Plain-English definitions of the terms for CIA study. Simplified for learning; The IIA’s materials are authoritative.
| Term | Definition |
|---|---|
| CIA | Certified Internal Auditor, a credential from the Institute of Internal Auditors (not an intelligence agency). |
| IIA | The Institute of Internal Auditors, the body that awards the CIA. |
| Internal audit | An independent, objective activity that adds value by evaluating and improving governance, risk and control. |
| Assurance | An objective examination giving confidence over governance, risk or control processes. |
| Consulting | Advisory work internal audit performs, distinct from assurance engagements. |
| Independence | Freedom from conditions that threaten the audit function’s objectivity. |
| Objectivity | An unbiased mental attitude when performing engagements. |
| Governance | The processes by which an organisation is directed and held accountable. |
| Risk management | Identifying, assessing and responding to risks to objectives. |
| Internal control | Processes designed to give reasonable assurance over objectives and reporting. |
| Risk appetite | The amount of risk an organisation is willing to accept in pursuit of its objectives. |
| Inherent risk | Risk before considering any controls. |
| Residual risk | Risk remaining after controls are applied. |
| Engagement | A specific internal audit assignment or review. |
| Three lines | A model splitting roles: operational management, risk and compliance functions, and internal audit. |
| Fraud | An intentional act of deception to gain an unjust advantage. |
| GIAS | The Global Internal Audit Standards, The IIA’s professional standards. |
| QAIP | Quality Assurance and Improvement Programme for the audit function. |
| CPE | Continuing Professional Education needed to keep the CIA active. |
| Scaled score | The 250-750 score used for the CIA, with 600 as the pass mark. |