Exam Syllabus

The Certified Internal Auditor (CIA) exam tests a candidate’s knowledge of current internal auditing practices and understanding of internal audit issues, risks and remedies. The exam is offered in four parts, each part consisting of 90 multiple-choice questions. The testing period is two hours and twenty-five minutes.

Parts 1, 2, and 3 are considered the core global syllabus of the CIA exam —  offering a strong focus on corporate governance and risk issues and exhibiting alignment with The IIA’s International Professional Practices Framework (IPPF). Part 4 of the CIA exam is designed to be modified for regional and audit specialization testing. Hence, The IIA offers Professional Recognition Credit for Part 4 (PRC4) for qualified professional certifications.

Exam Non-disclosure

The CIA exam is a non-disclosed examination, which means that current exam questions and answers will not be published or divulged.

NOTE: Exam topics and/or format are subject to change as approved by The IIA’s Professional Certification Board (PCB).


The CIA exam tests your knowledge of current internal auditing practices, risks and controls, and much more. Just the process of preparing for the exam will enhance your professional insight and strengthen your grasp of The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards).

The CIA exam is offered in four parts, each consisting of 90 multiple-choice questions.

Part 1: The Internal Audit Activity’s Role in Governance, Risk, and Control
CIA exam Part 1 topics tested include aspects of the IPPF, responsibilities of the internal audit activity, independence and objectivity, governance concepts, risk identification and management, management controls, and audit planning.

Part 2: Conducting the Internal Audit Engagement
CIA exam Part 2 topics tested include steps for conducting audit engagements, types of engagements (such as technology, financial, or operational), fraud elements, audit engagement tools, audit documentation and reporting, and follow-up procedures.

Part 3: Business Analysis and Information Technology
CIA exam Part 3 topics tested include business process analysis, quality management, balanced scorecard, financial accounting, managerial accounting, regulatory and economic impacts on business, and information technology concepts.

Part 4: Business Management Skills*
CIA exam Part 4 topics tested include strategic decision-making, competitive analysis and strategies, product and industry life cycles, managing in a global business environment, organizational behavior, team building, negotiation, and leadership skills.

*Candidates with certain approved certifications may apply for Professional Recognition Credit for Part 4 of the CIA exam, based on their area of specialization, rather than testing on the general business concepts in Part 4. No other parts may be waived.