Part 3 – Internal Audit Knowledge
Here is a breakdown of Part 3 of the Certified Internal Auditor Course:
100 questions | 2.0 Hours (120 minutes)
The new CIA exam Part 3 topics tested include governance and business ethics; risk management; organizational structure, including business processes and risks; communication; management and leadership principles; information technology and business continuity; financial management; and the global business environment. Note: All items in this section of the syllabus will be tested at the Awareness knowledge level unless otherwise indicated below.
I. Governance / Business Ethics (5-15%)
A. Corporate/Organizational Governance Principles – Proficiency Level (P)
B. Environmental and Social Safeguards
C. Corporate Social Responsibility
II. Risk Management (10-20%)- Proficiency Level (P)
A. Risk Management Techniques
B. Organizational Use of Risk Frameworks
III. Organizational Structure/Business Processes and Risks (15-25%)
A. Risk/Control Implications of Different Organizational Structures
B. Structure (e.g., centralized/decentralized)
C. Typical Schemes in Various Business Cycles (e.g., procurement, sales, knowledge, supply-chain management)
D. Business Process Analysis (e.g., workflow analysis and bottleneck management, theory of constraints)
E. Inventory Management Techniques and Concepts
F. Electronic Funds Transfer (EFT)/Electronic Data Interchange (EDI)/E-commerce
G. Business Development Life Cycles
H. The International Organization for Standardization (ISO) Framework
I. Outsourcing Business Processes
IV. Communication (5-10%)
A. Communication (e.g., the process, organizational dynamics, impact of computerization)
B. Stakeholder Relationships
V. Management / Leadership Principles (10-20%)
A. Strategic Management
- Global analytical techniques
- Structural analysis of industries
- Competitive strategies (e.g., Porter’s model)
- Competitive analysis
- Market signals
- Industry evolution
- Industry environments
- Competitive strategies related to:
- Fragmented industries
- Emerging industries
- Declining industries
- Competition in global industries
- Sources/impediments
- Evolution of global markets
- Strategic alternatives
- Trends affecting competition
- Competitive strategies related to:
- Strategic decisions
- Analysis of integration strategies
- Capacity expansion
- Entry into new businesses
- Forecasting
- Quality management (e.g., TQM, Six Sigma)
- Decision analysis
B. Organizational Behavior
- Organizational theory (structures and configurations)
- Organizational behavior (e.g., motivation, impact of job design, rewards, schedules)
- Group dynamics (e.g., traits, development stages, organizational politics, effectiveness)
- Knowledge of human resource processes (e.g., individual performance management, supervision, personnel sourcing/staffing, staff development)
- Risk/control implications of different leadership styles
- Performance (productivity, effectiveness, etc.)
C. Management Skills/Leadership Styles
- Lead, inspire, mentor, and guide people, building organizational commitment and entrepreneurial orientation
- Create group synergy in pursuing collective goals
- Team-building and assessing team performance
D. Conflict Management
- Conflict resolution (e.g., competitive, cooperative, and compromise)
- Negotiation skills
- Conflict management
- Added-value negotiating
E. Project Management / Change Management
- Change management
- Project management techniques
VI. IT / Business Continuity (15-25%)
A. Security
- Physical/system security (e.g., firewalls, access control)
- Information protection (e.g., viruses, privacy)
- Application authentication
- Encryption
B. Application Development
- End-user computing
- Change control (Proficiency Level)
- Systems development methodology (Proficiency Level)
- Application development (Proficiency Level)
- Information systems development
C. System Infrastructure
- Workstations
- Databases
- IT control frameworks (e.g., eSAC, COBIT)
- Functional areas of IT operations (e.g., data center operations)
- Enterprise-wide resource planning (ERP) software (e.g., SAP R/3)
- Data, voice, and network communications/connections (e.g., LAN, VAN, and WAN)
- Server
- Software licensing
- Mainframe
- Operating systems
- Web infrastructure
D. Business Continuity
- IT contingency planning
VII. Financial Management (10-20%)
A. Financial Accounting and Finance
- Basic concepts and underlying principles of financial accounting (e.g., statements, terminology, relationships)
- Intermediate concepts of financial accounting (e.g., bonds, leases, pensions, intangible assets, RandD)
- Advanced concepts of financial accounting (e.g., consolidation, partnerships, foreign currency transactions)
- Financial statement analysis (e.g., ratios)
- Types of debt and equity
- Financial instruments (e.g., derivatives)
- Cash management (e.g., treasury functions)
- Valuation models
- Business valuation
- Inventory valuation
- Capital budgeting (e.g., cost of capital evaluation)
- Taxation schemes (e.g., tax shelters, VAT)
B. Managerial Accounting
- General concepts
- Costing systems (e.g., activity-based, standard)
- Cost concepts (e.g., absorption, variable, fixed)
- Relevant cost
- Cost-volume-profit analysis
- Transfer pricing
- Responsibility accounting
- Operating budget
VIII. Global Business Environment (0-10%)
A. Economic / Financial Environments
- Global, multinational, international, and multi-local compared and contrasted
- Requirements for entering the global marketplace
- Creating organizational adaptability
- Managing training and development
B. Cultural / Political Environments
- Balancing global requirements and local imperatives
- Global mindsets (personal characteristics/competencies)
- Sources and methods for managing complexities and contradictions.
- Managing multicultural teams
C. Legal and Economics — General Concepts (e.g., contracts)
D. Impact of Government Legislation and Regulation on Business (e.g., trade legislation)