CIA 2013 Exam Syllabus, Part 1
Internal Audit Basics
125 questions | 2.5 Hours (150 minutes)
The new CIA exam Part 1 topics tested include aspects of mandatory guidance from the
IPPF; internal control and risk concepts; as well as tools and techniques for conducting
internal audit engagements. Note: All items in this section of the syllabus will be tested at
the Proficiency knowledge level unless otherwise indicated below.
I. Mandatory Guidance (35-45%)
A. Definition of Internal Auditing
1. Define purpose, authority, and responsibility of the internal audit activity
B. Code of Ethics
1. Abide by and promote compliance with The IIA Code of Ethics
C. International Standards
1.
Comply with The IIA's Attribute Standards
1. Determine if the purpose, authority, and responsibility of the internal
audit activity are documented in audit charter, approved by the Board and
communicated to the engagement clients
2. Demonstrate an understanding of the purpose, authority, and
responsibility of the internal audit activity
2. Maintain independence and objectivity
1. Foster independence
1. Understand organizational independence
2. Recognize the importance of organizational independence
3. Determine if the internal audit activity is properly aligned to
achieve organizational independence
2. Foster objectivity
1. Establish policies to promote objectivity
2. Assess individual objectivity
3. Maintain individual objectivity
4. Recognize and mitigate impairments to independence and
objectivity
3. Determine if the required knowledge, skills, and competencies are available
1. Understand the knowledge, skills, and competencies that an internal
auditor needs to possess
4.
5.
6.
7.
2. Identify the knowledge, skills, and competencies required to fulfill the
responsibilities of the internal audit activity
Develop and/or procure necessary knowledge, skills and competencies
collectively required by the internal audit activity
Exercise due professional care
Promote continuing professional development
1. Develop and implement a plan for continuing professional development
for internal audit staff
2. Enhance individual competency through continuing professional
development
Promote quality assurance and improvement of the internal audit activity
1. Monitor the effectiveness of the quality assurance and improvement
program
2. Report the results of the quality assurance and improvement program to
the board or other governing body
3. Conduct quality assurance procedures and recommend improvements to
the performance of the internal audit activity
II. Internal Control / Risk (25-35%) Awareness Level (A)
A. Types of Controls (e.g., preventive, detective, input, output, etc.)
B. Management Control Techniques
C. Internal Control Framework Characteristics and Use (e.g., COSO, Cadbury)
1. Develop and implement an organization-wide risk and control framework
D. Alternative Control Frameworks
E. Risk Vocabulary and Concepts
F. Fraud Risk Awareness
1. Types of fraud
2. Fraud red flags
III. Conducting Internal Audit Engagements Audit Tools and
Techniques (28-38%)
A. Data Gathering (Collect and analyze data on proposed engagements):
1. Review previous audit reports and other relevant documentation as part of a
preliminary survey of the engagement area
2. Develop checklists/internal control questionnaires as part of a preliminary survey
of the engagement area
3.
4.
5.
6.
Conduct interviews as part of a preliminary survey of the engagement area
Use observation to gather data
Conduct engagement to assure identification of key risks and controls
Sampling (non-statistical [judgmental] sampling method, statistical sampling,
discovery sampling, and statistical analyses techniques)
B. Data Analysis and Interpretation:
1. Use computerized audit tools and techniques (e.g., data mining and extraction,
continuous monitoring, automated work papers, embedded audit modules)
2. Conduct spreadsheet analysis
3. Use analytical review techniques (e.g., ratio estimation, variance analysis, budget
vs. actual, trend analysis, other reasonableness tests)
4. Conduct benchmarking
5. Draw conclusions
C. Data Reporting
1. Report test results to auditor in charge
2. Develop preliminary conclusions regarding controls
D. Documentation / Work Papers
1. Develop work papers
E. Process Mapping, Including Flowcharting
F. Evaluate Relevance, Sufficiency, and Competence of Evidence
1. Identify potential sources of evidence