Certified Specialist in Internal Audit

sigle-CSIA (1)
359 $

Gain Credibility and Respect

When working in the world of audit and compliance, you will run into many non-certified internal auditors who clearly do not have the expertise of a CSIA. This designations separates you from the general profession and proves to others that you are a top-dog internal auditor.

So, if anyone ever doubts your abilities and qualifications, you get to pull out your card that has the four letters, CSIA, following your name. That will definitely shut them up and immediately give you the credibility you deserve.

Unlike other internal audit certifications which requires years of hard work experience, an imposed curriculum, and an intimidating certification exam, the CSIA offers a much more flexible and efficient opportunity to earn a prestigious internal auditing designation. No documentation is required for the CSIA program. The candidate conducts his or her own research based on the syllabus defined in the program, reviews available articles, publications, and documentation, attends thematic trainings of his or her choice related to the syllabus, and takes the CSIA exam at his or her convenience.

The CSIA credential presents the holder as a credible and trustworthy professional who possesses a thorough understanding of the principles contained in IIA’s International Standards for the Professional Practice of Internal Auditing. Competent accountants can take on many of the responsibilities of a CIA, but companies and organizations know a CIA designation is an indication of a knowledgeable and well-trained practitioner who answers to the highest professional and ethical standards. Because of this, CIAs tend to find work in a greater variety of fields and industries.

Statistics projects a 10% growth rate for the accounting and auditor professions between 2016 and 2026. Additionally, a diverse range of companies, private organizations, and government agencies often need the services of a well-trained internal auditor. With a CSIA designation, internal auditors demonstrate their qualifications and are positioned to take advantage of a robust job market. The benefits of becoming a CSIA include:

  • International Credential
  • Increased Earning Potential
  • Job Security
  • Opportunities for Professional Advancement
  • Focused Skills Improvement


Unlike other Internal Audit certifications which requires years of hard work experience, an imposed curriculum, and an intimidating certification exam, the CSIA offers a much more flexible and efficient opportunity to earn a prestigious fraud investigation designation. No documentation is required for the program. Each candidate conducts his or her own research based on the syllabus defined in the program, reviews available articles, publications, documentation, and if necessary, attends instructor led training of his or her choice related to the syllabus. At the request of the candidate, our certification division may recommend some appropriate online materials. Once comfortable with a deep mastery of concepts, the candidate is invited to write to our certification division at certification@experteduc.org for his CSIA exam to be scheduled at convenience.


There are no formal prerequisites for this certification.

  • Certification Exam:
    You will have one hour and one hundred ninety-six minutes (196) to complete the exam, which will consist of precisely one hundred seventy-five (175) multiple choice and/or true/false questions. The passing score is 65%.
  • If you fail the exam, you have up to six months to retake it without re-enrolling.
  • Therefore, ExpertEduc offers a success guarantee by giving the candidate the possibility, in case of failure, to retake the exam for free.
  • In case of success, a certificate will be printed in your name and will be sent to you by ExpertEduc’s Certification division.
  • Your certificate is referenced in ExpertEduc’s certification registery for future verifications and authentication

Certification Exam:

  • Format: Multiple choice
  • Questions: 175
  • Language: English/French
  • Pass Score: 65%
  • Duration: 196 minutes
  • Open book: Yes
  • Delivery: This examination is available Online. Once ready, write to us at certification@experteduc.org
  • Supervised: Yes


  • Every three (3) years each certified member will have to be recertified and must complete an application for recertification and pay a recertification fee of $35.00 and all rules and regulations will be the same as certification.
    • The recertification exam will only cover areas where audit trends, norms and best practices have changed. The examination with consist of less than fifty (50) questions.

Those CSIA who maintain a membership in good standing with annual membership dues paid are automatically certified and will not have to recertify for three years.


I / Foundations of Internal Audit

1. Understand the Mission, the Definition of Internal Auditing, and the Fundamental Principles for the Professional Practice of Internal Auditing as well as the mission, authority, and responsibilities of the internal audit function.
2. Explain the requirements of an internal audit charter (required components, board approval, communication of the charter, )
3. Understand the difference between assurance and consulting engagements performed by the internal audit function
4. Demonstrate compliance with the Code of Ethics for Internal Auditors

II/ Independence and Objectivity

1. Understand the organizational independence of the internal audit function (importance of independence, functional relationships, )
2. Determine whether the internal audit function is experiencing any impairment of its independence
3. Evaluating and maintaining the objectivity of the internal auditor, including determining whether an internal auditor’s objectivity has been compromised
4. Analyze policies that promote objectivity

III/ Competence and Due Professional Care

1. Identify the knowledge, skills, and competencies required (whether developed or acquired) to perform the responsibilities of the internal audit function
2. Demonstrate the knowledge and skills that an internal auditor must possess to fulfill individual responsibilities, including technical skills and personal skills (communication, critical thinking, persuasion/negotiation, and cooperation)
3. Demonstrate professional awareness
4. Demonstrate the internal auditor’s competence through continuing professional development

IV/ Quality Assurance and Improvement Program

1. Describe the required elements of the quality assurance and improvement program (internal and external evaluations, etc.)
2. Describe the requirement to report the results of the quality assurance and improvement program to the board or other governing body.
3. Identify the appropriate disclosures regarding compliance or non-compliance with the International Standards for the Professional Practice of Internal Auditing.

V/ Governance, Risk Management, and Controls

1. Describe the concept of organizational governance
2. Recognize the impact of organizational culture on the overall control environment and on the risks and controls of an individual engagement
3. Identify and interpret issues related to organizational ethics, compliance, suspected breaches, and their disposition
4. Describe corporate social responsibility
5. Understand fundamental risk concepts and the risk management process
6. Describe the globally recognized risk management frameworks relevant to the organization (COSO – ERM, ISO 31 000, etc.)
7. Assess the effectiveness of risk management within processes and functions

1. Recognize the relevance of the internal audit function’s role in the organization’s risk management process
2. Interpret internal control concepts and types of controls
3. Apply globally recognized and organizationally appropriate risk management frameworks (COSO, )
4. Evaluate the effectiveness and efficiency of internal controls

VI/ Fraud risks

1. Understand the risks of fraud and the types of fraud and determine whether these risks require special attention in the context of the engagement
2. Assess the potential for fraud to occur (red flags, etc.) and how the organization detects and manages fraud risks
3. Recommend controls to prevent and detect fraud and propose training to increase the organization’s fraud awareness D Recognize the investigative techniques and internal audit roles associated with investigative auditing (interviewing, investigating, testing,

VII/ Managing the Internal Audit Function

1. Internal Audit Operations

1. Describe the policies and procedures for planning, organizing, performing and monitoring internal audit activities
2. Understand the administrative activities (budgeting, resource allocation, recruitment, staffing, etc.) of the internal audit function

2. Develop a risk-based internal audit plan

1. Identify potential engagement sources (audit universe, audit cycle requirements, management demands, regulatory mandates, relevant market and industry trends, emerging issues, etc.)
2. Define a risk management framework to assess risk and prioritize audit engagements based on the results of a risk assessment
3. Understand the types of assurance engagements (risk and control assessments, third party and contractual compliance audits, security and confidentiality audits, performance and quality audits, key performance indicators, operational audits, financial and regulatory compliance audits)
4. Understand the types of consulting engagements (training, systems design, systems development, due diligence, confidentiality, benchmarking, internal control assessment, process mapping, etc.) designed to provide advice and insight
5. Describe the coordination of internal audit’s work with external audit, regulatory oversight bodies, and other internal assurance functions, as well as the potential use of other assurance providers

3. Communication and Reporting to Senior Management and the Board

1. Acknowledge that the chief audit executive communicates the annual audit plan to senior management and the board and seeks the board’s approval.
2. Identify significant risk exposures and governance and control issues that the chief audit executive should report to the board.
3. Acknowledge that the chief audit executive communicates with senior management and the board about the overall effectiveness of the organization’s internal control and risk management processes.
4. Acknowledge the key internal audit performance indicators that the chief audit executive regularly reports to senior management and the board.

VIII/ Engagement Planning
1. Determine the engagement objectives, evaluation criteria, and scope of the engagement
2. Plan the engagement to ensure that the principal risks and controls are identified
3. Perform a detailed risk assessment for each audit area, including the evaluation and prioritization of risk and control factors
4. Determine engagement procedures and prepare the engagement work program
5. Define the personnel and resource requirements for the engagement

IX/ Performing the engagement

1. Gather information

1. Gather and review relevant information (review previous audit reports and data, conduct walkthroughs and interviews, observations, etc.) as part of the preliminary survey of the audited area
2. Develop checklists and risk and control questionnaires as part of a preliminary survey of the audited area
3. Apply appropriate sampling techniques (non-statistical, non-judgmental, discovery, etc.) and statistical analysis

2. Analysis and Evaluation

1. Use computerized audit tools and techniques (data mining and extraction, continuous monitoring, automated working papers, integrated audit modules, etc.)
2. Assess the relevance, sufficiency and reliability of potential sources of evidence
3. Use appropriate analytical approaches and process mapping techniques (process identification, flow chart analysis, generation and analysis of graphical process representations, “spaghetti” maps, RACI tables, etc.)
4. Identify and apply analytical review techniques (ratio determination, variance analysis, budget vs. actual, trend analysis, other reasonableness tests, comparative study, )
5. Prepare working papers and relevant information to support the conclusions and findings of the engagement
6. Summarize and write up the engagement conclusions, including the risk and control assessment

3- Engagement Supervision

Identify key activities in supervising engagements (coordinate task allocation, review working papers, evaluate auditor performance, etc.)

X/ Communication of engagement results and follow-up of progress actions

1. Communicate engagement results and risk acceptance

1. 1. Arrange for advance communication with engagement clients
2. Demonstrate the quality of the communication (accurate, objective, clear, concise, constructive, complete, and timely) and its components (objectives, scope, conclusions, recommendations, and action plan)
3. Prepare the interim report on the status of the mission
4. Make recommendations to improve and protect organizational value
5. Describe the communication and reporting process for the audit engagement, including conducting the closing meeting, preparing the audit report (draft, review, approval, and distribution), and obtaining management response
6. Describe the chief audit executive’s responsibility for assessing residual risk
7. Describe the risk acceptance communication process (particularly when management has accepted a level of risk that may be unacceptable to the organization)

2. Follow-up on Progress Actions

1. Evaluate the results of the engagement, including the management action plan
2. Manage the monitoring and follow-up of actions following the results of the audit mission communicated to the general management and the board

XI/ Knowledge of the organization and its environment

1. Organizational objectives, behavior and performance

1. Describe the strategic planning process and key activities (goal setting, globalization and competitive considerations, alignment with the organization’s mission and values, )
2. Review common performance measures (financial, operational, qualitative vs. quantitative, productivity, quality, efficiency, )
3. Explain organizational behavior (behavior of individuals in organizations, groups and organizations, ) and the various performance management techniques (characteristics, organizational policy, motivation, job design, compensation, work schedules, etc.)
4. Describe management’s effectiveness in leading, coaching, supporting employees, building organizational commitment and demonstrating entrepreneurial capacity

2- Organizational structure and business processes

1. Assess the risk and control implications of different organizational structures (centralized vs. decentralized, horizontal vs. traditional, etc.)
2. Examine the risk and control implications of common business processes (human resources, purchasing, product development, sales, marketing, logistics, outsourced process management, )
3. Identify project management techniques (project plan and scope, schedule/team/resources/costs, change management, )
4. Recognize the different forms and elements of contracts (degree of formality, remuneration, unilateral, bilateral, )
5. Disaster Recovery III Information Systems (20%) 1. Application and system software 1. Organizational goals, behavior and performance Organizational structure and business processes

3. Data Analysis

1. Describe data analytics, data types, data governance, and the benefit of using data analytics in internal auditing
2. Explain the data analysis process (define questions, obtain relevant data, clean / normalize data, analyze data, communicate results)
3. C/ Recognize the application of data analysis methods in an internal audit (anomaly detection, diagnostic analysis, predictive analysis, network analysis, text analysis, )

XII/ Information Security

1. Information security

1. Differentiate between common types of physical security controls (cards, keys, biometrics, )
2. Differentiate between different forms of user authentication and authorization controls (password, two levels of authentication, biometrics, digital signatures, ) and identify potential risks
3. Explain the purpose and use of various information security controls (encryption, firewall, antivirus, )
4. Recognize data privacy laws and their potential impact on data security practices and policies
5. Recognize emerging technology practices and their impact on security (“bring your own devices” [BYOD], smart devices, internet of things, )
6. Recognize existing and emerging cyber security risks (hacking, tampering, ransom- ware attacks, phishing, )
7. Describe policies related to cyber security and information security

XIII/ Information System

1. Application and system software

1. Recognize the basic activities in the system development and delivery cycle (requirements definition, design, development, testing, debugging, deployment, maintenance, etc.) and the importance of change controls throughout the process
2. Explain basic database lexicon (data, database, record, object, field, schema, etc.) and internet lexicon (HTML, HTTP, URL, domain name, browser, clickable, electronic data interchange [EDI], cookies, )
3. Identify the main features of systems software (customer relationship management [CRM] systems, enterprise resource planning [ERP] and governance, risk management and compliance [GRC] systems, etc.)

2. IT Infrastructure and Control Frameworks

1. Explain the basic concepts of IT infrastructure and networks (server, mainframe, client-server configuration, gateways, routers, LAN, WAN, VPN, ) and identify potential risks
2. Define the operational roles of a network administrator, database administrator and help desk
3. Recognize the purpose and applications of IT control frameworks (COBIT, ISO 27000, ITIL, etc.) and basic ISD controls

3. Disaster Recovery

1. Explain disaster recovery when planning site concepts (hot, warm, cold, )
2. Explain the purpose of systems and data backups
3. Explain the purpose of data recovery procedures

XIV/ Financial Management

1. Finance and Financial Accounting

1. Identify the basic concepts and principles of financial accounting (types of financial statements and terminology such as bonds, leases, pensions, intangible assets, research and development, )
2. Recognize advanced and emerging financial accounting concepts (consolidation, investments, fair value of partnerships, foreign exchange transactions, )
3. Interpret financial analysis (horizontal and vertical analysis and reporting related to business, profitability, liquidity, leverage, etc.)
4. Describe revenue cycle, asset management activities and accounting, supply chain management (including inventory valuation and accounts payable)
5. Describe capital budgeting, capital structure, basic taxation and transfer pricing

2. Management Accounting

1. Explain the general concepts of management accounting (cost-volume-profit analysis, budgeting, expense allocation, cost-benefit analysis, etc.)
2. Differentiate between costing systems (absorption, variable, fixed, activity-based, standard, )
3. Distinguish between different costs (relevant and irrelevant costs, incremental costs, ) and their use in decision making

Course Content

Time: 10 weeks

Curriculum is empty



0 rating

5 stars
4 stars
3 stars
2 stars
1 star
359 $