What CIA Part 1 Actually Tests
CIA Part 1 is titled "Essentials of Internal Auditing" and it tests the professional foundations of the discipline. The questions draw from the IIA's International Professional Practices Framework (IPPF) and the Global Internal Audit Standards (GIAS), which the IIA introduced in 2024 to replace the previous International Standards for the Professional Practice of Internal Auditing.
The exam has 125 multiple-choice questions and a time allowance of 2.5 hours. Each question has four answer options.
The six domains and their approximate weights are:
- Domain I — Foundations of Internal Auditing (15%): Purpose, authority, responsibility, and the structure of the IPPF.
- Domain II — Independence and Objectivity (15%): Organisational independence, individual objectivity, and impairment of independence.
- Domain III — Proficiency and Due Professional Care (18%): The knowledge and skills required of internal auditors, including the obligation for continuing professional development.
- Domain IV — Quality Assurance and Improvement Programme (12%): How internal audit functions assess and improve quality, including internal and external assessments.
- Domain V — Governance, Risk Management, and Control (20%): The Three Lines Model, risk concepts, internal control frameworks including COSO, and the relationship between governance, risk, and assurance.
- Domain VI — Fraud Risks (20%): Types of fraud, red flags, the auditor's responsibilities, and the distinction between detection and investigation.
Domains V and VI together account for 40% of the exam. That is the most consequential piece of data in your study plan.
Why Candidates Who Work in Internal Audit Still Fail
The pass rate for CIA Part 1 sits at around 40–45%, and a significant proportion of candidates who fail are experienced internal auditors. There are two reasons this happens.
First, Part 1 tests knowledge of the IIA's formal standards rather than general audit practice. A candidate with ten years of internal audit experience may have strong instincts about how audits should be conducted, but if they have not studied the specific language of the GIAS and the IPPF, they will encounter questions where their practical judgement points one direction and the IIA framework points another. The exam tests the IIA's view of best practice, which is sometimes more specific than what individual organisations implement.
Second, experience creates familiarity with certain types of problems and less exposure to others. A candidate who has spent most of their career on operational or financial audits may be less comfortable with Domain IV quality assurance concepts or the governance and risk framework content in Domain V. The exam is comprehensive across all six domains, and coverage gaps in any domain will be reflected in your score.
How to Allocate Your Study Time
Working backwards from a realistic sitting date, most candidates have between three and six months of preparation time available. A sensible structure for a four-month preparation period might look like this:
Month 1: Foundations and the IPPF
Begin with Domain I (Foundations) and spend enough time to understand how the IPPF is structured: the mandatory elements (mission of internal audit, core principles, definition, Code of Ethics, GIAS) and the strongly recommended elements. Understanding the framework at a structural level makes the rest of Part 1 more coherent, since most subsequent topics reference back to it.
Move into Domain II (Independence and Objectivity) and Domain III (Proficiency). These domains cover the professional obligations of internal auditors and are conceptually accessible for candidates with audit backgrounds. The questions test specific definitions and requirements, so study the GIAS language closely rather than relying on paraphrase.
Start Part 1 practice questions in the first week of your preparation, before you have finished reading. This is uncomfortable and useful in equal measure: you will answer incorrectly and learn exactly which concepts you do not yet understand at exam level.
Month 2: Quality Assurance, Governance, Risk, and Control
Domain IV (Quality Assurance and Improvement Programme) is conceptually distinct from the other domains and covers the internal and external assessment requirements for internal audit functions. Many candidates underestimate the Domain IV content, partly because quality assurance work is less visible in many audit functions. Study this domain with care: it accounts for 12% of the exam and the questions often test specific requirements (for example, the frequency of external quality assessments and who may conduct them).
Domain V (Governance, Risk Management, and Control) is the largest domain by weight (20%) and the most conceptually rich. It covers the Three Lines Model, risk appetite, risk assessment methodologies, and internal control frameworks including COSO. For candidates preparing for Part 1, this domain requires the most reading time of any of the six. Allocate proportionally.
Month 3: Fraud Risks and consolidation
Domain VI (Fraud Risks) accounts for 20% of the exam and is the second largest domain. It covers fraud types, indicators, the internal auditor's role in prevention and detection, and the distinction between audit and investigation. Candidates who have worked on fraud-related engagements will find much of this familiar; those who have not should study it with particular care.
By the end of month three, you should have covered all six domains. Use the remaining time before your exam for consolidation: returning to weak areas identified through practice question performance and running timed sessions to build exam stamina.
Month 4: Timed practice and weak-area focus
Stop covering new material and focus on practising under exam conditions. Aim for at least two or three sessions of 50–60 questions timed at roughly one minute per question. Review every wrong answer to identify which domain and which specific concept the error relates to.
Track your accuracy by domain across your practice sessions. If you are scoring 70%+ on Domains I–III but below 55% on Domains V and VI, your remaining study time should be weighted heavily toward those two domains, since they account for 40% of the exam.
The MCQ Approach That Separates Passing Candidates
CIA Part 1 questions are not recall tests. The majority of questions describe a scenario and ask you to identify the correct application of the IIA standards. Questions often include a plausible distractor that represents a sensible-sounding general audit principle that is nevertheless inconsistent with the specific IIA position.
The most common mistake is answering based on what seems reasonable from a professional perspective rather than what the IIA standards specifically require. The fix is to study the standards closely, not just the commentary or the textbook paraphrases of them.
When you encounter a wrong answer in practice, the explanation is the most important information on the page. Reading the explanation, identifying which standard or concept you misapplied, and then returning to that section of the study material is the mechanism by which practice questions actually improve your knowledge. Candidates who skip explanations and simply move on to the next question waste a significant portion of their preparation time.
The Global Internal Audit Standards (GIAS) Update
The IIA published the Global Internal Audit Standards in January 2024, replacing the previous International Standards for the Professional Practice of Internal Auditing. The GIAS introduced changes to the structure and language of the standards, including new requirements around internal audit planning, communication, and quality.
If you are using study materials published before 2024, they may not reflect the current GIAS content. Check that your preparation provider has updated their materials. The CIA exam is based on the current GIAS, and questions about the previous standards are not scored in current exam windows.
Sitting the Exam
CIA Part 1 can be scheduled at Pearson VUE test centres year-round. There are no fixed exam windows; you book a date that works for you once your IIA registration and eligibility verification are complete.
The flexibility of the CIA exam calendar is useful but requires self-discipline to manage. Candidates who register without a target sitting date often drift through preparation without a concrete deadline. Setting a date before you start studying, and then building your study plan backward from that date, is more effective than registering and scheduling your exam once you feel ready.
A reasonable benchmark for exam readiness is consistently scoring 70%+ on Part 1 practice questions across all six domains in timed sessions. That level of consistent performance under exam conditions is a more reliable signal of readiness than how many weeks you have studied.