Certified Internal Auditor® (CIA®) Examination Syllabus

Part 1- Essentials of Internal Auditing

Proficiency
Level

Domain 1: Foundations of Internal Auditing 35%

1. Describe the Purpose of Internal Auditing according to the Global Basic
Internal Audit Standards
2. Explain the internal audit mandate (the function's authority, roles, and Basic
responsibilities), charter components and communication, and
responsibilities of the board and chief audit executive
3. Recognize the requirements of an internal audit charter, including but Basic
not limited to:
• required components
• board approval
• communication of the charter
4. Interpret the differences between assurance and advisory services Basic
provided by the internal audit function
5. Describe the types of assurance services performed by the internal Basic
audit function, including but not limited to:
• risk and control assessments
• audits of third parties and contract compliance
• IT/security and privacy
• performance and quality audits
• management reporting
• operational audits
• financial and regulatory compliance audits
• culture

6. Describe the types of advisory services performed by the internal Basic

audit function, including but not limited to:
• risk and control training
• system design
• system development
• due diligence
• privacy
• benchmarking
• internal control assessment
• process mapping

7. Identify situations where the independence of the internal audit Basic

function may be impaired, including but not limited to:
• functional reporting
• board and chief audit executive responsibilities
• budget reductions
• scope limitations
• restricted access

© 2024 The Institute of Internal Auditors, Inc. All rights reserved. The IIA and its logo are trademarks or registered trademarks of The Institute of Internal Auditors, Inc

V1.05.2024- THIS DOCUMENT IS SUBJECT TO CHANGE.

 Certified Internal Auditor® (CIA®) Examination Syllabus
Part 1- Essentials of Internal Auditing

8. Recognize the internal audit function's role in the organization's risk Basic
management process, including but not limited to:
• Three Lines Model
• roles that require safeguards to protect independence

Domain 2: Ethics and Professionalism 20%

1. Demonstrate integrity, including but not limited to: Proficient
• honesty and courage
• legal and professional behavior
2. Assess whether an individual internal auditor has any impairments to Proficient
objectivity, including but not limited to:
• self-review bias
• familiarity bias
3. Analyze policies that promote objectivity and potential options to Proficient
mitigate impairments, including but not limited to:
• reassigning internal auditors
• outsourcing the performance or supervision of the
engagement
• disclosing impairments
4. Apply the knowledge, skills, and competencies required (whether Proficient
developed or procured) to fulfill the responsibilities of the internal
audit function, including but not limited to:
• written and verbal communication skills to deliver effective
messages, reports, meetings, and presentations
• critical thinking and problem-solving skills to address complex
issues and identify innovative solutions
• research skills to collect information from a variety of
resources and expand knowledge on various topics
• persuasion and negotiation skills to manage conflicts and
collaborate effectively with teammates and stakeholders
• relationship-building skills to establish trust and credibility
• change management skills to thrive in evolving environments
• curiosity to uncover new information and foster continuous
learning
• competencies obtained through continuing professional
development
5. Demonstrate due professional care, including exercising professional Proficient
skepticism

© 2024 The Institute of Internal Auditors, Inc. All rights reserved. The IIA and its logo are trademarks or registered trademarks of The Institute of Internal Auditors, Inc

V1.05.2024- THIS DOCUMENT IS SUBJECT TO CHANGE.

 Certified Internal Auditor® (CIA®) Examination Syllabus
Part 1- Essentials of Internal Auditing

6. Maintain confidentiality and use information appropriately during the Proficient

engagement according to organizational policies and internal audit
methodologies
Domain 3: Governance, Risk Management, and Control 30%
1. Describe the concept of organizational governance, including the Basic
roles of the board, senior management, the internal audit function,
and other assurance providers
2. Recognize the impact of organizational culture on the overall control Basic
environment and individual engagement risks and controls, including
but not limited to:
• decision quality
• bias
• decision-making
3. Recognize ethical and compliance-related issues Basic
4. Interpret fundamental concepts of risk type, including but not limited Proficient
to:
• operational
• financial
• environmental
• social responsibility
• sustainability
• strategic
• residual
• reputational
• inherent
• model risk
5. Interpret fundamental concepts of the risk management process, Proficient
including but not limited to:
• risk appetite
• risk tolerance
• risk response
• elements of the risk management cycle
6. Describe globally accepted risk management frameworks appropriate Basic
to the organization, including but not limited to:
• COSO – ERM
• ISO 31000
7. Describe the design and effectiveness of risk management within Basic
processes and functions
8. Interpret internal control concepts and types of controls Proficient
9. Apply globally accepted internal control frameworks appropriate to Proficient
the organization, including but not limited to COSO

© 2024 The Institute of Internal Auditors, Inc. All rights reserved. The IIA and its logo are trademarks or registered trademarks of The Institute of Internal Auditors, Inc

V1.05.2024- THIS DOCUMENT IS SUBJECT TO CHANGE.

 Certified Internal Auditor® (CIA®) Examination Syllabus
Part 1- Essentials of Internal Auditing

10. Recognize the importance of the design, effectiveness, and efficiency Basic
of internal controls (financial and non-financial)
Domain 4: Fraud Risks 15%
1. Describe concepts of fraud risks and types of fraud Basic
2. Determine whether fraud risks require special consideration Proficient
3. Evaluate the potential for fraud (red flags, etc.) and how the Proficient
organization detects and manages fraud risks
4. Describe controls to prevent and detect fraud, including but not Basic
limited to:
• segregation of duties
• supervision
• tone at the top
• authority levels
5. Recognize techniques and the internal audit function's role related to Basic
fraud investigation, including but not limited to:
• interview
• investigation
• testing

© 2024 The Institute of Internal Auditors, Inc. All rights reserved. The IIA and its logo are trademarks or registered trademarks of The Institute of Internal Auditors, Inc

V1.05.2024- THIS DOCUMENT IS SUBJECT TO CHANGE.