CIA Exam Structure 2026: Syllabus & Format Guide

CIA Exam Structure 2026: Complete Syllabus, Format & Domain Guide

The Certified Internal Auditor (CIA) exam is the gateway to the only globally recognised internal audit credential. Whether you're a commerce graduate in Mumbai, a risk professional in Dubai, or an aspiring auditor anywhere in the world, understanding the CIA exam structure is your first step toward certification success.

This comprehensive guide breaks down each exam part, the latest 2026 syllabus changes, domain weightages, and actionable preparation strategies to help you pass efficiently.

What is the CIA Exam?

The CIA examination is administered by The Institute of Internal Auditors (IIA) and tests candidates across three distinct parts. Each part evaluates different competencies required for internal audit professionals—from foundational principles to practical engagement skills and broader business knowledge.

Unlike some professional exams that test memorisation, the CIA exam assesses your ability to apply internal audit concepts in real-world scenarios. This application-based approach means understanding "why" matters as much as knowing "what."

Key exam facts at a glance:

If you're exploring whether the CIA certification aligns with your career goals, our CIA certification eligibility guide covers the education and experience requirements in detail.

CIA Exam Structure Overview

The three-part structure progressively builds your competence—starting with foundational knowledge, moving to practical application, and culminating in broader business acumen.

Part-by-Part Summary

Important note: You can take the parts in any order. Many candidates start with Part 1 for foundational grounding, but some prefer tackling Part 3 first if they have strong business backgrounds.

Part 1: Internal Audit Fundamentals

Part 1 establishes your foundation in internal auditing principles. It aligns closely with The IIA's International Professional Practices Framework (IPPF) and the Global Internal Audit Standards.

Domain Breakdown (2025/2026 Syllabus)

What Each Domain Covers

Domain 1: Foundations of Internal Auditing (35%)

This heavily weighted domain tests your understanding of:

• Purpose and role of internal audit within organisations
• The IIA's Mission, Core Principles, and Definition of Internal Auditing
• Types of audit services (assurance vs. consulting)
• Relationship between internal audit and external stakeholders
• Quality Assurance and Improvement Program (QAIP) fundamentals

Domain 2: Ethics and Professionalism (20%)

Internal auditors must maintain the highest ethical standards. Expect questions on:

• IIA Code of Ethics (integrity, objectivity, confidentiality, competency)
• Independence and objectivity requirements
• Impairments to independence and how to address them
• Professional skepticism in audit engagements

Domain 3: Governance, Risk Management, and Control (30%)

The second-largest domain covers:

• Corporate governance principles and structures
• Risk management frameworks (COSO ERM, ISO 31000)
• Internal control concepts and components
• Board and audit committee responsibilities
• Three Lines Model (formerly Three Lines of Defence)

Domain 4: Fraud Risks (15%)

Fraud detection is increasingly critical. This domain includes:

• Types of fraud (asset misappropriation, corruption, financial statement fraud)
• Fraud risk indicators and red flags
• Internal audit's role in fraud prevention and detection
• Basic forensic auditing concepts

Exam Format: Part 1

• Questions: 125 multiple-choice
• Duration: 2 hours 30 minutes (150 minutes)
• Passing Score: 600 out of 750

Study Strategy for Part 1

Allocate your study time proportionally to domain weightage. With Foundations (35%) and Governance (30%) comprising 65% of the exam, prioritise these areas while ensuring you don't neglect Ethics and Fraud.

For structured preparation with adaptive learning that targets your weak areas automatically, consider Surgent's CIA Review course, which uses AI to personalise your study path.

Part 2: Internal Audit Engagement

Part 2 transitions from "what internal auditors should know" to "what internal auditors actually do." This practical part tests your ability to plan, execute, and communicate audit engagements.

Domain Breakdown (2025/2026 Syllabus)

What Each Domain Covers

Domain 1: Engagement Planning (50%)

Half of Part 2 focuses on planning—reflecting how critical proper planning is to audit success:

• Preliminary engagement activities
• Risk assessment and audit universe
• Defining engagement objectives and scope
• Resource allocation and work programs
• Criteria for evaluating controls and processes

Domain 2: Information Gathering, Analysis, and Evaluation (40%)

This domain tests your fieldwork capabilities:

• Evidence collection techniques (interviews, observation, inspection)
• Sampling methodologies (statistical and non-statistical)
• Analytical procedures and data analytics
• Working paper documentation standards
• Evaluating the adequacy and effectiveness of controls
• Identifying control deficiencies and root causes

Domain 3: Engagement Supervision and Communication (10%)

Though smaller in weightage, this domain is essential:

• Supervising engagement teams
• Reviewing working papers
• Communicating engagement results
• Final engagement communications (reports)
• Monitoring management's corrective actions

Exam Format: Part 2

• Questions: 100 multiple-choice
• Duration: 2 hours (120 minutes)
• Passing Score: 600 out of 750

Study Strategy for Part 2

Part 2 rewards practical understanding. Simply memorising standards won't suffice—you need to understand how concepts apply to real audit scenarios.

Practice with scenario-based questions extensively. The Surgent CIA course includes 3,000+ questions with detailed explanations that help you understand not just the correct answer, but why other options are incorrect.

Part 3: Internal Audit Function

Part 3 is often considered the most challenging due to its breadth. It tests business knowledge that internal auditors need to operate effectively across diverse organisational environments.

Domain Breakdown (2025/2026 Syllabus)

What Each Domain Covers

Domain 1: Internal Audit Operations (25%)

Managing the internal audit function requires understanding:

• Role of the Chief Audit Executive (CAE)
• Internal audit charter and policies
• Resource management and staffing
• Coordination with external auditors and regulators
• Internal audit's role in organisational governance

Domain 2: Internal Audit Plan (15%)

Strategic planning for audit activities includes:

• Risk-based audit planning
• Developing the annual audit plan
• Aligning audit activities with organisational objectives
• Adjusting plans based on emerging risks

Domain 3: Quality of the Internal Audit Function (10%)

Quality assurance ensures audit credibility:

• Internal quality assessments
• External quality assessments
• Continuous improvement processes
• Conformance with IIA Standards

Domain 4: Business Acumen and Information Technology (30%)

The largest domain in Part 3 covers:

• Organisational structures and business processes
• Economic concepts affecting organisations
• Information security principles and cybersecurity
• IT governance and controls
• Data analytics and emerging technologies
• Business continuity and disaster recovery

Domain 5: Financial Management (20%)

Internal auditors must understand financial concepts:

• Financial statement analysis
• Budgeting and forecasting
• Working capital management
• Capital investment decisions
• Financial ratios and performance metrics

Exam Format: Part 3

• Questions: 100 multiple-choice
• Duration: 2 hours (120 minutes)
• Passing Score: 600 out of 750

Study Strategy for Part 3

Part 3's breadth can feel overwhelming. Focus on understanding concepts rather than memorising details. The IT and Financial Management domains often challenge candidates from non-technical backgrounds—allocate extra time if these are weak areas.

If you're already working in internal audit or finance, your practical experience will significantly strengthen your understanding of Part 3's business-focused content.

2025/2026 Syllabus Changes: What's New?

The IIA periodically updates the CIA syllabus to reflect evolving practices. The 2025 syllabus (testable from May 2025 in English) introduced several changes:

Key Changes from 2019 to 2025 Syllabus

Structural shifts include:

• Part 1 now has four domains (previously six), with content consolidated
• Part 2 reduced from four domains to three, with a heavier emphasis on planning
• Part 3 reorganised to include internal audit management topics previously in Part 2
• Greater alignment with the new Global Internal Audit Standards

What this means for candidates:

If you're starting preparation now, ensure your study materials reflect the 2025/2026 syllabus. Outdated materials could leave gaps in your preparation. The Surgent CIA Review includes automatic content updates, ensuring you're always studying current material.

CIA Exam Scoring: How It Works

Understanding the scoring system helps set realistic expectations.

Scaled Scoring Explained

• Raw score: Number of questions answered correctly
• Scaled score: Converted to a scale of 250-750
• Passing threshold: 600

The scaled scoring adjusts for slight differences in difficulty across exam versions, ensuring fairness across testing windows.

What "600" Really Means

A passing score of 600 doesn't mean answering 80% of the questions correctly. The scaling process means you typically need to answer approximately 70-75% of questions correctly, though this varies.

Score Reports

• Unofficial results: Displayed immediately after completing the exam
• Official results: Available in CCMS within 24-48 hours
• Score breakdown: Reports show performance by domain, helping identify weak areas if you need to retake

How to Register for the CIA Exam

The registration process involves several steps through the IIA's Certification Candidate Management System (CCMS).

Step-by-Step Process

1. Create an IIA account – Register at the IIA website
2. Apply – Provide education and experience documentation
3. Pay application fee – One-time fee for program enrollment
4. Receive approval – Typically 2-4 weeks
5. Register for exam parts – Pay per-part registration fees
6. Schedule at Pearson VUE – Choose your test centre and date

For detailed registration guidance, see our CIA certification application process guide.

Pearson VUE Test Centres in India

The CIA exam is available at Pearson VUE testing centres across major Indian cities:

• Mumbai
• Delhi/NCR
• Bangalore
• Chennai
• Hyderabad
• Kolkata
• Pune
• Ahmedabad

Test centres typically operate Monday through Saturday, with multiple time slots available each day.

How Long Should You Study?

Study duration varies based on background and available time, but general guidelines suggest:

Factors Affecting Study Time

• Background: Accounting/audit professionals may need less time
• Work schedule: Full-time workers often extend timelines
• Study efficiency: Adaptive courses like Surgent can reduce total hours by focusing on weak areas

The ReadySCORE™ feature in Surgent's CIA course predicts your actual exam score, helping you know exactly when you're ready to sit—no more guessing.

CIA vs Other Certifications

Understanding how the CIA compares to other credentials helps you make informed decisions.

For a detailed comparison, read our CMA certification guide or explore how the CPA pathway differs.

Frequently Asked Questions

Can I take the CIA exam parts in any order?

Yes. The IIA allows you to take Parts 1, 2, and 3 in any sequence. However, most candidates prefer starting with Part 1 since foundational concepts help with later parts.

How long are CIA exam scores valid?

Once you pass a part, that score remains valid indefinitely—there's no expiration. However, you must complete all three parts within the program enrollment window.

Can I retake a failed part of the CIA exam?

Yes. If you fail, you can retake after a 90-day waiting period. There's no limit to retake attempts, though each attempt requires paying the registration fee again.

Is the CIA exam difficult?

The CIA exam is challenging but achievable with proper preparation. Global pass rates hover around 40-45% per part, but candidates using structured review courses report significantly higher success rates.

Do I need work experience before taking the CIA exam?

You can sit for the exam before completing the experience requirements. However, you must fulfil all requirements (education, experience, character reference) before the IIA awards your certification.

For comprehensive eligibility details, visit our CIA certification eligibility guide.

How much does the complete CIA certification cost?

Total costs include IIA application fees, exam registration fees per part, and study materials. For IIA members, expect to pay approximately $855-$1,100 in exam fees alone. Add ₹10,000-₹50,000 for review courses, depending on your choice.

Take the Next Step

The CIA certification represents a significant career investment with substantial returns. Internal audit professionals with the CIA designation command higher salaries, greater career mobility, and recognition as experts in their field.

Understanding the exam structure is your foundation—now it's time to build on it with focused preparation.

Ready to start your CIA journey?

Eduyush offers the Surgent CIA Review at India's most competitive prices, with adaptive AI technology that helps you pass faster. The course includes:

• ✅ 3,000+ CIA-style practice questions
• ✅ ReadySCORE™ exam readiness predictor
• ✅ 18-month access with free content updates
• ✅ Free printed textbooks shipped to India
• ✅ Mobile app for studying anywhere

Explore Surgent CIA Review →

This guide reflects the 2025/2026 CIA exam syllabus. Always verify current requirements with The Institute of Internal Auditors.