Part I - CIA Entry Level Exam 125 Questions: 2.

5 Hours (150 minutes)

DomainI A B C DomainII A B C D E F MandatoryGuidance(3545%) DefinitionofInternalAuditing CodeofEthics InternationalStandards InternalControl/Risk(2535%) Typesofcontrols(e.g.,preventive,detective,input,output,etc.) Levelof Difficulty P P P P A A A A A A A Levelof Difficulty P P P P P P P P P P P P P P P

Managementcontroltechniques Internalcontrolframeworkcharacteristics&use(e.g.COSO,Cadbury) Alternativecontrolframeworks Riskvocabularyandconcepts Fraudriskawareness 1.Typesoffraud 2.Fraudredflags DomainIII ConductingInternalAuditEngagements AuditTools&Techniques(2838%) A B C D E F DataGathering: 1.Reviewpriorauditreportsandotherrelevantdocumentationaspart ofapreliminarysurveyoftheengagementarea 2.Developchecklists/internalcontrolquestionnairesaspartofa preliminarysurveyoftheengagementarea 3.Conductinterviewsaspartofapreliminarysurveyoftheengagement area 4.Useobservationtogatherdata 5.Conductengagementtoassureidentificationofkeyrisks&controls 6.Usenonstatistical(judgmental)samplingmethod DataAnalysis&Interpretation: 1.Usecomputerizedaudittoolsandtechniques(e.g.,dataminingand extraction,continuousmonitoring) 2.Conductspreadsheetanalysis 3.Useanalyticalreviewtechniques(e.g.,ratioestimation,variance analysis,budgetvs.actual,trendanalysis,otherreasonablenesstests) 4.Drawconclusions DataReporting 1.Reporttestresultstoauditorincharge Documentation/WorkPapers 1Developworkpapers ProcessMapping Evaluaterelevance,sufficiency,&competenceofevidence 1.Identifypotentialsourcesofevidence

Part II - CIA Exam Practice 100 Questions: 2 hours (120 minutes)

DomainI A ManagingtheInternalAuditFunction(4050%) StrategicRoleofInternalAudit 1.Initiate,manage,beachangecatalyst,andcopewithchange 2.Buildandmaintainnetworkingwithotherorganizationexecutives andtheauditcommittee 3.Organizeandleadateaminmapping,analysis,andbusinessprocess improvement 4.Assessandfostertheethicalclimateoftheboardandmanagement 5.Educateseniormanagementandtheboardonbestpracticesin governance,riskmanagement,control,andcompliance 6.Communicateinternalauditkeyperformanceindicatorstosenior managementandtheboardonaregularbasis 7.CoordinateIAeffortswithexternalauditor,regulatoryoversight bodiesandotherinternalassurancefunctions. OperationalRoleofIA 1.Formulatepoliciesandproceduresfortheplanning,organizing, directing,andmonitoringofinternalauditoperations 2.Reviewtheroleoftheinternalauditfunctionwithintherisk managementframework 3.Directadministrativeactivities(e.g.,budgeting,humanresources)of theinternalauditdepartment 4.Interviewcandidatesforinternalauditpositions 5.Reportontheeffectivenessofcorporateriskmanagementprocesses toseniormanagementandtheboard 6.Reportontheeffectivenessoftheinternalcontrolandrisk managementframeworks MaintaineffectiveQualityAssuranceImprovementProgram EstablishRiskBasedIAPlan 1.Usemarket,product,andindustryknowledgetoidentifynewinternal auditengagementopportunities 2.Useariskframeworktoidentifysourcesofpotentialengagements (e.g.,audituniverse,auditcyclerequirements,managementrequests, regulatorymandates) 3.Establishaframeworkforassessingrisk 4.Rankandvalidateriskprioritiestoprioritizeengagementsintheaudit plan 5.IdentifyinternalauditresourcerequirementsforannualIAplan 6.Communicateareasofsignificantriskandobtainapprovalfromthe boardfortheannualengagementplan Levelof Difficulty P P P P P

B C

P P

P P P P P P P P P

P P P P

DomainII A B C D

ManagingIndividualEngagements(4050%) PlanEngagements 1.Establishengagementobjectives/criteriaandfinalizethescopeofthe engagement 2.Planengagementtoassureidentificationofkeyrisks&controls 3.Completeadetailedriskassessmentofeachauditarea(prioritizeor evaluaterisk/controlfactors) 4.Determineengagementproceduresandprepareengagementwork program 5.Determinethelevelofstaffandresourcesneededforthe engagement 6.Constructauditstaffscheduleforeffectiveuseoftime SuperviseEngagement 1.Direct/superviseindividualengagements 2.Nurtureinstrumentalrelations,buildbonds,andworkwithothers towardsharedgoals 3.Coordinateworkassignmentsamongauditteammemberswhen servingastheauditorinchargeofaproject 4.Reviewworkpapers 5.Conductexitconference 6.Completeperformanceappraisalsofengagementstaff CommunicateEngagementResults 1.Initiatepreliminarycommunicationwithengagementclients 2.Communicateinterimprogress 3.Developrecommendationswhenappropriate 4.Preparereportorothercommunication 5.Approveengagementreport 6.Determinedistributionofthereport 7.Obtainmanagementresponsetothereport 8.Reportoutcomestoappropriateparties MonitorEngagementOutcomes 1.Identifyappropriatemethodtomonitorengagementoutcomes

Levelof Difficulty P P P P P P P P P P P P P P P P P P P P P P P P P P Levelof Difficulty P

2.Monitorengagementoutcomesandconductappropriatefollowup bytheinternalauditactivity 3.Conductfollowupandreportonmanagement'sresponsetointernal auditrecommendations 4.Reportsignificantauditissuestoseniormanagementandtheboard periodically DomainIII FraudRisksandControls(515%) A Considerthepotentialforfraudrisksandidentifycommontypesof fraudassociatedwiththeengagementareaduringtheengagement planningprocess

B C D E F G H

Determineiffraudrisksrequirespecialconsiderationwhenconducting anengagement Determineifanysuspectedfraudmeritsinvestigation Completeaprocessreviewtoimprovecontrolstopreventfraudand recommendchanges Employauditteststodetectfraud Supportacultureoffraudawarenessandencouragethereportingof improprieties Interrogation/investigativetechniques Forensicauditing

P P P P P A A

Part III - Internal Audit Knowledge Elements 100 Questions: 2 hours (120 minutes)
DomainI A B C Governance/BusinessEthics(515%) Corporate/organizationalgovernanceprinciples Environmentalandsocialsafeguards Corporatesocialresponsibility RiskManagement(1020%) Riskmanagementtechniques Organizationaluseofriskframeworks OrganizationalStructure/ BusinessProcesses&Risks(1525%) Risk/controlimplicationsofdifferentorganizationalstructures Structure(e.g.,centralized/decentralized) Typicalschemesinvariousbusinesscycles(e.g.,procurement,sales, knowledge,supplychainmanagement) Businessprocessanalysis(e.g.,workflowanalysisandbottleneck management,theoryofconstraints) Inventorymanagementtechniquesandconcepts Electronicfundstransfer(EFT)/Electronicdatainterchange(EDI) Businessdevelopmentlifecycles TheInternationalOrganizationforStandardization(ISO)framework Outsourcingbusinessprocesses Communication(510%) Communication(e.g.,theprocess,organizationaldynamics,impactof computerization) Stakeholderrelationships Management/LeadershipPrinciples(1020%) Levelof Difficulty A A A Levelof Difficulty A A Levelof Difficulty A A A A A A A A A Levelof Difficulty A A Levelof Difficulty

DomainII A B

DomainIII A B C D E F G H I

DomainIV A B

DomainV

A B

StrategicManagement 1.Forecasting 2.Qualitymanagement(e.g.,TQM,Sixsigma) 3.Decisionanalysis OrganizationalBehavior 1.OrganizationalTheory 2.Organizationalbehavior(e.g.,motivation,impactofjobdesign, rewards,schedules) 3.Groupdynamics(e.g.,traits,developmentstages,organizational politics,effectiveness) 4.Knowledgeofhumanresourceprocesses(e.g.,individual performancemanagement,supervision,personnelsourcing/staffing, staffdevelopment) 4.Risk/controlimplicationsofdifferentleadershipstyles ManagementSkills 1.Lead,inspire,andguidepeople,buildingorganizationalcommitment andentrepreneurialorientation 2.Creategroupsynergyinpursuingcollectivegoals ConflictManagement 1.Conflictresolution(e.g.,competitive,cooperative,andcompromise) 2.Negotiationskills 3.Conflictmanagement 4.Addedvaluenegotiating ProjectManagement/ChangeManagement 1.Changemanagement 2.Projectmanagementtechniques IT/BusinessContinuity(1525%) Security 1.Systemsecurity(e.g.,firewalls,accesscontrol) 2.Informationprotection(e.g.,viruses,privacy) 3.Applicationauthentication 4.Encryption ApplicationDevelopment 1.Endusercomputing 2.Changecontrol 3.Systemsdevelopmentmethodology 4.Applicationdevelopment 5.Informationsystemsdevelopment SystemInfrastructure 1.Workstations

A A A A A A A

C D E

A A A A A A A A A Levelof Difficulty A A A A A A A A A A

DomainVI A B C

2.Databases 3.ITcontrolframeworks(e.g.,eSAC,COBIT) 4.FunctionalareasofIToperations(e.g.,datacenteroperations) 4.Enterprisewideresourceplanning(ERP)software(e.g.,SAPR/3) 5.Dataandnetworkcommunications/connections(e.g.,LAN,VAN,and WAN) 6.Server 7.Softwarelicensing 8.Mainframe 9.Operatingsystems BusinessContinuity 1.ITcontingencyplanning FinancialManagement(1323%) FinancialAccounting&Finance 1.Basicconceptsandunderlyingprinciplesoffinancialaccounting(e.g., statements,terminology,relationships) 2.Intermediateconceptsoffinancialaccounting(e.g.,bonds,leases, pensions,intangibleassets,R&D) 3.Advancedconceptsoffinancialaccounting(e.g.,consolidation, partnerships,foreigncurrencytransactions) 4.Financialstatementanalysis(e.g.,ratios) 5.Typesofdebtandequity 6.Financialinstruments(e.g.,derivatives) 7.Cashmanagement(e.g.,treasuryfunctions) 8.Valuationmodels 9.Businessvaluation 10.Inventoryvaluation 11.Capitalbudgeting(e.g.,costofcapitalevaluation) 12.Taxationschemes(e.g.,taxshelters,VAT) ManagerialAccounting 1.Managerialaccounting:generalconcepts 2.Costingsystems(e.g.,activitybased,standard) 3.Costconcepts(e.g.,absorption,variable,fixed) 4.Relevantcost 5.Costvolumeprofitanalysis 6.Transferpricing 7.Responsibilityaccounting 8.Operatingbudget GlobalBusinessEnvironment(010%)

A A A A A A A A A A Levelof Difficulty A A A A A A A A A A A A A A A A A A A A Levelof Difficulty

DomainVII A B

DomainVIII

A B C D

Economic/financialenvironments Cultural/politicalenvironments Legalandeconomicsgeneralconcepts(e.g.,contracts) Impactofgovernmentlegislationandregulationonbusiness(e.g.,trade legislation)

A A A A