I Pass the CIA Exam!

How to Pass CIA Part 3 on Your First Try


This is originally a very, very long comment on my Part 3 tips page. Special things to David who took the time to give back to our community. All the best to you!

pass cia part 3 on first try

I passed CIA Part III today, first time! This means that I’ve now achieved my CIA!

I wanted to say a huge thank you for the postings on this site, as I believe this is what made the difference between passing and failing. Have posted my experience in case it helps anyone.

My Background

I’m a non-accountant, so I had zero background in the accounting questions and was super intimidated by them.

My CIA Exam Experience

My employer paid for the study tools, so I didn’t hold back and I got both Gleim and CIA systems.

I used Gleim a lot for Part II and CIA for Part I. Like many others, the number of questions on Gleim (2,000 or so) appealed. To pass Part II I basically read the CIA book once and then hit the multiple choice questions hard. This worked and I passed Part II (and Part I) first time.

Part III was a big shock in terms of the amount of material to cover, particularly if you’re not an accountant or IT person.

I started by using the same strategy for Part III as I’d used for Part II. Read CIA books once, then spent literally hundreds of hours on multiple choice questions. I spent LOADS of time on the accounting parts as I basically knew nothing and found them very complicated. I also used Gleim’s video presentations by a ‘human instructor’ that are part of the materials and would recommend this to anyone struggling with accounting.

On the week of the exam, I was feeling pretty confident. 80%+ on both Gleim and CIA questions. But I now realize I was learning the questions and not the material.

I took the IIA’s official practice exam two days before the exam just to check I was in good shape. I failed badly, five out of eight areas failed!

I freaked out and considered rescheduling the exam, but having taken two weeks off work to study, I at least wanted to give it a shot.

That’s when I found this site – luckily before I took the exam and not afterwards, as happened to some others on here who weren’t so lucky (you’ll get there for sure!).

My 2-Day Cram before the Exam

Everything I read on here was correct. I crammed for two days based on what people had said:

1. Study Hard on Governance and Risk

Both Gleim and CIA don’t do this justice, particularly Gleim. CIA has it all in, but its not obvious how important it is to study it when there are so many other things to study. Understanding ERM fully, various frameworks etc was essential, and I only did that because I read this site. I read practice guides as suggested, for governance, Risk Management etc.

2. CSR

Very glad I’d studied that in detail. I read practice guide from IIA on this.

3. IT

Definitely study hard on IT, in particular make sure to read practice guides for GTAG as was suggested.

4. Finance

I totally overstudied on this, although I now actually understand finance, financial accounting and managerial accounting 🙂 My advice would be don’t spend too much time on multiple choice calculations, but focus more on principles and understanding these. Again, this advice was on this site, and I wish I’d seen it a few weeks ago!

5. More Practice Question?

Finally, I also bought 90 day access to Exammatrix questions, to try to get around the issue that I had ‘learned’ the questions in the other two learning systems. It kind of helped a bit, but the site quality is pretty poor and some of the questions are the same as in other learning systems. So I’d say it’s probably not worth it, I was just panicking and should probably have spent the time reading practice guides.

If I were Going to Do this All Over Again…

(and believe me, I don’t want to), I’d probably:

1. Active Learning, Not Passive Reading

Read and actually learn the material in the CIA books, as in take notes, summarize and not just read the pages. I did that right at the end of my study and I think its what helped me pass.

2. Get the Practice Guides

Read all the practice guides on the IIA site if you have plenty of time to study, or a lot of them. They are well written and help reinforce learning from the CIA books.

3. Don’t Max Out on Gleim Test Prep

DO NOT max out on Gleim multiple choice question answering, particularly for financial areas. While this strategy of repeated question answering helped a lot in Part II, it didn’t in Part III where the questions are a lot more conceptual. There’s too much material to ‘learn’ it just by answering questions, and the questions on the actual exam are not obvious to answer.

4. Watch the Videos

I would use the video presentations on Gleim though if you have time, found them helpful for tough material.

To all those yet to attain their CIA, stick with it! You’ll get there! I had almost zero experience in Internal Audit when I started studying for the designation.


Recommended Review Courses

In case you missed it, David used these review courses to pass:

David used Gleim a lot for Part 2 and 3. He finds the video instructions especially helpful in the accounting part. Click here to learn more about Gleim.

About the Author Stephanie

I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.

follow me on:
  • jon says:

    hi David, congrats! I’m just starting on my CIA journey. do you mind passing me your email so i could ask more detailed Qs abt the process (instead of posting on mssg boards)?

    • D Tomas says:

      Hi David,
      I followed your four key points to the letter in the cramming area, and that worked a treat!! Excellent advice and right on the mark. I spent too much time previously doing the mock exams and just learning those questions, but reading the GTAGs, and the Guides made a massive difference, largely as the fundamentals are repeated a lot, so bed themselves in to your brain. It also helped highlighting just the essence of key areas. Your advice was invaluable.
      I also saw another site that said ‘read the night before and do another hour the morning before the exam, so things are fresh’. All other advice i’d have previous was to not do anything on the day, but the more recent studies show it’s like warming up for a race, you get your brain working: it really works!!!

  • Jamillah Hughes says:

    Hi David!
    I am scheduled to take Part 3 on March 1, 2017.

    I have been studying via the CIA Learning System since December. I study 1.5 hours every morning before work. I am very confident in all of the concepts except Financial Management. I get anxiety when these test questions come up. Do you have any advice on how to study this last month on this area? There’s just to much material and I have no idea where to focus.

  • Adeel says:

    I just passed part 3 today and agree with all of what is said above.

    I also took the practice exam 3 days ago and failed. I believe Gleim questions are the closest to what one will find in the exams and so won’t recommend the practice exam.

    Jamillah, David’s advice regarding Finance is spot on and I would also recommend to study the book and just go through the questions briefly; don’t overburden yourself there. Major areas to practice are Governance and Risk Management.

    Let me know if I can of any help.

    • Stephanie says:

      That’s awesome Adeel. Thanks for letting us know, and congrats!

    • Jamillah says:

      Thank you so much! That is actually good new regarding Governance and Risk Management as I deal with these items on my day to day job. I have my CRMA as well which helped me understand the concepts.

      What about IT related questions. Did you get many of those?

    • Jamillah says:

      Adeel, you were absolutely right in your assessment. Unfortunately my study strategy was all wrong even though I thought I was taking the advice from you guys on this site.

    • Axo says:

      Hi guy,
      Trust that you doing well.

      Please advise if is it necessary for one to know all the formulars for ratios by heart before taking exam? I am referring to Financial Management Study Unit 15.

      Thank you in advance for our replies.

      • Stephanie says:

        Hi Axo, you are referring to Gleim right? No need… just understanding the basic concepts and the most important formulas should be ok. The exam questions are likely at the general and basic level and you will only get a handful of computational questions.

    • jehan says:

      hi congratulation for passing part 3

      now i want to start part 3 and i am confused which material to buy gliem or iia

      would you please advice

  • semsem says:

    guys, i need ur help for part 3 as i failed last month although i studied MCOs of gliem, IIA, hock, matrix, i really don’t know what to do as i will retake it in March, the exam was Chinese!!!

  • Adfundum says:

    Hello everybody

    Based on your experience, did you get more questions on accounting (1 and 2), Finance (e.g. derivatives, etc.) or managerial accounting?

    I am scared about the mere accounting topics…

    Thanks beforehand for your help!

    • Jessica says:

      I was super concerned about accounting, as well, and these topics were my biggest time sucker. Fortunately, I passed on my first attempt, but if I hadn’t, my biggest regret would have been the amount of time I spent focused on the financial areas in my initial studies. I’m a non accountant and basically tried to relearn basic, intermediate, and managerial accounting (which I hadn’t been exposed in in 7-8 years).. biggest waste in my preparations. Spend no more on these chapters than the rest! I know it’s hard to let it go, but you’ll be glad you did.

  • Jamillah says:

    Hello everyone, I’m back! I took the Part 3 Exam yesterday (March 1, 2017) and failed miserably!

    Not all is lost as I gained valuable insight to the exam.

    David and others are spot on when it comes to what to study for Part 3.

    The LAST thing I would do is spend a lot of time on multiple choice questions.

    I can’t stress enough on how important it is to study Governance, Risk Management, Corporate Social Responsibility (I probably had about 20 questions here). Don’t just study these areas, know them front and back. Every detail written in the practice guides are important. Also study IT Frameworks, General and Application controls. (Know the related ISO’s, governance, CSR, and risk management concepts in these areas as well.)

    I also found that the big 3 (Governance, RM, CSR) were embedded in a lot of other areas. So really know how to apply those concepts across the internal audit material. This is possibly why the syllabus is misleading saying 5-15% & 10-20%. Majority of my questions contained some element of the 3 areas. If not, it was IT related to the big 3.

    PLEASE PLEASE PLEASE do not waste too much time on the financial management portion. Although the syllabus says 10-20%, it was more like 5% for me. I don’t even think I had 10 financial questions.

    • Stephanie says:

      Yes, agree — the big topics are embedded in others so it is in fact an even bigger representation. And yes! Don’t spend much time on the financial management portion. I must have repeated myself 50 times here, but really, I hope people get it 😉

      • Nur says:

        Dear Stephanie

        Im currently studying for CIA pt 3 and im very worried about the financial portion. There is too much concepts, formulaes etc to learn and understand, especially that i am not an accountant and have not come across some of these concepts before. When you say “dont spend too much time on financial mngt portion”, what exactly do you mean? Appreciate your advice on how much studying id need to do on this portion to just be able to pass this particular portion? Another question i have is – if i were to get all of the financial portion questions wrong, will it affect my overall exam score? Thank you in advance for your kind assistance.

        • Stephanie says:

          Hi Nur,
          On the financial management portion, there should be a bunch of computational questions (from Gleim) that are pretty complex. I believe Gleim extracts these questions from CPA/CMA exams. It’s great for learning, but if your purpose is to just pass this exam, I would just skip them. But stick with the basic questions, and ones that if you straightly apply the formula you will get the answer.

          You don’t need to pass a particular portion for an overall pass. As long as you do well enough overall it’s good. Of course it is always the best to master every topics in Part 3 but it’s pretty hard to do for full-time professionals.

          So don’t worry just work on improving the performance one topic at a time! Stephanie

  • Jessica says:

    Hi everyone,

    I just passed Part 3 yesterday on my first attempt, which completes my certification. I am so thankful I found this website during my Part 2 preparations, because I’m not confident I would have passed Part 3 without the insight provided here.

    I agree with David’s comments 100%. He is spot on. I’m a non-accountant and spent entirely too much time concerned about the financial chapters. I used the Gleim premium review and all supplemental reading referenced above. Initially, before referring to this website, I was a little misled by Gleim’s layout of the material and put more emphasis on the calculations, financial chapters, and some other areas than necessary. I would advise anyone else struggling in the financial area to not be so concerned.

    As I read on this website, Gleim didn’t do Part 3 justice in the areas of Risk Management, Governance, and CSR. I also found the GTAG supplemental reading helpful. I thought this reading was enough combined with Gleim, but I did use every resource available through Gleim (video lectures, audio, read, and practice quizzes).

    I studied for this exam about 6 hours a week from early November 2016 through the holidays, then began daily study on January 1. From January until March 8, I studied about 12 hours a week (more or less depending on how hard a topic was for me, to stay on track with my Gleim study planner). I felt like I was rushing to cram this amount of material into that timeframe, but I set my test date in January and was dedicated to taking it on that date. I began my final review on March 9, including a practice test (I scored 71), and studied a minimum of 3 hours per day up until about 48 hours until my test. I’d guess I studied about 16 hours in the 48 hours leading up to my exam. Not easy, but I am very thankful I dedicated this time and feel it was essential to my passing.

    Thank you all for your advice, as it was crucial for me!! This website is a God send!


    • William says:

      Hi Jessica, big congrats on passing and obtaining your certification. Any advice on how to tackle the difficult questions? Should we be focusing on the key words, or do we have to think a certain way to identify the correct answer? Appreciate you feedback!

      • Jessica says:

        Thank you! I worked these problems much more slowly than Part 1 and Part 2, trying to read very carefully and put on the right “hat” since there are so many subjects in this Part. Although there weren’t many that required computations, the questions required application of knowledge and a deeper understanding. I think having a very good grasp on the underlying concepts is key. The Gleim MC was helpful, but I agree that the actual questions were tougher than the majority of my review questions.

    • Stephanie says:

      Hi Jessica, so happy for you and I am truly very glad that this site has been helpful to your Part 3. This is the exact reason why I set up the website. It made my day!

    • Nur says:

      Hi Jessica

      Thank you for your tips/comments. I am taking CIA part 3 for the first time next week and am struggling with the financial chapters. Like you, im a non-accountant by background and i fear the financial chapters!! After reading everyone’s tips n comments here on not to be so concerned with the financial chapters, id like to know how much studying should i put into the financial chapters? I understand from the comments here that the the financial chapters should be the least of my concern, but how well should i know the concepts, formula and calculations? And if i were to not bother with it and instead focus all my energy and time in studying hard on governance, IT, CSR and Risk Mngt, will it affect my overall exam score? Thanks!

  • Melanie says:

    Hi Guys,

    I’m taking the exam the first week of April and am so glad I found this site. I’ve read through and made notes on were to refocus. My only question is around David’s advice to go thru the IIA practice guides. Do you think this is critical or very helpful to passing? Did anyone else take this approach?


    • Jessica says:

      What review system are you using? I used Gleim and was glad I read the practice guides and GTAG. There were areas that were not well covered by Gleim and I felt like the supplemental reading proved useful. I definitely can’t see that it would hurt, regardless. Good luck!

  • Elise says:

    I passed the CIA part 3 today after multiple attempts. This is what i did which helped me this time around.
    I read all sections of this blog dedicated to retakers. As David said read practice guides on ERM and governance, CSR, IT. To this list i will add IIA guidance on Global Reporting Initiative, this was a new topic to me. I studies the following materials which i obtained from the IIA website:
    Assessing Organizational Governance in the Private Sector​ ​
    Assessing the Adequacy of Risk Management Using ISO 31000​
    Coordinating Risk Management and Assurance​
    Evaluating Corporate Social Responsibility/Sustainable Development​
    Auditing Application Controls
    Global Technology Audit Guide (GTAG) 17: Auditing IT Governance
    Auditing User-developed Applications (Previously GTAG 14)
    Information Technology Risk and Controls, 2nd Edition (Previously GTAG 1)
    Business Continuity Management (there is a power point version which is summarized and straight to the point)

    Do not attempt to answer all question in Gleim or whatever study guide you are using. Focus on mastering the concept. I watched YouTube videos for some of the topics I could not understand.

  • N says:

    Thanks Steph and everyone who shared their success tips on part 3. To be honest, initially I was frustrated and reluctant to take part 3 because of its difficulty and myriad material. But when I walked through this website and contemplated the handy tips shared, I couldn’t be more grateful.. Now I feel very determined to take part 3 with all confidence.

    Thanks all again!

  • N says:


    I just visited the IIA Website – Supplementary Guidance page; There are tons of papers.. Which papers should be studied for part 3? could you specifically guide me ? or name them?


  • Gunjan Deo says:

    I second Davids advice here. I took my third attempt for CIA Part 3 and Passed! Thank you David, Lynnel and Stephanie for the tips and tricks.
    I made a huge change in the study approach this time – relying more on the IIA supplementary guidance and GTAG along with the IIA study materials instead of focusing too much on practicing questions. The recommended study areas were spot on. I used to spend way too much time on financial and accounting area last time, but this time after reading this guidance I just practiced 20 questions from gleim and focussed on concepts.
    I come from an accounting background and I’m not so familiar with the IT areas. The flashcards on IIA on this topic were quite helpful.
    Hope this helps.
    Good luck to those who are taking the exam next.


  • James says:

    Hi everyone,
    I am studying for Part III and I just want to get better idea about exam Section weights since it seems that Gleim’s breakdown is not very reliable. Here is what I came up with based on discussions:

    Section I: Governance/Business Ethics (Chapter I in Gleim) – STUDY HARD
    Section II: Risk Management (Chapter 2) – STUDY HARD
    Section III: Organizational (Chapters 3-4) – STUDY HARD
    Section IV: Communications (Chapter 5) – NOT MANY QUESTIONS – DON’T OVERSTUDY
    Section V: Management/Leadership Principles (Chapters 6-10) – ????????????????????????
    Section VI: IT/Business Continuity (Chapters 11-13) – STUDY HARD
    Section VII: Financial Management (Chapters 14-18) – NOT MANY QUESTIONS – DON’T OVERSTUDY
    Section VIII: Global Business Environment (Chapters 19-20) – NOT MANY QUESTIONS – DON’T OVERSTUDY

    Please correct me if I am wrong. Please let me know about Section V.
    If Section V is not a big part of exam, is it fair to say that concentrating on 7 chapters (1-4, 11-13) gives me the best chance to pass?

    • William Chan says:

      Here’s the breakdown for Part 3 (with Gleim study system):

      CSR – study hard
      RM, COSO, ISO31000 – study hard
      ITGCs & Application Controls – study hard
      BCP and Outsourcing – study hard
      all other sections in Gleim – review the Gleim’s test-bank with full understanding behind all the questions
      Financial Mgmt – light study

      Good luck!

      • Kim says:

        I can agree with this breakdown!

        Just took the test last week and passed. I am a very bad example, as due to circumstances, I did not have time to properly study. So I ONLY took about 1/3 of the online questions (Gleim) as preparation. However, I do have experience in risk management, internal audit, internal control and BCP (9 years), so that was quite an advantage.

    • Stephanie says:

      Hello James,
      Thanks for the sharing. What Gleim offers is the average of the weighting in each exam. Each exam is different so it’s hard to predict based on one experience (or any experience). But I generally agree to your summary above. Cheers, Stephanie

  • Mely says:

    I did the Part 3 exam today. I used the tips gained in regards to reading the practice guides and I passed on the first attempt. I also used both the Gleim and CIA test Preps. The CIA explains the IT and COSO aspects better than Gleim. However I found the Gleim questions more challenging than the CIA. The exam was predominantly on the topics of CSR, IT Governance, COSO, and the ERM framework. There were only 4 accounting questions. Hope this info helps as prior comments helped me.

    • Nur says:

      Hi, Congratulations on passing your CIA part 3! Im taking mine next week and im nervous about it as majority has said that its challenging. Since you’ve recently sat for it (and passed!) would you mind sharing some insights? Particularly on the type of questions on the predominant topics; where they conceptual type questions? Do we need to know each of the topics inside out? And as for the practice guides, how was it helpful to you? Was it in terms of enforcing the concepts you’ve learnt? Any other insights you think can help would be great too!!

    • Stephanie says:

      Got lots of great news in Oct! Congrats Mely — yes good that we have the supplementary materials from the IIA. Everyone said they are very important to the success. All the best to you! Stephanie

  • Ndezi E. Shiwa says:

    Please, I need your advice on passing the CIA part III examinations. Am scheduling to sit for the exam on 20th of December, 2017

  • Jas says:

    Hello All,

    Great tips so far.

    Would anyone be able to let me know how many hours revision they would recommend?

    I know everyone is different but just as a rough guide as I am not sure whether I will be able to sit my exam before Christmas or not!

    Any advise is welcome!


  • Tanya says:

    Hello all,

    I sat and failed my part 3 exam yesterday (588). I only found this site a couple of days ago and really wished I had found it earlier!

    You are so right with regard to the type of questions. I was panicking about the finance element and probably spent too long on it. The majority of the questions were regarding IT, CSR and risk. I found that the IIA books didn’t really cover this so you really need to read the practice advisories and GTAGs etc. The exam also mentioned the Global Reporting Initiative which I had never heard of. I noticed that someone had been able to get a power point presentation from the IIA website on this however I have not been able to find it. Please could you forward me the link?

    Its lovely to hear about people passing after a few attempts, it stops me from feeling like I should give up.

    Thanks for the support, it is invaluable.



    • Stephanie says:

      Hi Tanya,
      Sorry to hear about not passing, but you have a great attitude, and sounds like these tips will help! So I am really confident that you’ll nail in your next attempt. Stay strong, and never give up! Stephanie 🙂

  • Mohammed says:


    I cleared part 1 & 2 of CIA with around one month’s study (mostly with Gleim), but I could not clear part 3.

    I am advised I need to wait for 90 days before I can re-take the exam. Is there any way we can request for re-exam earlier.

    Also appreciate if anyone can advise how to better prepare for part 3.


    • Stephanie says:

      Hi Mohammed,
      Part 3 is quite different with a much broader scope, so no worries, you will nail it in your next attempt.
      I don’t think there is a way to request an earlier exam though (otherwise the majority of candidates would request it).

      It’s hard, I know, but try to get some rest and recharge yourself 🙂


  • Osama Siddiqui says:

    Hi everyone,

    Today i passed my CIA Part 3 exam. Thanks for all the tips! they were really helpful.

    Main subjects tested were IT Governance, Application controls, CSR, Financial Concepts (hardly any calculation). GTAG 1,4 and 17 were quite helpful.. just read them 2-3 times.. and keep a good focus on IT section overall.. Thank you once again!!

  • Dee says:

    Hello all,

    I took the CIA 3rd part today and finally passed! I have to thank everyone’s comments and advice. Based on the advice in the comments and article, I changed my study approach this time and downloaded all the GTAG and Practice Advisories everyone suggested and re-read them 2 times. The exam was primarily IT Governance, CSR, COSO, application controls, ERM, conceptual financial questions. Good luck to everyone else studying for the exam!

  • Audrey says:

    I passed all three exams on my first try and finally have my CIA certification! I could not agree more with everything that is posted on here. This blog helped me so much!

    Governance, Risk Management, CSR, and IT (specifically being able to apply which type of control – general, application, logical, etc) to scenarios are all super important. The practice guides referenced also helped me get a better understanding in addition to my Gleim materials.

    If you have a background in accounting, I definitely recommend glazing over the management accounting, financial accounting, and finance sections. I think I had only two questions that related to these topics and they were very basic and did not have anything to do with the 50 or so formulas listed throughout these sections. I’m very happy I essentially skipped over this stuff to focus on the other areas!

    Good luck to everyone studying!

  • Steve says:

    Hello All,

    I have been revising the CIA Part 3 material religiously for about 2 months now and really struggling to remember all the information.

    Has anyone any revision tips? I know everyone is different but purely from a perspective of retaining all the information. Or even just getting through all the information?

    Could people give the study methods they used please? Are there any topics (other than Financial) that people wouldn’t get too caught up on?

    Any help would be appreciated please!


    • Audrey says:


      I had the same concern. It is pretty impossible to know all of the information. If you are using gleim, I would focus on the study units with this level of detail:

      HIGH: Study Units 1-5
      HIGH: Study Units 11-13
      MEDIUM: Study Units 6-10
      MEDIUM: Study Units 19-20
      LOW: Study Units 14-18

      If you really know the governance, risk management, CSR, and IT areas, you should be able to pass. Hope this helps!

      • Jim says:

        Hello All,

        Worrying about this exam.

        From the comments above I am going to focus 90% of my studying time on Governance, Risk Management, CSR and IT areas.

        When people say focus on ‘Governance’ do they mean the Governance section in the text books or do they mean Governance in all areas of the text books? (I.e. Governance in IT etc etc).

        Furthermore, when people say ‘learn the Financial prinicples’ what do they exactly mean by this please?

        Thank you for any responses in advance.


  • Anna says:

    I am scheduled to take part 3 of the CIA exam tomorrow. I’m so nervous. I read the GTAGs once and am afraid, I didn’t read them enough times for the concepts to stick. This is my second attempt at the test and I found this website late in the process. Please wish me luck.

  • Anna says:

    Hi I took the CIA part 3 exam tonight and passed. I’m so excited and I am still in shock. This is my second attempt at the test. I’m ever so grateful I found this website. It was a great help. I thought I would return the favor and summarize what I believe was important. A lot of this information can be found in comments by those who posted their comments.

    1) IT is heavily tested on the exam
    2) There is no need to study detailed financial calculations. Know the concepts and you will be fine.

    Gleim Chapters guide:
    1) Chapters 1-5 study hard
    2) Chapters 11-13 study hard
    3) Chapters 6-10 medium
    4) Chapters 19-20 medium
    5) remember know the concepts of the financial sections; no need to perform detailed calculations.

    Reading these guidance several times is must. I don’t think I could have passed the exam without reading the following:
    1) GTAG 2: Change and Paych Management Controls
    2) Global Reporting Initiative
    3) GAIT for business and IT Risk
    4) Business Continuity Management
    5) GTAG 7 Information Technology Outsourcing
    6) The Three Lines of Defense in Effective Risk Management and Control
    7) GTAG 8 Auditing Application Controls
    8) IIA Position paper: The role of Internal Auditing in Enterprise Risk Management
    9) Assessing the Adequacy of Risk Management using 31000
    10) Evaluating Corporate Social Responsibility/Sustainable Development
    11) Assessing Organizational Governance in the Private Sector
    12) Auditing User Developed Applications
    13) GTAG 1: Information Technology Risk and Controls
    14) GTAG 17: Auditing IT Governance

    I know this is a lot of information. But reading these guidance is a MUST.

    Remember ISO 31000, IT and CSR is heavily tested and reading these guidance to understand the concepts will help answer questions on the exam.

    It’s not about learning the questions in A test bank.

    I hope I can help someone, the way this site helped me. Thank you so much.

  • Donovan Cooper says:

    Hi Anna.

    Did you memorize the important concepts in the 14 reading materials/guidance that you’ve suggested?


    • Anna says:


      I read the 14 materials/guidance twice. And I also wanted to kick myself on the exam because I notice questions on the exam was geared towards the guidance. But I calmed myself down as I was sitting there and remembers what I had read. So I would say take notes on the important elements and try to study them.

      As I said, I failed the exam the first time. The guidance was what helped me pass this time around.

      If you follow this advice it will help you too. Many of folks on this site has said the same. People on here helped me quite a bit and I’m eternally grateful.

      And I know reading all this material seem overwhelming but maybe read 2 or 3 a week?

      Hope this helps.

      P.S. I find myself now continuing to read more of the guidance as it’s helpful to my job.

  • Kai says:

    I just passed part 3. I am now a CIA! I feel so happy , I want to help others. I used Gleim to study for all 3 parts. For part 3 I also bought the IIA study book.
    I read Gtag 1,4, 17
    I also read the IIA guides on ISO 3100 and Risk Management in the Private sector.

    I spent time actively reading the chapters of Gleim by taking notes. Then I took notes on the IIA study book. I did the questions on Gleim and IIA after reading the chapters. I did not max out on the questions.
    My test focused heavily on governance, risk management and business life cycles. Due to timing and the fact I am comfortable with accounting I did not spend much time on Financial Accounting. I just reviewed the basic ratios. I figured based on others, financial management is not tested heavily.
    My advice would be to understand the concepts. Read the practice guides, take notes on them and make flash cards. A month of this and you will be successful. I did not recognize any questions that I studied on the test. But I found the test relatively straightforward since I had studied the concepts.

    Good Luck!

    • Seta says:

      Hi Kai,

      Firstly congratulations.

      If possible, would you give some infos about finance/accounting part of the exam?

      Thanks in advance

      • Kai says:

        I did not have many accounting questions. Very similar to what people said above. Just have a basic understanding of the ratios. I wrote them out on index cards. Most of the questions were conceptual. You do not have to memorize many formulas. I read Gleim’s part for the financial accounting once. I did not read the IIA part for that topic.

        IMO you are better off devoting your time to IT, governance and risk.

    • Sandesh says:

      Hi Kai,

      Did you think it was essential to purchase the IIA guide as well? I am on a small budget and right now have all the practice guides, the gleim part 3 system and all the Gtag’s mentioned.

      • Kai says:

        I am split on this. I was on a tight budget too so I understand. I already had the entire Gleim system. But for Part 3 I did not want to take any chances. Looking back I guess I could have passed with out it. But I without a doubt the IIA lays out the material for Governance, Risk Management, and IT. Gleim gives an overview but I believe IIA book was an integral part to me passing the test. The practice guides I recommended will also help.

        I think you would be able to pass without it but it would be more difficult. I finished Part 3 of the CIA with 40 minutes left! So I advocate for purchasing it if you can swing it.

  • Adham Eliwa says:

    Hello all,

    Thanks a lot for the amazing forum and the useful posts
    I just have a question; what are the supplementary documents that you said they are required for passing the exam, like:
    – ISO 31000
    – IIA guides
    – 14 Guidance (what are the 14)
    – GTAG
    – GAIT
    – IIA position paper

    and more important; where “exactly” can I find them on IIA website. I mean; under which section ? can you give me a link ?
    I am a member of IIA, but don’t really know where exactly to find them.


  • Adham Eliwa says:

    and also; what are the “practice guides” ?

  • warrior says:

    HI All,

    I took the cia part 3 yesterday and passed from first attempt. the below are the reasons for the pass:

    – determination
    – time management
    -resilience and letting go of the past
    – you will face frustration but do not give up! keep going and ignore all what is worrying you because you need to focus on yourself only!!
    -2 months study leave (must)
    – Gleim is more than enough and a very efficient and quick method to rely on. However, you will need to do your own google search for anything that seems unclear especially if you lack substantial experience in the field of internal audit
    – the suggested practice guides and GTAG are a must too because it makes your life easier by understanding everything in out.
    – do not ignore any chapters.. study all chapters.
    – I did all questions from the test prep Gleim, doing so many questions were indeed a key success factor. So spend your time in those questions as 2 hours is not enough for 100 qs!

    I wish you all a good luck in your exam and career… the exam is doable, you just need to do some effort and do not underestimate it because the questions are tricky.

    • Stephanie says:

      Congrats! Wow, not sure if anyone can afford a 2 month leave but I can imagine sufficient preparation time is a key factor of success. All the best Warrior and thanks for giving back to our community 🙂 Stephanie

  • Nasipi Makiwane says:

    How I wish I had seen this website on time.

    I failed the CIA Exam Patr III today. I’m so said.

    But here is what my take
    1. All those IIA Guidance on IT (I only started reading these 2 days before the exam and I didn’t retain all the information well enough.
    2. The ISO 31000 on IIA Guidance
    3. Social Corporate Resposibility
    4. Global Reporting
    5. I had zero calculations on Financial Management, what was tested mostly was the inventory management section conceptually

  • Yannick says:

    I’mplanning to get my CIA…. but after reading all the comments.. im going to ask to all you guys if it is a good thing to start by the ( most difficult) third part? thank you

    • Stephanie says:

      Hmm, not necessarily… I would still go for Part 1/2 first to get used to the exam format etc first.

      But Art Yip (who often comes back to help out candidates) started with Part 3. He passed all parts on first try.

      So, doesn’t really matter but most candidates start with Part 1.

  • LazyAuditor says:

    Hey guys!

    I passed my CIA Part 3 test on the first try yesterday and made a short post about it (how I prepared, what material I read and what questions there were in the exam): https://www.lazyauditor.com/2018/05/27/my-secret-recipe-to-pass-cia-part-3-exam/

    Good luck everyone!

    • Stephanie says:

      Hi Sloth 😉
      Thanks for stopping by my site and I am thrilled that you passed your Part 3! And I love your site. Thanks for mentioning us in one of your posts. Cheers, Stephanie

  • Brave says:

    Please, can I pass part 3 before part 1 and part 3 ?
    And without any knowledge about part 1 and part 3 ?

    Thank You!

  • Dee says:


    Recently, Gleim issued an update to Part 3 to incorporate the new COSO ERM framework. This update completely replaced Subunit 2.2 of the book. The new COSO ERM framework consist of 5 NEW components and not the 8 that I learned in Parts 1 and 2. Apparently, the new COSO framework was issued in 2017. I passed parts 1 and 2 in 2018 but I was only tested on the old ERM framework. For anyone who has taken the test for Part 3 in 2018, where you tested on the new COSO ERM framework or the old framework with 8 components?

    • Dee says:

      I emailed the IIA and was told that the new COSO framework will not be incorporated into the CIA exam until 2019. I am not sure why Gleim changed/updated the 2018 study materials. Gleim has also updated its test banks so you cannot practice questions on the old framework. This is really frustrating and unfortunate for test takers like myself. I really wish they would have waited and released the study material for the new COSO ERM framework with the 2019 edition of the study materials for the CIA exam. I am still curious as to what any recent test takes may have encountered during the exam in regards to the COSO framework. Any insight is welcomed! Thanks, Dee

  • Justin says:

    Hi all,

    I passed part 3 on my second attempt Monday (6/25). A few takeaways…

    1) CSR, Risk Management, and IT Governance tested heavily. I would suggest heavy study with the Gleim materials as well as the Practice Guides referenced in the messages below for these sections.
    2) Only 2 calculations. Pretty simple ratios. Most content questions related to Accounting and Finance were around inventory methods and the most appropriate. I agree with everyone below that Gleim goes way to deep on these sections.
    3) I had roughly 5-10 questions on COSO ERM. I work with this framework in my day to day but for those who don’t I would suggest reviewing any practice guides related to this area.
    4) ISO3100 definitely read this practice guide for this area a few times to really understand how to apply to different scenarios.
    5) I personally struggled with the the business life cycles so again got comfortable enough with Gleim that I could identify which phase the question was asking about which really helped for these questions (maybe 3-5 total)
    6) One of the biggest tips I got was to mimic the testing environment as much as I could when studying. I went to the local university library and sat in a cube similar to at the testing center. I also tried to always do practice questions around the time that my exam was scheduled through so it almost became routine.

    Good luck!!

    • Mari says:

      Hi Justin,
      Since you the attempted the exam twice, I was hoping to understand if the topics that appeared in the second attempt were the ones that didn’t show up in the first?
      Did you have the same topics as you mentioned in your note above for both your exams?

    • Meghan D says:

      Congrats! I’m surprised you only saw a few questions requiring calculations. Thank you for letting everyone know about your exam experience!

  • E says:

    There was recently (June 2018) an update to the content of Part 3 related to the COSO enterprise risk management (ERM) framework. Any tips or insights from recent test takers on how the new COSO framework is tested?

  • Audit Audit Audit says:

    Hello All,

    I passed Part 3 on my second attempt Friday.

    I am not one for posting on blogs but feel obliged to contribute to this website as it helped me a lot! So I would firstly just like to say thank you very much to Stephanie.

    My Recommendations:

    – Control Frameworks (COSO, COSO ERM, ISO31000, Turnbull, Kings Report on Corporate Governance, Criteria of Control (CoCo), Cadburys Model, COBIT, e-SAC). Although Kings, Cadburys etc may not seem relevant for CIA Part 3, they definitely are. I personally learnt these all off by heart. By this I mean I was able to write out their Characteristics, elements, principles and components off by heart. This may seem rather excessive but I feel like this really was key to my success in this exam. How did I do this? I spent a few hours one day writing out each framework around 20- 30 times each. Then after this I spent 10 minutes everyday writing these out once or twice. This enabled me to get into the exam and before clicking ‘Start exam’, write out all of the memorised control frameworks as notes to refer back to when completing the questions. I would focus on getting every detail of ISO31000 drilled into your minds.

    – CSR – I learnt the definition off by heart and heavily studied this. There was a number of questions on CSR. Read the ISO26000 CSR and Global Reporting frameworks off by heart also.

    – Business Continuity – I would say this is one of the most important to learn. I personally printed out GTAG 10, which I don’t think has been listed below. This GTAG gives a really good level of detail and understanding on what it is and the differentiation between Business Continuity Management, Business continuity plan and Crisis Management etc.

    – Porter 5 forces / Industry Life cycles – Fairly interrelated, I would make sure you are fairly confident with this. I.e. in the maturity stage what would happen to quality, profit, controls etc.

    – Financial management – All of my questions were conceptual, no calculations. I would most definitely focus on Inventory Management I.e. what would happen if Opening Balance inventory was overstated etc.

    – Change Management/ Quality Management – These two cropped up every now and then.

    – In terms of the GTAGs they are very helpful but do overlap a lot. A good thing I found was highlighting the key details and then making notes from them. As mentioned earlier I think GTAG 10 was key to my success with this exam.

    I hope this helps anyone who is taking Part 3.

    Thanks again to everyone who has contributed.

    • Alice says:

      Thanks so much. It is one of the most original posts and also latest update indeed. 🙂

      Can I ask a couple of questions?
      1. Re BCM and GTAG10, is that enough to just go through the ppt on the IIA site instead of the 40 page doc for the sake of time? 🙂

      2. Re Porter 5 forces / Industry Life cycles, what do you mean by “control”, is that strategy, like defending market, diversifying brands etc. during the stage of maturity?

      3. Apart from the above update, how many questions were there for IT and finance respectively? Any other tips?

      Many thanks in advance!

    • Successful CIA says:

      I also recommend what Audit Audit Audit posted, since I just passed CIA Part 3 this month. He or she is right on point.

      In my experience, people posting on this blog have gotten it wrong sometimes. They post about failing a CIA part yet neglect to mention how they studied. (Some people will even criticize a particular exam study package without admitting how little they actually used it.)

      One more comment: I found passing CIA Part 3 to be the hardest. The MCs were tricky and never obvious/quick. Take all the reading very seriously. I was an obsessive studying fool and it paid off. My life still hasn’t gotten back to normal though. I wake up with cold sweats thinking I have to hurry back to my desk to read and review. Then I have to remind myself, no, it’s over. It’s really over.

  • tanya says:

    Hi Guys, i have just taken part 3 again for the 2nd time and got the same result (588). Not sure what to do, I can fit in a resit before the new syllabus starts but I’m unsure whether to do this or wait. I would appreciate any advice.


  • Karla says:

    Hello everyone!!!

    Please your help!!!. I found this PDF in the Global Reporting website that It is the GRI foundation (see the link below), for those who already passed the exam part 3, is this document enough or do we need more information to glace this part from the exam that many of you told us that is frequently tested?


    I really appreciate your comments. Thanks!

  • Malberta says:

    Hi everyone, like a lot of people, I really appreciated this site and valued the most recent exam experiences. I took Part 3 yesterday and passed! What I learned about the exam a whole (Parts 1-3) is do not read too much into the question. Remember that the exam is written in multiple languages, so the wording choice in the question or answers may be vague or not what you would choose yourself if you wrote the question. Nonetheless, do not overthink the answers or dream up scenarios where the answer can fit. Go with the most universal/likely answer. The advice on the site hits the topics tested: risk (know the details of the framework), COSO/ERM, ISO 31000, governance (very general, not detailed) project management/business processes (surprisingly a lot of questions from this area), TQM, PERT, CSR, outsourcing, user developed apps, industry life cycle, SDLC, IT infrastructure, IT application controls, basic leadership principles and theory, and a mixed bag of global business and communication. There were more finance/accounting/cost accounting questions, probably 10-12 total (IRR, NPV, bonds, budgeting, inventory theory, and 1 inventory calculation) than my previous attempt of Part 3 and also material that I never read or seen in my study material (Gleim) but was able to at least rule out 1-2 answers. Goodluck to everyone!

    • Successful CIA says:

      This was fascinating for me to read since I took the Part 3 exam about two weeks before you and had a very different experience!! I also passed, but it sounds like my questions were VERY different. This is really a big lesson to people who read this blog. Every exam is unique. The content is not the same even for people who take the exam at around the same date! What feels heavily tested for one tester may barely be covered at all by another tester.

      • Tina says:

        Congras to you both! thanks also for the good tips.

        Malberta, re business processes you mentioned above, do you mean business process analysis like queuing theory, TOC, re-engineering etc. (Gleim Unit 3) or some business processes like EOQ, inventory management, etc (Gleim Unit 4)? And what does mean “mixed bag of global business and communication”?

        Successful CIA, since you mentioned your exam was quite different, would it be possible to share with us such?

        Thanks again!

  • >