The Updated Examination Structure from 2025
The IIA updated the CIA examination blueprint in response to the January 2024 release of the Global Internal Audit Standards (GIAS). The examination has been fully realigned from January 2025 onward to reflect the new standards. Candidates who were using materials based on the 2017 International Standards for the Professional Practice of Internal Auditing (the previous Standards) must transition to updated preparation resources. The IPPF that candidates were previously tested on has been restructured, and several terminology and conceptual changes have been introduced.
The Part I examination consists of 125 questions to be completed in 2.5 hours. It is computer-based and available at Pearson VUE testing centres. Scores are reported on a scale of 250 to 750, with a passing score of 600.
Domain 1: Purpose of Internal Auditing (15%)
This domain, which is new in its explicit framing under GIAS 2024, covers the fundamental nature and value proposition of internal audit. Under the updated standards, the purpose of internal audit is defined as strengthening the organisation's ability to create and protect value by providing the governing body and management with independent, risk-based, and objective assurance, advice, insight, and foresight.
Key concepts tested include the distinction between assurance and advisory services, the concept of value creation through internal audit, the relationship between internal audit and organisational governance, and how internal audit's purpose aligns with the Three Lines Model. Candidates must understand how the GIAS 2024 positions internal audit as a strategic governance function rather than a compliance mechanism.
Domain 2: Ethics and Professionalism (20%)
This domain covers the IIA Code of Ethics and the professional conduct obligations of internal auditors. Under GIAS 2024, ethics has been elevated to a standalone domain and integrated directly into the Standards rather than being a separate document alongside them. The four principles — integrity, objectivity, confidentiality, and competency — remain unchanged, but their application is tested more rigorously in the updated examination.
Candidates must understand how to identify ethical conflicts, the process for managing conflicts of interest, the obligations around confidentiality and information handling, and the expectations for professional competency and due professional care. The examination includes scenario-based questions that test whether candidates can identify the correct ethical response in ambiguous professional situations.
Domain 3: Governance (15%)
This domain covers the governance framework within which internal audit operates, including the roles of the board, audit committee, and senior management. Under GIAS 2024, the governance domain places significantly greater emphasis on the governing body's responsibilities — specifically, the board and audit committee are now assigned explicit obligations regarding internal audit oversight that were previously implicit or advisory in nature.
Key tested concepts include the organisational independence requirements for the CAE (functional reporting to the governing body, administrative reporting to senior management), the charter requirements under Domain 5 of GIAS 2024, the governing body's role in approving the internal audit budget and plan, and the conditions under which the CAE must communicate directly with the governing body without management intermediation.
Domain 4: Risk Management (20%)
Risk management remains one of the most heavily weighted domains. Candidates are tested on how internal audit assesses and incorporates risk in its planning, engagement design, and overall programme management. Key topics include the enterprise risk management concepts drawn from COSO ERM and ISO 31000, risk appetite and risk tolerance, inherent versus residual risk, and the risk-based audit planning methodology.
GIAS 2024 reinforces that risk assessment must be dynamic and continuous — not an annual exercise. The examination tests whether candidates understand how emerging risks, strategic risks, and changes in the organisational environment should influence the audit plan throughout the year, not just at the point of annual planning.
Domain 5: Internal Control (15%)
The internal control domain covers the COSO Internal Control — Integrated Framework (2013) in depth, including all five components (Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities) and the seventeen principles. Candidates must be able to evaluate control design adequacy and operating effectiveness, identify control deficiencies and their implications, and understand the difference between preventive, detective, and corrective controls.
The examination also tests control concepts in the context of IT environments, including IT general controls across the four standard categories: access management, change management, computer operations, and program development.
Domain 6: Quality Assurance and Improvement Programme (15%)
The QAIP domain has been significantly updated under GIAS 2024. Standard 14 — the quality standard — now includes more specific requirements for both internal and external assessments, more detailed assessor independence provisions, and clearer communication obligations. Candidates must understand the mandatory requirement for external assessments at least once every five years, the three conformance rating categories (Generally Conforms, Partially Conforms, Does Not Conform), the mandatory communication requirements, and the new provisions for self-assessment with independent validation as an alternative to full external assessment in certain circumstances.
Candidates preparing for CIA Part I using materials published before 2024 are studying a superseded framework. The GIAS 2024 is not a minor update — it restructures the Standards around fifteen domains and introduces substantive new requirements for governance bodies, independence, and quality. Use current materials from the IIA directly.
Key Terminology Changes Under GIAS 2024
Several terms have changed between the 2017 Standards and GIAS 2024, and examination questions will use the current terminology. The "International Standards for the Professional Practice of Internal Auditing" are now the "Global Internal Audit Standards." The concept of "Attribute Standards" and "Performance Standards" has been replaced by the domain structure. "Implementation Standards" no longer exist as a separate category. The "Definition of Internal Auditing" has been updated and integrated into the Purpose domain. Candidates who encounter questions using the old terminology should recognise that this reflects outdated preparation material.
Preparation Strategy for the Current Examination
Effective preparation for CIA Part I under the updated examination requires IIA-approved study materials published in 2024 or later. The IIA's own CIA Learning System has been updated to reflect GIAS 2024. Third-party providers including CTC Global have also updated their preparation programmes and revision kits to reflect the current examination blueprint.
Practise questions are the most important preparation tool. The examination tests application of concepts in realistic scenarios, not recall of standards text. Candidates should work through at least 500–800 practice questions, reviewing each incorrect answer thoroughly to understand not just what the correct answer is but why each incorrect option is wrong. The CIA Part I Revision Kit available from CTC Global's Gumroad store has been updated to reflect the GIAS 2024 framework and current examination blueprint, providing structured notes and practice questions aligned to the current syllabus.