Certified Internal Auditor

from Wikipedia, the free encyclopedia

Certified Internal Auditor (CIA) is the title of a professional examination in the field of internal auditing .

Legal basis

The rights holder for the CIA exam is the World Auditing Association, the Institute of Internal Auditors (IIA), based in Lake Mary , Florida , USA .

The right to use the title Certified Internal Auditor or the abbreviation CIA is granted by the IIA and its national member associations on the basis of private law to persons who meet the necessary admission requirements and have successfully passed the required examinations. It can be withdrawn again, for example if the obligations for ongoing training are not complied with or if the code of ethics or international or national auditing standards are violated.

CIA certification was introduced in 1973.


Since in many countries, such as B. also in Germany, Austria and Switzerland, there are no legal regulations for the training and licensing of internal auditors, the title CIA is valid as proof and characteristic of special qualifications and high professionalism in the field of internal auditing. CIAs are considered to be specialists in recognizing and assessing risks, planning and carrying out audits, recognizing and naming undesirable developments and potential for improvement, initializing corresponding improvements and monitoring the completion of the associated measures.

The CIA title is also seen as a good professional basis for assuming managerial responsibility.

Since 2002, the IDW audit standard for internal auditing and final auditing (IDW PS 321) has named the CIA title as evidence of professional competence, training and professional experience. The increased focus on corporate governance as well as the steadily increasing demands on internal audits in credit institutions, especially on the part of banking supervisors, have led to a further upgrade of the professional examination in recent years .

By the end of 2017, 2,268 CIAs had been certified in Germany via the German Institute for Internal Auditing (DIIR) . Of these, 1,483 CIAs were listed as active at DIIR at the end of 2017. In addition, there are other CIAs in German-speaking countries who obtained their exam title through the Institute for Internal Auditing Austria (IIA Austria) or the Swiss Association for Internal Auditing (SVIR) .

There are more than 150,000 CIAs operating in 170 countries around the world.

Fields of activity

Certified Internal Auditors mostly work in internal auditing and in the compliance area of credit institutes , insurance companies and other commercial companies or consulting companies . So far, CIAs have rarely been active in the field of (supervisory) authorities or public administrations.

Admission requirements

Admission to the CIA exam is subject to the following conditions:

  • Prior education - completion of a degree at a state-recognized university
  • Work experience - one or two years work in an internal audit or a comparable area
  • Character aptitude - Confirmation of the applicant's personal and character aptitude through confirmation or a certificate from a (former) supervisor, a university professor or a Certified Internal Auditor (CIA).

Ultimately, the admission committee of the respective national IIA member institute decides on the admission to the examination.


The exam consists of three parts:

  • Part 1: Basics of internal auditing
  • Part 2: Working methods of the internal audit
  • Part 3: Knowledge elements of the internal audit

All three parts of the exam must be passed within four years of admission. In Part 1 125 and in Parts 2 and 3 100 multiple-choice questions each have to be answered. The exam can be taken in English, German and 14 other languages.

The exams are carried out by a service provider in the form of computer-based testing in over 500 test centers worldwide. For candidates from Germany, registration for the CIA exam takes place directly at the IIA.

The exam is considered demanding. The failure rates are high.


Holders of the CIA title are obliged to comply with the IIA standards (international auditing standards ) and the IIA Code of Ethics (a code of ethics for auditors). German CIAs must also observe the DIIR standards of the German Institute for Internal Audit .

CIAs are also obliged to ongoing professional (technical) training. Annually at the end of the year, the IIA must be notified that at least 40 hours of further training (in accordance with a corresponding set of rules) have been completed. Two of them must be from the field of ethics . The reports submitted are checked by the IIA in random samples.


Each CIA has a status at the IIA. The following versions are possible:

  • CIAs acting as auditors (Practicing CIAs): Active CIAs. 40 hours of continuing education must be proven annually (two of them from the ethics area).
  • CIAs who do not work as auditors (Non-practicing CIAs): CIAs who carry out an activity outside of internal auditing. Every year 20 hours of further training must be proven.
  • CIAs retired (Retired CIAs) are led CIA title may continue. No internal audit function may be exercised. Proof of further training hours is not required.
  • Inactive status (Inactive Status): This status is assigned automatically when the training requirements are not met. The CIA title may no longer be used. A return to active status is possible on application after compliance with the further training obligations has been proven.

Participation in certification

The CIA certification is now carried out directly via the IIA (USA). Certain tasks (e.g. with regard to the admission test) are still performed in German-speaking countries by the legally independent national IIA member institutes. These are:

Further professional exams in the field of internal auditing

Further professional exams of the Institute of Internal Auditors (IIA) and the Information Systems Audit and Control Association (ISACA) that are relevant and widespread for the auditing profession are:

  • CCSA, Certification in Control Self-Assessment (focus: internal control systems)
  • CISA, Certified Information Systems Auditor (focus: IT systems)
  • CRMA, Certification in Risk Management Assurance (focus: risk management)
  • CGAP, Certified Government Auditing Professional (focus: internal audits in the public sector)

Web links

Individual evidence

  1. ^ Institute of Internal Auditors: Contact the IIA . (In English.) Retrieved July 11, 2017.
  2. ^ A b German Institute for Internal Auditing eV: Admission and certification requirements . Retrieved April 6, 2016.
  3. a b c Internal Audit Digital: Oliver Bungartz: Certified Internal Auditor (CIA) . Retrieved April 12, 2016.
  4. ^ Julia Busch: Benchmarking in the internal revision , p. 375. Erich Schmidt Verlag, Berlin. 2010. ISBN 978-3-503-12440-4 .
  5. ^ German Institute for Internal Auditing eV: Annual report 2017 . (PDF, 6,653 kB.) Pp. 66 and 69. Retrieved on July 10, 2018.
  6. ^ Institute of Internal Auditors: Prove Credibility & Proficiency . (In English.) Retrieved July 10, 2018.
  7. According to the list of participants in: German Institute for Internal Auditing eV: CIA Conference 2015, conference documents, Frankfurt am Main, June 12 and 13, 2015.
  8. ^ German Institute for Internal Auditing eV: Information on the CIA exam . Retrieved April 7, 2016.
  9. a b c Institute for Internal Auditing Austria: Certified Internal Auditor - CIA . Retrieved July 24, 2018.
  10. a b c Finance-Magazin.de: Philipp Habdank: CIA: The additional qualification for corporate detectives . Retrieved April 20, 2016.
  11. a b c German Institute for Internal Auditing eV: IIA certifications . Retrieved July 24, 2018.
  12. ^ German Institute for Internal Auditing eV: Change of the process for certification . In: news magazine, issue 1.16, page 6, Frankfurt am Main, March 2016. (PDF, 1,000 kB.) Retrieved on April 6, 2016.
  13. ^ German Institute for Internal Auditing eV: Continuous Further Education (CPE) . Retrieved April 13, 2016.
  14. ^ German Institute for Internal Auditing eV: Status categories . Retrieved April 13, 2016.