CIA® Challenge Exam Guide to Certification

September 2016

2

Table of Contents SECTION ONE – Introduction to The IIA ....................................................................................................... 3

The Institute of Internal Auditors ............................................................................................................ 3

Advantages of Becoming an IIA Member ................................................................................................ 3

SECTION TWO – Journey to Certification .................................................................................................... 4

Eligibility Requirements ........................................................................................................................... 4

Steps to Certification ................................................................................................................................ 4

Before You Start ....................................................................................................................................... 4

Accommodations for Individuals with Disabilities .................................................................................... 6

Pricing........................................................................................................................................................ 7

Online Assistance ...................................................................................................................................... 7

CIA Challenge Exam Syllabus..................................................................................................................... 8

CIA Challenge Exam Study Resources ..................................................................................................... 12

SECTION THREE – Exam Security ................................................................................................................ 13

Why Security Matters ............................................................................................................................. 13

What Happens if Security is Violated? .................................................................................................... 13

Candidate Conduct at Pearson VUE Test Centers ................................................................................... 15

Where to Direct Exam Security Questions or Concerns ......................................................................... 15

SECTION FOUR - Maintaining Certification ............................................................................................... 16

CIA Continuing Professional Education (CPE) Reporting Requirements ................................................. 16

3

SECTION ONE – Introduction to The IIA The Institute of Internal Auditors Internal auditors impact every aspect of an organization from finance and operations to marketing and

human resources, acting as coaches, stakeholder advocates, risk managers, control experts, efficiency

specialists, and problem-solving partners. Established in 1941, The Institute of Internal Auditors (IIA) is

an international professional association with global headquarters in Altamonte Springs, Florida, USA.

The IIA is the internal audit profession's global voice, recognized authority, acknowledged leader, chief

advocate, and principal educator. Generally, members work in internal auditing, risk management,

governance, internal control, information technology audit, education, and security.

The IIA has been the foundation for the internal audit profession and its practitioners for over 75 years

and serves as the internal auditor’s partner — providing guidance to tackle the complex issues internal

auditors face on a daily basis.

Advantages of Becoming an IIA Member The IIA has more than 180,000 members worldwide who enjoy benefits including local, national, and global professional networking; world-class training; certification; standards and guidance; research; executive development; career opportunities; and resources such as IIA Quality Services make The Institute an indispensable partner to you. As a member, you can stay connected, boost your knowledge, gain more confidence, and enjoy reduced fees for resources and materials to help you in your profession.

Enjoy reduced exam application and registration fees

Take advantage of free or reduced CPE reporting fees

Participate in local, regional, and global conferences and key events

Attend members-only webinars to earn valuable Continued Professional Education (CPE) without leaving your desk

4

SECTION TWO – Journey to Certification The Certified Internal Auditor® (CIA®) professional credential is The IIA’s globally recognized premier designation and sets the standard for excellence within the internal audit profession. It provides recognition and status among peers and principal stakeholders, and identifies individuals as committed and competent internal audit professionals. There are currently over 140,000 CIA’s worldwide. According to The IIA’s 2015 Compensation Study, Certified Internal Auditors earn up to 43% more in salary than their non-certified peers.

Eligibility Requirements Only Chartered Accountants of Singapore (CA) and Fellow Chartered Accountants of Singapore (FCA) are eligible to apply to the program as long as their ISCA membership is current and in good standing. ISCA members must meet the requirements and request a Letter of Good Standing from ISCA and submit it together with the completed Character Reference Form and a copy of acceptable government issued photo identification.

Steps to Certification The CIA Challenge Exam program requires candidates to apply to the program using The IIA’s Certification Candidate Management System (CCMS). Follow the steps below to successfully create a Profile in CCMS and apply and register for the exam. If a candidate has taken an IIA exam in the past, a Profile already exists in CCMS. DO NOT create a second record. Candidates experiencing difficulty or those requiring a password reset should refer to the CCMS Users Guide, or contact Customer Relations at customerrelations@theiia.org or +1-407-937-1111. Access the CCMS User Guide to create a profile or access and existing profile.

Before You Start ISCA Member Verification Process ISCA members must request a Letter of Good Standing from ISCA by contacting their Member Services Department at +65-6597 5533 or membership@isca.org.sg. The Letter of Good Standing, required for application approval, is issued at the sole discretion of ISCA and a copy is provided to IIA Singapore. Only Chartered Accountants of Singapore (CA) and Fellow Chartered Accountants of Singapore (FCA) are eligible to apply to the program as long as their ISCA membership is current and in good standing. Please note that ISCA Associates DO NOT qualify for the program.

5

Six Steps to Certification After obtaining the ISCA membership letter, the CIA Challenge Exam process is completed in six easy steps:

1. CREATE 2. APPLY 3. SUBMIT 4. REGISTER 5. SCHEDULE 6. SIT

Follow these instructions and useful links:

1. CREATE a Candidate profile in CCMS The IIA’s Certification Candidate Management System (CCMS) is a user-friendly system to help candidates apply, register, and maintain certification. Access CCMS and follow the instructions to create a profile or to retrieve CCMS login information or password. After candidates complete their profile, they will be able to APPLY into the CIA Challenge Exam program.

CCMS User Guide

2. APPLY to the CIA Challenge Exam Program After successfully completing the profile in CCMS, navigate to the “Complete a Form” section on the left side navigation panel. Under the NEW FORMS tab, look for the form labeled CIA Challenge Exam. Click on the form title to open the form. Complete the entire application form and submit with credit card payment. Upon successful completion, candidates receive an automated email confirming application submission.

3. SUBMIT required supporting documents CIA Challenge Exam applicants must provide all required documents (ISCA’s Letter of Good Standing, signed Character Reference Form and copy of valid government issued photo identification) for review and approval. Failure to submit required documentation may result in application expiration and all fees will be forfeited. All documents must be submitted no later than 31 October 2016.

Prepare and scan ISCA’s Letter of Good Standing, completed Character Reference Form and acceptable form of valid government issued photo identification (current official driver’s license, passport or national identity card with indicated current status; expired documents will not be accepted). To obtain additional information regarding acceptable photo identification, please review the IIA’s Photo ID Policy.

All documents must be scanned as a PDF or TIFF file format and uploaded through the Certification Document Upload Portal in a manner that ensures the photo is clearly legible. Submit the document type accordingly, per the drop down menu. Access the Document Upload Portal. If a candidate experiences difficulty using the Document Upload Portal, the candidate should submit an incident in CCMS to request assistance.

6

4. REGISTER for the exam Candidates will not be able to register for the exam until the application and required documents are approved. Candidates will receive approval notification from The IIA, which includes complete instructions and a link to CCMS to complete the exam registration. Candidates will then receive an “Authorization to Test” notification via email advising them to contact Pearson VUE to schedule the exam. Candidates are asked to wait 48 hours from receipt of notification before contacting Pearson VUE.

5. SCHEDULE the exam The CIA Challenge Exam is available through computer-based testing. Candidates are able to sit for the exam at any IIA-authorized Pearson VUE test center in Singapore only, 1 November to 16 December 2016 only. Candidates can access the Pearson VUE website to locate the nearest test center and will follow the instructions to schedule the exam. All activities related to scheduling or rescheduling an exam are managed directly with Pearson VUE. ISCA members NOT RESIDING in Singapore should access their CCMS account and open an incident expressing interest in taking the CIA Challenge Exam at a location outside of Singapore. The incident category is labeled “CIA Challenge Exam”. Add “Admin Request” to the subject line and be sure to include the ISCA Member ID and the city and country of candidate’s residence. A member of the IIA’s Certification team will contact the candidate regarding applying for and scheduling the exam.

6. SIT for the exam Candidates will receive a “Confirmation to Test” email notification from Pearson VUE with complete instructions to sit for the exam. Candidates must follow the instructions and:

Arrive at the test center early (at least 30 minutes).

Bring the Pearson VUE exam appointment confirmation letter.

At check in, present acceptable personal identification (this must exactly match the name provided during the exam registration process, be current, and be an original document).

Accommodations for Individuals with Disabilities If a candidate has a physical or medical condition that requires modification to the test administration conditions, immediately upon submitting an exam registration and prior to scheduling with Pearson VUE, candidates should contact Gabriel Marquez in The IIA’s Global Certifications Department at +1-407-937-1277 or Gabriel.Marquez@theiia.org. Gabriel will assist candidates through the process to obtain appropriate test accommodations. Requests may take 30 days or more to implement, depending on the nature of the accommodation needed.

7

Pricing The CIA Challenge Exam is a unique opportunity to obtain this highly sought after certification. The exam bundle is $1,500 USD for non IIA members and $1,300 USD if the candidate is already a member of The IIA. The bundle includes the following components:

CIA exam application fee (normally $100 USD member/$200 USD non-member)

CIA exam registration fee (normally $650 USD member/$950 USD non-member)

The IIA’s ISCA CIA Challenge Exam Study Guide in downloadable e-book format (normally $550 USD member/$650 USD non-member)

IIA Membership (nonmembers only)

Payment must be received at the time of application using a credit card only. Applications will not be processed until payment if received.

Online Assistance If a candidate experiences difficulty, they should access their CCMS account and submit an incident. To expedite processing, select the incident category labeled “CIA Challenge Exam”. Add “Admin Request” to the subject line.

8

CIA Challenge Exam Syllabus The Certified Internal Auditor Challenge Exam tests a candidate’s knowledge of current internal auditing practices and understanding of internal audit issues, risks, and remedies at the proficiency level, unless otherwise indicated.

ALL TOPICS TESTED AT PROFICIENCY LEVEL unless otherwise indicated

From CIA Part One Required Level Topic %

I. Mandatory Guidance Proficiency 20%

A. Definition of Internal Auditing

1. Define purpose, authority, and responsibility of the internal audit activity

B. Code of Ethics

1. Abide by and promote compliance with The IIA Code of Ethics

C. International Standards

1. Comply with The IIA's Attribute Standards

2. Maintain independence and objectivity

3. Determine if the required knowledge, skills, and competencies are available

4. Develop and/or procure necessary knowledge, skills and competencies collectively required by the internal audit activity

5. Exercise due professional care

6. Promote continuing professional development

7. Promote quality assurance and improvement of the internal audit activity

II. Internal Control / Risk Awareness 8%

A. Types of Controls (e.g., preventive, detective, input, output, etc.)

B. Management Control Techniques

C. Internal Control Framework Characteristics and Use (e.g., COSO, Cadbury)

1. Develop and implement an organization-wide risk and control framework

D. Alternative Control Frameworks

III. Conducting Internal Audit Engagements – Audit Tools and Techniques

Proficiency 2%

E. Process Mapping, Including Flowcharting

9

From CIA Part Two Required Level Topic %

I. Managing the Internal Audit Function 25%

A. Strategic Role of Internal Audit Proficiency

1. Initiate, manage, be a change catalyst, and cope with change

2. Build and maintain networking with other organization executives and the audit committee

3. Organize and lead a team in mapping, analysis, and business process improvement

4. Assess and foster the ethical climate of the board and management

5. Educate senior management and the board on best practices in governance, risk management, control, and compliance

6. Communicate internal audit key performance indicators to senior management and the board on a regular basis

7. Coordinate IA efforts with external auditor, regulatory oversight bodies and other internal assurance functions

8. Assess the adequacy of the performance measurement system, achievement of corporate objective

Awareness

B. Operational Role of IA Proficiency

1. Formulate policies and procedures for the planning, organizing, directing, and monitoring of internal audit operations

2. Review the role of the internal audit function within the risk management framework

3. Direct administrative activities (e.g., budgeting, human resources) of the internal audit department

4. Interview candidates for internal audit positions

5. Report on the effectiveness of corporate risk management processes to senior management and the board

6. Report on the effectiveness of the internal control and risk management frameworks

7. Maintain effective Quality Assurance Improvement Program

C. Establish Risk-Based IA Plan Proficiency

1. Use market, product, and industry knowledge to identify new internal audit engagement opportunities

2. Use a risk framework to identify sources of potential engagements (e.g., audit universe, audit cycle requirements, management requests, regulatory mandates)

3. Establish a framework for assessing risk

4. Rank and validate risk priorities to prioritize engagements in the audit plan

5. Identify internal audit resource requirements for annual IA plan

6. Communicate areas of significant risk and obtain approval from the board for the annual engagement plan

7. Types of engagements, assurance, compliance and consulting engagements

10

From CIA Part Two (continued) Required Level Topic %

II. Managing Individual Engagements Proficiency 25%

A. Plan Engagements

1. Establish engagement objectives/criteria and finalize the scope of the engagement

2. Plan engagement to assure identification of key risks and controls

3. Complete a detailed risk assessment of each audit area (prioritize or evaluate risk/control factors)

4. Determine engagement procedures and prepare engagement work program

5. Determine the level of staff and resources needed for the engagement

6. Construct audit staff schedule for effective use of time

B. Supervise Engagement

1. Direct / supervise individual engagements

2. Nurture instrumental relations, build bonds, and work with others toward shared goals

3. Coordinate work assignments among audit team members when serving as the auditor-in-charge of a project

4. Review work papers

5. Conduct exit conference

6. Complete performance appraisals of engagement staff

C. Communicate Engagement Results

1. Initiate preliminary communication with engagement clients

2. Communicate interim progress

3. Develop recommendations when appropriate

4. Prepare report or other communication

5. Approve engagement report

6. Determine distribution of the report

7. Obtain management response to the report

8. Report outcomes to appropriate parties

D. Monitor Engagement Outcomes

1. Identify appropriate method to monitor engagement outcomes

2. Monitor engagement outcomes and conduct appropriate follow-up by the internal audit activity

3. Conduct follow-up and report on management's response to internal audit recommendations

4. Report significant audit issues to senior management and the board periodically

11

From CIA Part Two (continued) Required Level

Topic %

III. Fraud Risks and Controls 5%

A. Consider the potential for fraud risks and identify common types of fraud associated with the engagement area during the engagement planning process

Proficiency

B. Determine if fraud risks require special consideration when conducting an engagement

C. Determine if any suspected fraud merits investigation

D. Complete a process review to improve controls to prevent fraud and recommend changes

E. Employ audit tests to detect fraud

F. Support a culture of fraud awareness, and encourage the reporting of improprieties Awareness

G. Interrogation/investigative techniques

H. Forensic auditing

From CIA Part Three Required Level

Topic %

II. Risk Management Proficiency 4%

A. Risk Management Techniques

B. Organizational Use of Risk Frameworks (e.g. COSO and ISO 31000)

V. Management / Leadership Principles Awareness 4%

D. Conflict Management

1. Conflict resolution (e.g., competitive, cooperative, and compromise)

2. Negotiation skills

3. Conflict management

4. Added-value negotiating

E. Project Management / Change Management

1. Change management

2. Project management techniques

VI. IT / Business Continuity 7%

A. Security Awareness

1. Physical/system security (e.g., firewalls, access control)

2. Information protection (e.g., viruses, privacy)

3. Application authentication

4. Encryption

B. Application Development

1. End-user computing Awareness

2. Change control proficiency

3. Systems development methodology

4. Application development

5. Information systems development Awareness

C. System Infrastructure

3. IT control frameworks (e.g., eSAC, COBIT)

D. Business Continuity

1. IT contingency planning

100%

12

CIA Challenge Exam Study Resources As part of the exam bundle, candidates receive the customized study guide called “The IIA’s ISCA CIA Challenge Exam Study Guide” along with access to the IIA’s International Professional Practices Framework (IPPF) and Standards. The customized study guide is developed independently from the exam and in no way guarantees that candidates will pass the test. Candidates will receive two separate emails: one email with download and access instructions to obtain the custom CIA Challenge Exam study materials; one email with download and access instructions for the International Professional Practices Framework (IPPF) and Standards. Delivery of the customized CIA study materials begins 10 September. PLEASE NOTE: The email will be sent to the primary email address provided in your CCMS profile. Review materials will only be available for download in English through December 2016. Additionally, IIA Singapore will conduct two exam preparatory classes to prepare candidates for the exam. Please look out for more information under “News & Events” on IIA Singapore’s Homepage. Candidates experiencing difficulty with receipt of The IIA’s ISCA CIA Challenge Exam Study Guide should contact The IIA Distribution Center at +1-651-905-2670 or via email at customerservice@holmescorp.com. Candidates experiencing difficulty with receipt of the IPPF and Standards should access their profile in CCMS and log an incident. Please include CIA Challenge Exam in the subject line.

13

SECTION THREE – Exam Security Why Security Matters The IIA, Professional Certification Board, and Pearson VUE take exam security very seriously. IIA exam content is intellectual property, copyrighted, and confidential. To maintain the value and credibility of your certification it is important that exam content remains confidential. CIA Challenge Exam candidates must not memorize, share, discuss, post or upload exam content to any website or forum. If a candidate becomes aware of a violation, log into your CCMS profile and submit incident details. Prior to beginning the exam, candidates are required to confirm that they will abide by the Non-Disclosure Agreement (NDA). If a candidate is not able to abide by this agreement, the candidate will not be able to test and will forfeit all program fees. This agreement emphasizes The IIA’s commitment to exam security and the exam candidate’s role to also protect exam content.

What Happens if Security is Violated? Unauthorized possession, reproduction, publication, or disclosure of any examination materials, including storing or disclosing examination questions to any person or entity by any means before, during, or after the examination is prohibited by copyright laws and can result in a candidate’s disqualification or other appropriate censure. Test center employees have been trained to watch for unusual behavior and incidents during exams and real-time monitoring is backed up by audio and videotaping of the exam sessions. Candidates must accept the terms of the candidate rules agreement before testing. The testing rules include, but are not limited to:

being disruptive;

having any item not specifically permitted in the testing room, such as a phone or watch;

acting suspiciously;

removing test items from the center;

providing false information when applying for the certification program.

If evidence of misconduct is discovered after a candidate has been awarded an IIA certification, the certification and related social badge may be revoked. The IIA may also take other actions to the extent permitted by law. An appeals process is available. To help provide guidance as to what is acceptable (and not acceptable) behavior, we have developed a chart with situations exam candidates may be confronted with and note the appropriate action.

14

Situation Appropriate Action

My friend asks me how the test went. Can I talk with her/him about it?

Discussions regarding how you felt about the exam experience is fine as long as exam content is not discussed. Specific exam questions should never be discussed.

An acquaintance told me about a URL containing CIA exam content for me to study from. Should I take him up on his offer?

Studying from recalled test content is improper and can lead to severe penalties. If a candidate becomes aware of a violation or is witness to an impropriety, please access CCMS and submit incident details.

I want to bring water and food into the exam room. Can I?

Water will be available outside of the testing room, when you take a break from testing. (Please note that there are no planned breaks and the clock continues to run during any such time.) If you need special consideration for food, water, or other accommodations (supported by a doctor’s note), please refer to Accommodations for Individuals with Disabilities in Section Two of this handbook.

Can I use my phone in the test center just to look at the time?

No. Watches and phones are NOT permitted in the testing room. There will be a clock on your computer screen that displays the amount of time remaining during your exam.

What if I need to access my personal belongings?

Access to personal belongings is not permitted with the exception of medication and food as approved by the test administrator.

15

Candidate Conduct at Pearson VUE Test Centers The Pearson VUE staff will guide candidates through the steps developed by The IIA, many of which are designed to ensure candidate security and the security of the exam itself. The following list is a high-level overview. Here are what candidates can expect when they arrive at their test center:

The test center administrator will show candidates where to store their personal items (purses, wallets, watches, jewelry, cell phone, etc.). Space is limited, so do not bring anything to the testing center that it is not absolutely necessary (exam confirmation email from Pearson VUE will outline what can and cannot be brought to the site). No food or drink is allowed in the test room.

The administrator will provide the candidate with a copy of the candidate rules agreement. Candidates must accept the terms of this agreement in order to take an exam at a Pearson VUE test center.

Candidates will be offered certain tools to use during the exam: an erasable note board and pen (on which they can take notes during the exam) and an on-screen calculator. Candidates must return the note board and pen to the administrator before leaving the test center. Candidates can request a hand-held calculator, which the test center will provide if one is available; candidates cannot bring a personal calculator or similar device into the test room.

Candidates will be required to sign the test center log before being admitted to the test.

Once the check-in procedures are taken care of, the exam administrator will escort the candidate to the workstation, where they must remain for the duration of the exam unless authorized to leave the room. There are no scheduled breaks during the exam. Candidates are allowed to take a break, if necessary, but the time they take for breaks counts toward their overall time allotment for the exam. If a candidate leaves the test room for any reason, the candidate will be required to sign the test center log and show their ID upon exiting and reentering. Candidates may also be required to provide a fingerprint or palm vein image. The candidate will be seated at a test station and logged into the exam by the administrator. The candidate will be asked to confirm that the exam shown on the screen is the exam scheduled to be taken. The exam begins with a welcome screen and the nondisclosure/confidentiality agreement (NDA). If the candidate does not accept the exam NDA, the exam will be terminated, the registration will be voided, and all program fees will be forfeited.

Where to Direct Exam Security Questions or Concerns If a candidate becomes aware of a violation or is witness to an impropriety, please access CCMS and submit incident details.

16

SECTION FOUR - Maintaining Certification CIA Continuing Professional Education (CPE) Reporting Requirements Certified Internal Auditors are required to report CPE hours on an annual basis, by 31 December. Newly Certified Internal Auditors are immediately awarded 80 CPE hours. Half (40) of the awarded CPE hours are for the year in which the exam is passed. The balance (40) are for the following year. These hours are automatically reported on a candidate’s behalf for the first two (2) years of certification. Candidates who successfully complete the CIA Challenge Exam will need to report their CPE hours for the first time no later than 31 December 2018. To learn more about maintaining certification, refer to the CPE Requirements webpage.