Skip Ribbon Commands
Skip to main content
Global Institute of Internal AuditorsBreadcrumb SeparatorCertificationBreadcrumb SeparatorCIA CertificationBreadcrumb SeparatorCIA Exam Syllabus, Part 3

CIA Exam Syllabus, Part 3 – Internal Audit Knowledge Elements

100 questions  | 2.0 Hours (120 minutes)

The new CIA exam Part 3 topics tested include governance and business ethics; risk management; organizational structure, including business processes and risks; communication; management and leadership principles; information technology and business continuity; financial management; and the global business environment. Note: All items in this section of the syllabus will be tested at the Awareness knowledge level unless otherwise indicated below.

I. Governance / Business Ethics (5-15%)

A. Corporate/Organizational Governance Principles – Proficiency Level (P)

B. Environmental and Social Safeguards

C. Corporate Social Responsibility

II. Risk Management (10-20%)- Proficiency Level (P)

A.  Risk Management Techniques

B. Organizational Use of Risk Frameworks (e.g. COSO and ISO 31000 Risk Management)

III. Organizational Structure/Business Processes and Risks (15-25%)

A. Risk/Control Implications of Different Organizational Structures

B. Structure (e.g., centralized/decentralized)

C. Typical Schemes in Various Business Cycles (e.g., procurement, sales, knowledge, supply-chain management)

D.  Business Process Analysis (e.g., workflow analysis and bottleneck management, theory of constraints)

E. Inventory Management Techniques and Concepts

F.  Electronic Funds Transfer (EFT)/Electronic Data Interchange (EDI)/E-commerce

G. Business Development Life Cycles

H.  The International Organization for Standardization (ISO) Framework

I. Outsourcing Business Processes

IV.  Communication (5-10%)

A. Communication (e.g., the process, organizational dynamics, impact of computerization)

B. Stakeholder Relationships

V. Management / Leadership Principles (10-20%)

A.  Strategic Management

  1. Global analytical techniques
    1. Structural analysis of industries
    2. Competitive strategies (e.g., Porter's model)
    3. Competitive analysis
    4. Market signals
    5. Industry evolution
  2. Industry environments
    1. Competitive strategies related to:
      1. Fragmented industries
      2. Emerging industries
      3. Declining industries
    2. Competition in global industries
      1. Sources/impediments
      2. Evolution of global markets
      3. Strategic alternatives
      4. Trends affecting competition
  3. Strategic decisions
    1. Analysis of integration strategies
    2. Capacity expansion
    3. Entry into new businesses
  4. Forecasting
  5. Quality management (e.g., TQM, Six Sigma)
  6. Decision analysis

B. Organizational Behavior

  1. Organizational theory (structures and configurations)
  2. Organizational behavior (e.g., motivation, impact of job design, rewards, schedules)
  3. Group dynamics (e.g., traits, development stages, organizational politics, effectiveness)
  4. Knowledge of human resource processes (e.g., individual performance management, supervision, personnel sourcing/staffing, staff development)
  5. Risk/control implications of different leadership styles
  6. Performance (productivity, effectiveness, etc.)

C.  Management Skills/Leadership Styles

  1. Lead, inspire, mentor, and guide people, building organizational commitment and entrepreneurial orientation
  2. Create group synergy in pursuing collective goals
  3. Team-building and assessing team performance

D. Conflict Management

  1. Conflict resolution (e.g., competitive, cooperative, and compromise)
  2. Negotiation skills
  3. Conflict management
  4. Added-value negotiating

E. Project Management / Change Management

  1. Change management
  2. Project management techniques

VI.  IT / Business Continuity (15-25%)

A.  Security

  1. Physical/system security (e.g., firewalls, access control)
  2. Information protection (e.g., viruses, privacy)
  3. Application authentication
  4. Encryption

B. Application Development

  1. End-user computing
  2. Change control (Proficiency Level)
  3. Systems development methodology (Proficiency Level)
  4. Application development (Proficiency Level)
  5. Information systems development

C. System Infrastructure

  1. Workstations
  2. Databases
  3. IT control frameworks (e.g., eSAC, COBIT)
  4. Functional areas of IT operations (e.g., data center operations)
  5. Enterprise-wide resource planning (ERP) software (e.g., SAP R/3)
  6. Data, voice, and network communications/connections (e.g., LAN, VAN, and WAN)
  7. Server
  8. Software licensing
  9. Mainframe
  10. Operating systems
  11. Web infrastructure

D.  Business Continuity

  1. IT contingency planning

VII. Financial Management (10-20%)

A.  Financial Accounting and Finance

  1. Basic concepts and underlying principles of financial accounting (e.g., statements, terminology, relationships)
  2. Intermediate concepts of financial accounting (e.g., bonds, leases, pensions, intangible assets, RandD)
  3. Advanced concepts of financial accounting (e.g., consolidation, partnerships, foreign currency transactions)
  4. Financial statement analysis (e.g., ratios)
  5. Types of debt and equity
  6. Financial instruments (e.g., derivatives)
  7. Cash management (e.g., treasury functions)
  8. Valuation models
  9. Business valuation
  10. Inventory valuation
  11. Capital budgeting (e.g., cost of capital evaluation)
  12. Taxation schemes (e.g., tax shelters, VAT)

B. Managerial Accounting

  1. General concepts
  2. Costing systems (e.g., activity-based, standard)
  3. Cost concepts (e.g., absorption, variable, fixed)
  4. Relevant cost
  5. Cost-volume-profit analysis
  6. Transfer pricing
  7. Responsibility accounting
  8. Operating budget

VIII. Global Business Environment (0-10%)

A. Economic / Financial Environments

  1. Global, multinational, international, and multi-local compared and contrasted
  2. Requirements for entering the global marketplace
  3. Creating organizational adaptability
  4. Managing training and development

B. Cultural / Political Environments

  1. Balancing global requirements and local imperatives
  2. Global mindsets (personal characteristics/competencies)
  3. Sources and methods for managing complexities and contradictions.
  4. Managing multicultural teams

C. Legal and Economics — General Concepts (e.g., contracts)

D. Impact of Government Legislation and Regulation on Business (e.g., trade legislation)

Candidates from the following countries must refer to their local IIA Institute web-site or contact their local representative for more information about local certification processes:


The information contained on this website pertains to all other countries.