2019 CIA Exam Changes

On January 1, 2019, The IIA will be making major content updates, which includes adding new testable topics and reorganizing current topics on the CIA exam. These extensive changes are being made in an effort to keep the CIA exam up to date with current auditing best practices and the role of an internal auditor.

CIA Exam Changes Overview

The IIA has streamlined the CIA exam by redefining the three exam parts according to The IIA’s 2017 global job-analysis study. Each part will better test the knowledge and skills required of current internal auditors.

Now, content is more evenly distributed across all three parts and topics in Part 3 no longer overlap with those in Parts 1 and 2. This redistribution has made it more important to take Part 3 last, but it is now more feasible for candidates to take Part 3 either first or last. Parts 1 and 2 should continue to be taken in numerical order because topics tested in Part 2 still build on those found in Part 1.

Part 3 still requires a basic knowledge of topics that relate peripherally—but not directly—to auditing. However, now Part 3 has an increased focused on IT-related topics and how they pertain to auditing.

BIGGEST CHANGES ACROSS THE EXAM

The amount of variance in Part 3 topics is now much fewer.

Governance is now tested in Part 1.

Data Analytics is now tested in Part 3.

Topics now include a rating of “Basic” or “Proficient” denoting the level of understanding necessary to answer questions on that topic.

CIA Exam Changes Timeline

The new CIA exam syllabus will take affect January 1, 2019, for the English version of the exam. The new exam will be translated into other languages throughout 2019.

Part 1: Essentials of Internal Auditing

Previous Part Title: Internal Audit Basics
BIGGEST CHANGES IN PART 1

Includes Governance, which is now a main focus

Greater alignment with The IIA’s Attribute Standards

Cognitive levels: 14 basic topics, 16 proficient topics

2018 Syllabus
I. Mandatory Guidance
Now in Part 1, Area I. Foundations of Internal Auditing
35-45%
II. Internal Control/Risk
Now in Part 1, Area V. Governance, Risk Management, and Control & Part 1, Area VI. Fraud Risk
25-35%

III. Conducting Internal Audit Engagements — Auditing Tools and Techniques
Now in Part 1, Area III. Proficiency and Due Professional Care
Content about Data Analytics now in Part 3, Area I. Business Acumen

25-35%
2019 Syllabus
Ι. Foundations of Internal Auditing 15%
ΙΙ. Independence and Objectivity 15%
ΙΙΙ. Proficiency and Due Professional Care 18%
ΙV. Quality Assurance and Improvement Programs 7%
V. Governance, Risk Management, and Control 35%
VI. Fraud Risk 10%
BIGGEST CHANGES IN PART 1

Includes Governance, which is now a main focus

Greater alignment with the IIA’s Attribute Standards

Cognitive levels: 14 basic topics, 16 proficient topics

2018 Syllabus
I. Mandatory Guidance
Now in Part 1, Area I. Foundations of Internal Auditing
35-45%
II. Internal Control/Risk
Now in Part 1, Area V. Governance, Risk Management, and Control & Part 1, Area VI. Fraud Risk
25-35%

III. Conducting Internal Audit Engagements — Auditing Tools and Techniques
Now in Part 1, Area III. Proficiency and Due Professional Care
Content about Data Analytics now in Part 3, Area I. Business Acumen

25-35%
2019 Syllabus
Ι. Foundations of Internal Auditing 15%
ΙΙ. Independence and Objectivity 15%
ΙΙΙ. Proficiency and Due Professional Care 18%
ΙV. Quality Assurance and Improvement Programs 7%
V. Governance, Risk Management, and Control 35%
VI. Fraud Risk 10%

Part 2: Practice of Internal Auditing

Previous Part Title: Internal Audit Practice
BIGGEST CHANGES IN PART 2

No longer tests on fraud risk (although risk is still an element of Part 2)

Goes deeper into the Information Gathering process under Domain 3, Performing the Engagement.

 Cognitive levels: 14 basic topics, 21 proficient topics

2018 Syllabus
I. Managing the Internal Audit Function
Now in Part 2, Area I. Managing the Internal Audit Activity
40-50%
II. Managing Individual Engagements
Now in Part 2, Area II. Planning the Engagement, Part 2, Area III. Performing the Engagement, & Part 2, Area IV. Communicating Engagement Results and Monitoring Progress.
40-50%
ΙΙΙ. Fraud Risks and Controls
Now in Part 1, Area VI. Fraud Risk
5-15%
2019 Syllabus
Ι. Managing the Internal Audit Activity 20%
ΙΙ. Planning the Engagement 20%
ΙΙΙ. Performing the Engagement 40%
ΙV. Communicating Engagement Results and Monitoring Progress 20%
BIGGEST CHANGES IN PART 2

No longer tests on fraud risk (although risk is still an element of Part 2)

Goes deeper into the Information Gathering process under Domain 3, Performing the Engagement.

Cognitive levels: 14 basic topics, 21 proficient topics

2018 Syllabus
I. Managing the Internal Audit Function
Now in Part 2, Area I. Managing the Internal Audit Activity
40-50%
II. Managing Individual Engagements
Now in Part 2, Area II. Planning the Engagement, Part 2, Area III. Performing the Engagement, & Part 2, Area IV. Communicating Engagement Results and Monitoring Progress.
40-50%
ΙΙΙ. Fraud Risks and Controls
Now in Part 1, Area VI. Fraud Risk
5-15%
2019 Syllabus
Ι. Managing the Internal Audit Activity 20%
ΙΙ. Planning the Engagement 20%
ΙΙΙ. Performing the Engagement 40%
ΙV. Communicating Engagement Results and Monitoring Progress 20%

Part 3: Business Knowledge for Internal Auditing

Previous Part Title: Internal Audit Knowledge Elements
BIGGEST CHANGES IN PART 3

Fewer topics

No longer tests on Governance or Ethics

 Now tests on Data Analytics

Cognitive levels: 32 basic topics, 3 proficient topics

Goes much deeper into Information Technology and Information Security

2018 Syllabus
I. Governance/Business Ethics
Now in Part 1
5-15%
II. Risk Management
Now in Part 1
10-20%
ΙΙΙ. Organizational Structure/Business Processes and Risks
Now in Part 3, Area I. Business Acumen
15-25%
ΙV. Communication
Removed. Elements of this topic appear in Part 1, Area III Performing the Engagement, Part 2, Area I. Managing the Internal Audit Activity, Part 2, Area IV. Communicating Engagement Results and Monitoring Progress, & Part 3, Area I. Business Acumen
5-10%
V. Management/Leadership Principles
Now in Part 3, Area I. Business Acumen
10-20%
VΙ. IT/Business Continuity
Now in Part 3, Area II. Information Security & Part 3, Area III. Information Technology
15-25%
VΙΙ. Financial Management
Now in Part 3, Area IV. Financial Management
10-20%
VΙΙΙ. Global Business Environment
Removed. Elements of this topic appear in Part 3, Area I. Business Acumen
0-10%
2019 Syllabus
Ι. Business Acumen 35%
ΙΙ. Information Security 25%
ΙΙΙ. Information Technology 20%
ΙV. Financial Management 20%
BIGGEST CHANGES IN PART 3

Fewer topics

No longer tests on Governance or Ethics

 Now tests on Data Analytics

Cognitive levels: 32 basic topics, 3 proficient topics

Goes much deeper into Information Technology and Information Security

2018 Syllabus
I. Governance/Business Ethics
Now in Part 1
5-15%
II. Risk Management
Now in Part 1
10-20%
ΙΙΙ. Organizational Structure/Business Processes and Risks
Now in Part 3, Area I. Business Acumen
15-25%
ΙV. Communication
Removed. Elements of this topic appear in Part 1, Area III Performing the Engagement, Part 2, Area I. Managing the Internal Audit Activity, Part 2, Area IV. Communicating Engagement Results and Monitoring Progress, & Part 3, Area I. Business Acumen
5-10%
V. Management/Leadership Principles
Now in Part 3, Area I. Business Acumen
10-20%
VΙ. IT/Business Continuity
Now in Part 3, Area II. Information Security & Part 3, Area III. Information Technology
15-25%
VΙΙ. Financial Management
Now in Part 3, Area IV. Financial Management
10-20%
VΙΙΙ. Global Business Environment
Removed. Elements of this topic appear in Part 3, Area I. Business Acumen
0-10%
2019 Syllabus
Ι. Business Acumen 35%
ΙΙ. Information Security 25%
ΙΙΙ. Information Technology 20%
ΙV. Financial Management 20%

Passing Score

The IIA has always set the level at which new CIAs need to perform. To do this, it conducts a standard-setting study to determine what constitutes a passing score.

The passing score will remain the same on the new exam: 600 on a scale of 250-750. However, because there will be a lot of changes all at once, the first candidates to take it will actually help The IIA determine how hard the new exam is, and what percent of answers correct is needed to achieve a 600. A 600 has always been a moving target. 600 equals 75% when the test is of a moderate difficulty level, and sometimes 600 is less than 75% when the test is more difficult.

What about the CIA exam hasn’t changed?

TEST FORMAT

The format of the test will stay the same. You will still be asked the same number of questions and given the same amount of time to finish each part of the exam.

PART 1:

125 questions    150 minutes

PART 2:

100 questions    120 minutes

PART 3:

100 questions    120 minutes

FEES AND REQUIREMENTS

The fees and requirements to take the CIA exam will also stay the same.

The Revised CIA Syllabus

You can read The IIA’s outline for the exam changes here. It is incredibly granular and much of the information isn’t relevant to your exam preparation, but it does offer more details if you need them.