Skip to Content

2019 CIA Exam Syllabus Part 3 – Business Knowledge for Internal Auditing

100 questions | 2.0 Hours (120 minutes)

The CIA exam Part 3 includes four domains focused on business acumen, information security, information technology, and financial management. Part 3 is designed to test candidates’ knowledge, skills, and abilities particularly as they relate to these core business concepts.​

Additional noteworthy elements related to the revised CIA Part Three exam syllabus:

  • The number of topics covered on the Part Three exam has been greatly refocused to the core areas that are most critical for internal auditors.
  • The exam syllabus features a new subdomain on data analytics.
  • The information security portion of the exam has been expanded to include additional topics such as cybersecurity risks and emerging technology practices.
  • The largest domain is “Business Acumen,” which makes up 35% of the exam.
  • A portion of the exam requires candidates to demonstrate a basic comprehension of concepts; another portion requires candidates to demonstrate proficiency in their knowledge, skills, and abilities.

CIA Part 3 Reference List

Most Relevant

  • The IIA’s International Professional Practices Framework
  • Applying the International Professional Practices Framework, 4th edition, by Urton Anderson and Andrew J. Dahle ​(2018)
  • Internal Auditing Assurance and Advisory Services, by Urton Anderson et. al., 5th edition (2022)
  • Sawyer's Guide for Internal Auditors, 7th edition (2019)
  • COSO frameworks and whitepapers
  • Understanding Management, by Richard Daft and Dorothy Marcic, 12th ed (2022)
  • Data Analysis and Sampling Simplified: A Practical Guide for Internal Auditors, by Donald Dickie (2019)
  • ISACA framework and guidance
  • Principles of Information Security, by Michael Whitman and Herbert Mattord (2021)
  • IT Auditing: Using Controls to Protect Information Assets, by Chris Davis, Mike Schiller, and Kevin Wheeler (2019)
  • Internal Audit of the Future: The Impact of Technology and Innovation, by A. Michael Smith (2019)
  • Fundamentals of IT Audit for Operational Auditors (2022)
  • National Institute of Standards and Technology (NIST) framework
  • Privacy and Data Protection: Internal Audit’s Role in Establishing a Resilient Framework, by IIA Foundation and Crowe (2020)
  • Accounting Principles, by Jerry Weygandt, Paul Kimmel, and Donald Kieso, 14th edition (2020)

Additional Resources

  • IIA Position Papers
  • Ready and Relevant: Prepare to Audit What Matters Most, by Timothy Berichon (2020)
  • Project Management Body of Knowledge (PMBOK) Guide, by Project Management Institute
  • Performance Auditing: Measuring Inputs, Outputs, and Outcomes, by Stephen Morgan, Ronell Raaum, and Colleen Waring
  • "Analytics: Good Practices for (smaller) IAFs," by IIA-Netherlands
  • Auditing Social Media: A Governance and Risk Guide, by J. Mike Jacka and Peter Scott (2019)
  • Auditing the Procurement Function by David O'Regan
  • Current resources on internal auditing and relevant topics

Access CCMS

Click here