en
CIA® Certified Internal Auditor Part 2: Practice of Internal Auditing
Training with certification preparation
The CIA® (Certified Internal Auditor) certification is the global standard for internal audit professionals. This second course in a series of three places you at the heart of audit engagement execution. It is designed for auditors who want to strengthen their practical skills and gain international recognition. Professionals seeking to master the conduct of audits will also find this program essential, equipping them with the tools to deliver effective, value-added engagements.
The program will enable you to master the key steps of an internal audit engagement. You will develop expertise in strategic planning, learn how to collect and rigorously analyze information, evaluate evidence, and formulate relevant conclusions. You will also acquire the skills to navigate engagement supervision and communicate effectively with stakeholders to maximize the impact of your work.
A certified CIA trainer will guide you through a tailored program, supported by the official CIA® Learning System kit. Sessions are conducted in groups, fostering interaction and review of concepts through multiple-choice questions (MCQs). This proven approach is designed to prepare you effectively for success in the second CIA exam delivered by the IIA (see more in the Certification section).
Targets
At the end of the CIA Part 2 training, you will be able to:
- Assess your competency level as an auditor
- Gain a thorough understanding of the 4 domains of internal audit practice
- Define your personalized study plan
- Review your learning outcomes in depth
- Be fully prepared to take the CIA Part 2 exam
- Continue your journey toward CIA certification
Program
* Before starting the course, you will complete a self-assessment through the IIA’s Certification Candidate Management System (CCMS). Based on the results, the different sections of this program may be covered briefly or in greater depth.
Domain 1: Engagement Planning
- Defining objectives and scope
- Identify the key elements for setting objectives (regulations, strategy, GRC, risk appetite, etc.)
- Recognize and document scope limitations
- Assess stakeholder request management and adapt to changes in objectives
- Defining evaluation criteria
- Identify relevant criteria to evaluate the audited activity and ensure their specificity, practicality, relevance, alignment, and reliability.
- Identify relevant criteria to evaluate the audited activity and ensure their specificity, practicality, relevance, alignment, and reliability.
- Planning risk and control assessment
- Recognize strategic objectives and their integration into risk management
- Identify risks and controls related to cybersecurity, business continuity, financial and accounting aspects, and common operational processes
- Determining the engagement approach
- Assess different audit approaches (agile, traditional, integrated, and remote) and understand project management concepts applied to auditing
- Assess different audit approaches (agile, traditional, integrated, and remote) and understand project management concepts applied to auditing
- Detailed risk assessment
- Identify financial, operational, IT, cyber, and regulatory risks
- Recognize the impact of emerging risks and changes (people, processes, systems, structures, culture) on risk assessment
- Determining procedures and preparing the work program
- Define procedures for evaluating the design and effectiveness of controls
- Assess the adequacy of the work program and identify testing methodologies for different areas (accounting, finance, IT, operations, cybersecurity)
- Determining necessary resources and skills
- Assess the financial, human, and technological resources required for the engagement and understand the implications of resource limitations
Domain 2: Collecting, Analyzing, and Evaluating Information
- Identifying information sources
- Determine appropriate methods (interviews, observations, data analysis) and relevant documents (policies, checklists, questionnaires, surveys)
- Determine appropriate methods (interviews, observations, data analysis) and relevant documents (policies, checklists, questionnaires, surveys)
- Assessing the relevance, sufficiency, and reliability of evidence
- appliquer des critères d'évaluation de la qualité des preuves ;
- Apply criteria to evaluate the quality of evidence
- Recognize factors influencing reliability and describe the probative elements supporting well-founded conclusions
- Evaluating technology options
- Recognize effective technology solutions for developing and supporting findings and conclusions (AI, Machine Learning, RPA, continuous monitoring, dashboards)
- Recognize effective technology solutions for developing and supporting findings and conclusions (AI, Machine Learning, RPA, continuous monitoring, dashboards)
- Applying analytical approaches and process mapping techniques
- Define workflow segments, analyze flows through mapping, walkthroughs, and responsibility matrices
- Explain data types and analysis processes (objective setting, data collection, normalization, analysis, and communication of results) and determine when to use different data analysis methods
- Applying analytical review techniques
- Analyze ratios, variances, trends, and comparative information, and determine which analytical techniques are appropriate for engagement objectives
- Analyze ratios, variances, trends, and comparative information, and determine which analytical techniques are appropriate for engagement objectives
- Identifying gaps and evaluating their significance
- Analyze existing conditions against criteria
- Identify root causes and potential effects of gaps, and assess the factors determining the significance of results
- Preparing working papers
- Organize information
- Identify essential elements (complete and well-supported)
- Analyze their connection to engagement results and determine retention factors (regulations and policies)
- Synthesizing and drawing engagement conclusions
- Determine the significance of aggregated results and the factors to consider when formulating conclusions (effectiveness of governance, risk management, and controls)
Domain 3: Engagement Supervision and Communication
- Applying appropriate supervision
- Describe the application of supervision at all stages (including planning).
- Outline the supervisor’s responsibilities for coordination, review, and performance evaluation
- Communicating appropriately with stakeholders
- Determine effective communication methods (formal/informal, written/oral) at each stage
- Identify situations requiring escalation and determine the appropriate stakeholders for communication
Prerequisites
Prerequisites for taking the CIA® 2025 Part 2 training:
- Have registered an account and created a profile on the IIA’s Certification Candidate Management System (CCMS)
- Have completed a self-assessment through the CCMS
- Have completed CIA Part 1: Fundamentals of Internal Auditing
- Hold an active license that grants access to Becker – The IIA’s CIA Exam Review
Public
This training is intended for:
- Any professional working in internal audit and internal controls, as well as in quality assurance, risk management, or compliance
- Anyone wishing to enter the world of internal auditing while earning an internationally recognized certification
Strong points
- A certified CIA expert trainer: Benefit from the expertise of a recognized trainer certified by the IIA (The Institute of Internal Auditors) in the field of internal auditing.
- A practical assessment of your skills: Master the concepts and techniques of internal auditing through a hands-on evaluation of your skills. Identify your strengths as well as areas for improvement.
- Targeted preparation for the CIA Part 2 exam: Receive comprehensive preparation for the CIA Part 2 exam, including a final multiple-choice test that mirrors the actual exam format and requirements.
Certification
This second part of the training program prepares you for the CIA® (Certified Internal Auditor) certification. The CIA designation is awarded after passing 3 multiple-choice exams, as shown in the table below:
| Exam No. 1 | Exam No. 2 | Exam No. 3 |
|---|---|---|
| Number of questions: 125 | Number of questions: 100 | Number of questions: 100 |
| Duration: 2h30 | Duration: 2h00 | Duration: 2h00 |
| Languages: Arabic, English, French, German, Chinese, Japanese, Korean, Polish, Portuguese, Spanish, Thai, Turkish | Languages: Arabic, English, French, German, Chinese, Japanese, Korean, Polish, Portuguese, Spanish, Thai, Turkish | Languages: Arabic, English, French, German, Chinese, Japanese, Korean, Polish, Portuguese, Spanish, Thai, Turkish |
| Associated preparation course: CIA® Certified Internal Auditor: Fundamentals of Internal Auditing | Associated preparation course (you are here): CIA® Certified Internal Auditor: Practice of Internal Auditing | Associated preparation course: CIA® Certified Internal Auditor: Business Knowledge for Internal Auditing |
| View the CIA® Part 1 exam syllabus | View the CIA® Part 2 exam syllabus | View the CIA® Part 3 exam syllabus |
For more information on candidate requirements for Exams 1, 2, and 3, please consult the CIA® Candidate Guide.
Targets
At the end of the CIA Part 2 training, you will be able to:
- Assess your competency level as an auditor
- Gain a thorough understanding of the 4 domains of internal audit practice
- Define your personalized study plan
- Review your learning outcomes in depth
- Be fully prepared to take the CIA Part 2 exam
- Continue your journey toward CIA certification
Program
* Before starting the course, you will complete a self-assessment through the IIA’s Certification Candidate Management System (CCMS). Based on the results, the different sections of this program may be covered briefly or in greater depth.
Domain 1: Engagement Planning
- Defining objectives and scope
- Identify the key elements for setting objectives (regulations, strategy, GRC, risk appetite, etc.)
- Recognize and document scope limitations
- Assess stakeholder request management and adapt to changes in objectives
- Defining evaluation criteria
- Identify relevant criteria to evaluate the audited activity and ensure their specificity, practicality, relevance, alignment, and reliability.
- Identify relevant criteria to evaluate the audited activity and ensure their specificity, practicality, relevance, alignment, and reliability.
- Planning risk and control assessment
- Recognize strategic objectives and their integration into risk management
- Identify risks and controls related to cybersecurity, business continuity, financial and accounting aspects, and common operational processes
- Determining the engagement approach
- Assess different audit approaches (agile, traditional, integrated, and remote) and understand project management concepts applied to auditing
- Assess different audit approaches (agile, traditional, integrated, and remote) and understand project management concepts applied to auditing
- Detailed risk assessment
- Identify financial, operational, IT, cyber, and regulatory risks
- Recognize the impact of emerging risks and changes (people, processes, systems, structures, culture) on risk assessment
- Determining procedures and preparing the work program
- Define procedures for evaluating the design and effectiveness of controls
- Assess the adequacy of the work program and identify testing methodologies for different areas (accounting, finance, IT, operations, cybersecurity)
- Determining necessary resources and skills
- Assess the financial, human, and technological resources required for the engagement and understand the implications of resource limitations
Domain 2: Collecting, Analyzing, and Evaluating Information
- Identifying information sources
- Determine appropriate methods (interviews, observations, data analysis) and relevant documents (policies, checklists, questionnaires, surveys)
- Determine appropriate methods (interviews, observations, data analysis) and relevant documents (policies, checklists, questionnaires, surveys)
- Assessing the relevance, sufficiency, and reliability of evidence
- appliquer des critères d'évaluation de la qualité des preuves ;
- Apply criteria to evaluate the quality of evidence
- Recognize factors influencing reliability and describe the probative elements supporting well-founded conclusions
- Evaluating technology options
- Recognize effective technology solutions for developing and supporting findings and conclusions (AI, Machine Learning, RPA, continuous monitoring, dashboards)
- Recognize effective technology solutions for developing and supporting findings and conclusions (AI, Machine Learning, RPA, continuous monitoring, dashboards)
- Applying analytical approaches and process mapping techniques
- Define workflow segments, analyze flows through mapping, walkthroughs, and responsibility matrices
- Explain data types and analysis processes (objective setting, data collection, normalization, analysis, and communication of results) and determine when to use different data analysis methods
- Applying analytical review techniques
- Analyze ratios, variances, trends, and comparative information, and determine which analytical techniques are appropriate for engagement objectives
- Analyze ratios, variances, trends, and comparative information, and determine which analytical techniques are appropriate for engagement objectives
- Identifying gaps and evaluating their significance
- Analyze existing conditions against criteria
- Identify root causes and potential effects of gaps, and assess the factors determining the significance of results
- Preparing working papers
- Organize information
- Identify essential elements (complete and well-supported)
- Analyze their connection to engagement results and determine retention factors (regulations and policies)
- Synthesizing and drawing engagement conclusions
- Determine the significance of aggregated results and the factors to consider when formulating conclusions (effectiveness of governance, risk management, and controls)
Domain 3: Engagement Supervision and Communication
- Applying appropriate supervision
- Describe the application of supervision at all stages (including planning).
- Outline the supervisor’s responsibilities for coordination, review, and performance evaluation
- Communicating appropriately with stakeholders
- Determine effective communication methods (formal/informal, written/oral) at each stage
- Identify situations requiring escalation and determine the appropriate stakeholders for communication
Prerequisites
Prerequisites for taking the CIA® 2025 Part 2 training:
- Have registered an account and created a profile on the IIA’s Certification Candidate Management System (CCMS)
- Have completed a self-assessment through the CCMS
- Have completed CIA Part 1: Fundamentals of Internal Auditing
- Hold an active license that grants access to Becker – The IIA’s CIA Exam Review
Public
This training is intended for:
- Any professional working in internal audit and internal controls, as well as in quality assurance, risk management, or compliance
- Anyone wishing to enter the world of internal auditing while earning an internationally recognized certification
Strong points
- A certified CIA expert trainer: Benefit from the expertise of a recognized trainer certified by the IIA (The Institute of Internal Auditors) in the field of internal auditing.
- A practical assessment of your skills: Master the concepts and techniques of internal auditing through a hands-on evaluation of your skills. Identify your strengths as well as areas for improvement.
- Targeted preparation for the CIA Part 2 exam: Receive comprehensive preparation for the CIA Part 2 exam, including a final multiple-choice test that mirrors the actual exam format and requirements.
Certification
This second part of the training program prepares you for the CIA® (Certified Internal Auditor) certification. The CIA designation is awarded after passing 3 multiple-choice exams, as shown in the table below:
| Exam No. 1 | Exam No. 2 | Exam No. 3 |
|---|---|---|
| Number of questions: 125 | Number of questions: 100 | Number of questions: 100 |
| Duration: 2h30 | Duration: 2h00 | Duration: 2h00 |
| Languages: Arabic, English, French, German, Chinese, Japanese, Korean, Polish, Portuguese, Spanish, Thai, Turkish | Languages: Arabic, English, French, German, Chinese, Japanese, Korean, Polish, Portuguese, Spanish, Thai, Turkish | Languages: Arabic, English, French, German, Chinese, Japanese, Korean, Polish, Portuguese, Spanish, Thai, Turkish |
| Associated preparation course: CIA® Certified Internal Auditor: Fundamentals of Internal Auditing | Associated preparation course (you are here): CIA® Certified Internal Auditor: Practice of Internal Auditing | Associated preparation course: CIA® Certified Internal Auditor: Business Knowledge for Internal Auditing |
| View the CIA® Part 1 exam syllabus | View the CIA® Part 2 exam syllabus | View the CIA® Part 3 exam syllabus |
For more information on candidate requirements for Exams 1, 2, and 3, please consult the CIA® Candidate Guide.
Last update: 02/12/2025
CIA® is a registered trademark of The IIA – The Institute of Internal Auditors®.
CIA® certification Guide