The CIA has three computer-based, multiple-choice parts - Essentials of Internal Auditing, Practice of Internal Auditing, and Business Knowledge for Internal Auditing - each needing a scaled score of 600 to pass.
The CIA (Certified Internal Auditor) is awarded by the Institute of Internal Auditors (IIA). It is not connected to any intelligence agency; it is a professional credential in internal audit, risk and control. This is a plain-English summary; The IIA’s official syllabus is authoritative.
Part 1 - Essentials of Internal Auditing
125 questions in 2.5 hours. The foundations of internal auditing:
- Purpose, authority and mandate of internal audit
- Independence and objectivity
- Proficiency and due professional care
- Quality assurance and improvement programme
- Governance, risk management and control
- Fraud risk and the auditor’s role
Part 2 - Practice of Internal Auditing
100 questions in 2 hours. The engagement lifecycle:
- Managing the internal audit activity
- Planning the engagement
- Performing the engagement and gathering evidence
- Communicating results and monitoring follow-up
Part 3 - Business Knowledge for Internal Auditing
100 questions in 2 hours. The business context:
- Business acumen and organisational objectives
- Financial management and managerial accounting
- Information technology and information security
- Management, leadership and communication
Scoring and pass mark
Each part is reported on a scaled score from 250 to 750, and you need a scaled 600 to pass. Raw scores are converted to the scale, so 600 is the consistent passing line across parts. The exam is entirely multiple-choice. Confirm the current syllabus weightings and any updates on The IIA’s site, as the framework was revised in 2025.