics – Objectivity

5 Internal Audit Ethics – Confidentiality

6 Internal Audit Ethics – Competency

7 Internal Audit Charter Basic

CIA PART 1: UNIT 1 – KEY LEARNINGS

1.1 Applicable Guidance IPPF

What are the 4

Mission of internal What does IPPF things included in Definition of
auditing contains? Mandatory Internal Auditing
Guidance?

Core Principles of Standards of Internal

Code of ethics
Internal Auditing Auditing

1.2 Code of Ethical Conduct for Professionals

Aspects of codes of Components of code of ethical conduct

Reasons for codes ethical conduct includes:
of ethical conduct • Integrity
To enhance code of • Objectivity
What Is the primary ethics it should • Confidentiality
purpose? provide? • Competency
CIA PART 1: UNIT 1 – KEY LEARNINGS

1.3 to 1.7 Internal Audit Ethics

Understanding principles of
Applicability of • Integrity Examples of
provisions of code • Objectivity violations of code of
of ethics? • Confidentiality conduct - Integrity
• Competency

Examples of Examples of
Examples of
violations of code of violations of code of
violations of code of
conduct - conduct - competency
conduct - objectivity
confidentiality

1.8 Internal Audit Charter

Recognizing
What is purpose mandatory
authority and guidance in the
responsibility Internal Audit
Charter
UNIT 1: UNDERSTANDING IPPF

IPPF contains
Mandatory Guidance
and Recommended
Guidance
UNIT 1 : TYPES OF STANDARDS

Standards

Attribute Performance Interpretation Implementation

Clarifications for Expand upon

terms and conditions other Standards
19 33 in Attribute and (i.e., Attribute
Performance and
standards Performance)
Govern the Govern the nature of
responsibilities , Internal Auditing and Provides
attitudes and actions provide quality criteria requirements
of the organization’s for evaluating the applicable to
Internal Audit Activity internal audit Assurance and
and the people who performance Consulting Services
serve as Internal
Auditors

Part 1 –Focus on Attribute Standards

CIA PART 1: LIST OF ATTRIBUTE STANDARDS

Attribute Standards
1000 Purpose, Authority, and Responsibility
1010 Recognizing Mandatory Guidance in the Internal Audit Charter
1100 Independence and Objectivity
1110 Organizational Independence
1111 Direct Interaction with the Board
1112 Chief Audit Executive Roles Beyond Internal Auditing
1120 Individual Objectivity
1130 Impairment to Independence or Objectivity

1200 Proficiency and Due Professional Care

1210 Proficiency
1220 Due Professional Care
1230 Continuing Professional Development

1300 Quality Assurance and Improvement Program

1310 Requirements of the Quality Assurance and Improvement Program
1311 Internal Assessments
1312 External Assessments
1320 Reporting on the Quality Assurance and Improvement Program
1321 Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing”
1322 Disclosure of Nonconformance

5
UNIT 1 : LIST OF PERFORMANCE STANDARDS

Performance Standards
2000 Managing the Internal Audit Activity
2010 Planning
2020 Communication and Approval
2030 Resource Engagement
2040 Policies and Procedures
2050 Coordination and Reliance
2060 Reporting to Senior Management and the Board
2070 External service provider and organizational responsibility for internal auditing

2100 Nature of work

2110 Governance
2120 Risk Management
2130 Control

2200 Engagement Planning

2201 Planning Considerations
2210 Engagement Objectives
2220 Engagement Scope
2230 Engagement Resource Allocation
2240 Engagement work program
UNIT 1 : LIST OF PERFORMANCE STANDARDS

Performance Standards
2300 Performing the Engagement
2310 Identifying the Information
2320 Analysis and Evaluation
2330 Documenting Information
2340 Engagement Supervision

2400 Communicating Results

2410 Criteria for Communicating
2420 Quality of Communications
2421 Errors and Omissions
Use of “Conducted in Conformance with the International Standards for the Professional Practice of
2430 Internal Auditing”
2431 Engagement Disclosure of Nonconformance
2440 Disseminating Results
2450 Overall Opinions

2500 Monitoring Progress

2600 Communicating the Acceptance of Risks
UNIT 1 : MISSION, DEFINITION & CORE PRINCIPLES

Mission of Internal Auditing Core Principles

• To enhance and protect organizational

value by providing risk-based and objective
assurance, advice, and insight.
• Facilitating the achievement of this mission is
the IPPF
Definition of Internal Auditing
Internal auditing is an independent, objective
assurance and consulting activity designed to add
value and improve an organization’s operations. It
helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control, and governance processes.
1. Demonstrates integrity
2. Demonstrates competence and due
professional care.
3. Is objective and free from undue influence
(independent).
4. Aligns with the strategies, objectives, and
risks of the organization.
5. Is appropriately positioned and adequately
resourced.
6. Demonstrates quality and continuous
improvement.
7. Communicates effectively.
8. Provides risk-based assurance.
9. Is insightful, proactive, and future-focused.
10. Promotes organizational improvement.

Important Note
The Core Principles and the Definition of Internal Auditing are encompassed in the Code of Ethics
and the Standards. Thus, conformance with the Code and the Standards demonstrates
conformance with all mandatory elements of the IPPF
UNIT 1 : CODE OF ETHICAL CONDUCT

Reasons for codes of ethical conduct

• Primary purpose is to promote an ethical culture among professionals who serve others.
Additional functions of a code of ethical conduct for a professional organization include
• Communicating acceptable values to all members,
• Establishing objective standards against which individuals can measure their own performance, and
• Communicating the organization’s values to outsiders.

Aspects Applicability

• The provisions of the Code are

• Existence of a code does not ensure that its principles
applied broadly to all organizations
are followed or trustworthy
and persons who perform internal
• It is impossible to require equality of competence by all
audit services, not just CIAs and
members of a profession
members of The IIA
• The code should provide for disciplinary action for
• Violations of rules of ethics should be
violators
reported to The IIA’s board of
directors

Components
Code of Ethics extends beyond the Definition of Internal Auditing to include two essential components
• Principles that are relevant to the profession and practice of internal auditing
• Rules of Conduct that describe behavior norms expected of internal auditors
UNIT 1 : CODE OF ETHICS - PRINCIPLES

Integrity
Refusal to compromise Professional values
+ Providing stakeholders with Unbiased
Performance of professional duties in accordance
with relevant laws.
• Performing work with honesty, diligence and
responsibility
• Making disclosure expected by the law,
• Not Knowingly becoming a party to an illegal act
or engage in an act discreditable to the
profession.
Confidentiality
• Be prudent in the use and protection of
information acquired in the course of duties
• Not use information for any personal gain or in
any manner that would be contrary to the law
Objectivity
information
+
Independence from Conflict of Interest
• Not participate in any activity or relationship
that may impair or be presumed to impair
their unbiased assessment.
• Shall not accept anything that may impair
or be presumed to impair their professional
judgment.
• Shall disclose all material facts known to
them that, if not disclosed, may distort the
reporting of activities under review.

Competency

• Engage only in those services for which we have the necessary knowledge, skills, and experience
• Perform internal audit services in accordance with Standards
• Continually improve the proficiency and the effectiveness and quality of services
UNIT 1 : EXAMPLES OF VIOLATION OF CODE OF ETHICS
Integrity
• Making claims about one’s competency in a manner that
is deceptive, false, or misleading.
• Lying
• Overlooking illegal activities
• Making disparaging comments about the organization,
fellow employees, or its stakeholders.
Confidentiality
• Using insider financial, strategic, or operational
knowledge of an organization to bring about personal
financial gain by purchasing or selling shares in the
organization.
• Releasing insider knowledge to journalists or via other
media without proper authorization.
• Using insider information to develop a competitive
product or selling proprietary information to a competitor.
Note: Disclosing confidential information in response to
a court order is not a violation.
Competency
• Accepting an engagement where Internal Audit function collectively lacks Knowledge, skills, experience or
proficiency is a violation.
Objectivity
• Auditing an area where a close friend or relative
is employed
• Auditing an area where the auditor worked
within the previous year
• Accept fees, gifts, or entertainment from an
employee, client, customer, supplier, or business
associate.
• Distorting facts reported in final engagement
communications
• Sale of service or products by the internal
auditor to the organization
• Working in a non-audit position and accepting
gifts not permitted by IIA code of conduct
• Not communicating pertinent information to the
CAE.
• Accepting a bonus based on work accomplished
during an audit.
• Intentional omission of disclosures of illegal
activity from final engagement communications.
CIA PART 1: UNIT 1

Let's Start Go through

UNIT 1 Content

6
CIA PART 1: UNIT 1

Session – Exercise

Things to remember

7
CIA PART 1: UNIT 1

Things to Remember

Attribute Conformance with

Implementation Purpose of standards apply the code of ethics
standards extends Internal Audit to the and standards
upon other activity is to add characteristics demonstrates
categories of value to the of providers of conformance with all
standards organization internal audit mandatory elements
services of IPPF

Provisions of
Code of conduct code are applied
Primary purpose Objectivity –
of the code of should provide to all persons
Impairment/
ethical conduct is for disciplinary who perform all
Conflict of interest
to Promote ethical action for internal audit
culture violators services not just
CIAs

Nature and scope of

Comply with the
Objectivity is an assurance
International
Disclose all attribute of engagement is
standards for the
material facts individual decided by Internal
professional practice
internal auditor Auditor and not the
of Internal Auditing
board or Mgt.

8
 UNIT 1 : INTERNAL AUDIT CHARTER

Purpose
The purpose of the internal audit activity is to provide “independent, objective assurance and consulting
services…”
Assurance Services:
Definition: Objective assessment of evidence to provide opinion or conclusions regarding an entity,
operation, function, process, system, or other subject matters.
Nature and Scope: Determined by the internal auditor.
Participants: 3 parties (User, Process owner and the Auditor)
Examples: Financial, Performance, Compliance, System security and Due Diligence engagements
Consulting Services:
Definition: Activities intended to add value and improve an organization’s governance, risk management
and control processes. (Advisory in nature)
Nature and Scope: Subject to agreement with the engagement client.
Participants: 2 parties (Auditor and Engagement client)
Examples: Advice, facilitation and training

Authority
Internal audit activity should be empowered to
require auditees to grant access to all records,
personnel, and physical properties relevant to the
performance of every engagement
Final Approval of the charter resides with the Board
Responsibility
To provide the organization with assurance and
consulting services that will add value and improve the
organization’s operations
 UNIT 1 : BLENDED ENGAGEMENTS

Assurance and consulting services are not mutually exclusive, so an audit activity can have both assurance
and consulting components. A blended engagement may consolidate elements of assurance and consulting
activities. A blended engagement may take the form of a due diligence engagement to provide assurance
and consulting services in support of management's evaluation of an acquisition candidate, for example. In
other instances, individual components of an engagement may be specified as assurance or consulting. This
blending of the two types of services can add value and create efficiencies.

However, if assurance and consulting services are blended, it must be ensured that there are no conflicts of
independence, objectivity, or otherwise with regard to roles and responsibilities.
CIA PART 1: UNIT 1

Session – Exercise

Illustrative MCQ Session

7
CIA PART 1: UNIT 1

Homework

Section 1 – Question Bank

Practice

10
THANK YOU ARPIT GARG