How to Pass CIA Part 3 on Your First Try

how to pass cia part 3 on your first try

No matter where you are in the CIA exam process, you must take on CIA exam Part 3 eventually. And when you do, you want to do so successfully. You don’t want Part 3 to take you down because that would lengthen your CIA journey and increase your CIA exam fees. So, in order to prevent a Part 3 fail, you need to learn how to pass CIA Part 3 on your first try. Thankfully, you can do so with this information about the review courses, basics, difficulty, and study tips for Part 3.

Get the Right CIA Exam Part 3 Review Course

First and foremost, I’d like to give you my best advice for passing CIA exam Part 3, which is to use a CIA review course. Trying to pass CIA Part 3 without a review course is such a long, costly, and painful process that it’s nigh unto impossible, so spare yourself the heartache and invest in a CIA review course right away.

A CIA review course is essential because it covers and explains all of the exam content, enables you to develop your knowledge and skills, and supports your study efforts in multiple ways. CIA review courses accomplish so much by presenting you with a wealth of materials such as textbooks, video and audio lectures, practice questions, study planners, performance tracking software, customer service, access to the online platform, and more.

You’ll find many CIA review courses on the market, but thankfully, you don’t have to navigate through them all alone. Instead, you can use my descriptions and comparisons to find the best CIA review course for you. Or, you can simply contact me to get my personal recommendation for you. Then, you can use my CIA review course discounts to get your dream deal on your dream CIA exam prep.

But for now, you should know that Gleim CIA Review is the most widely used course on the market and is, in my opinion, the course most worthy of your consideration. Gleim CIA Review contains dozens of video lecture hours, thousands of CIA Part 3 exam questions, access until you pass, and layers of candidate support. For these reasons, I suggest learning more about Gleim CIA Part 3.

Brush Up on the Basics of CIA Part 3

The title of CIA Part 3 is Business Knowledge for Internal Auditing. Therefore, the Institute of Internal Auditors (IIA) explains that this exam part tests candidates’ knowledge, skills, and abilities with core business concepts. You can see the content areas, subtopics, and coverage percentages of this exam part in the CIA Part 3 syllabus.

2019 CIA Part 3 Syllabus

Business Acumen (35%)

  1. Organizational Objectives, Behavior, and Performance
  2. Organizational Structure and Business Processes
  3.  Data Analytics

Information Security (25%)

  1. Information Security

Information Technology (20%)

  1. Application and System Software
  2. IT Infrastructure and IT Control Frameworks
  3. Disaster Recovery

Financial Management (20%)

  1. Financial Accounting and Finance
  2. Managerial Accounting

This syllabus only serves as an outline. So, to make sure you’re completely prepared for all the topics Part 3 covers, you should follow this advice as you study each content area:

CIA Part 3 Study Strategies

Business Acumen (35%)General business questions will make up the lion’s share of the questions on CIA exam Part 3. Knowing this, you should read up on best business practices as much as possible.
Information Security (25%)Because internal auditors are privy to much more internal data than their external auditor counterparts, the security of that sensitive data is paramount. So, make sure you understand the best practices for protecting corporate data.
Information Technology (20%)Being familiar with the current best practices in IT is essential to the field of internal auditing. Therefore, you must know how data is stored, managed, and connected to intranets and larger LANs to get through this section of Part 3. Also, prepare to answer questions about networking.
Financial Management (20%)Abilities such as identifying money and resource-wasting processes and helping improve them are some of the biggest incentives for companies to hire internal auditors. Therefore, having a solid grasp of the basic financial principals on which businesses operate is key to an internal auditor’s success. For this reason, you must make sure to review best practices before taking CIA Part 3.

As with all CIA exam parts, the CIA Part 3 exam questions are only multiple-choice (MCQs). And, like CIA Part 2, CIA Part 3 has 100 MCQs that you must answer in 2 hours (120 minutes) of total testing time. So, to answer all of the CIA Part 3 exam questions in time, you should average about 1.2 minutes per question.

One other similarity between the CIA Part 3 exam and the other CIA exam parts is the passing score. The IIA converts CIA exam scores to a scale of 250-750 and sets the passing score at 600.

Discover the CIA Exam Part 3 Difficulty

According to past CIA Part 3 exam discussions found on CIA exam forums, CIA exam Reddit, in the comments on my site, and in the feedback I’ve received from my readers, this part has usually been the most challenging for candidates.

People have sited the conceptual nature of the questions and their struggle to deduce the answers as reasons for CIA Part 3’s reputation for being hard. Furthermore, I’ve found that Part 3 trips people up for addressing topics outside the scope of auditing. So, many of the internal auditors who take this part can’t rely on their own experience to help them grasp the concepts. What’s more, the questions are long, tricky, and theoretical, so they require you to memorize a lot of information.

The evidence we have for the difficulty of the CIA exam overall is the pass rates. The IIA does not release pass rates for the individual exam parts, so we can’t compare Part 3 to the other exam parts in this way. However, the overall CIA exam pass rate is currently 43%, which is lower than the CPA Exam pass rates and the CMA exam pass rates. Therefore, we can’t expect any CIA exam part to be a walk in the park.

In fact, of all the CIA exam parts, I believe Part 3 requires the greatest amount of study time due to the nature of the subject matter. This table presents my recommendations for total study hours for each CIA exam part.

CIA Exam Study Hours

Exam PartMinimum NumberSafe Number
Part 130-40 hours55-65 hours
Part 230-40 hours60-70 hours
Part 340-50 hours85-95 hours

So, based on the fact that you’ve got to be prepared to put in almost twice as many study hours for Part 3 than for Part 1, you can tell that Part 3 is a significant challenge.

Yet, with the recent changes the IIA made to CIA Part 3, such as the reduction of its content areas, this exam part’s infamy may not hold up much longer. We can also find hope in the fact that the CIA exam tests candidates’ knowledge of each topic at 2 different cognitive levels.

  • Basic Level: Candidates retrieve relevant knowledge from memory and/or demonstrate basic comprehension of concepts or processes.
  • Proficient Level: Candidates apply concepts, processes, or procedures; analyze, evaluate, and make judgments based on criteria; and/or put elements or material together to formulate conclusions and recommendations.

And thankfully, Part 3 features 32 Basic level topics and just 3 Proficient level topics.

Learn Why People Fail CIA Exam Part 3

While CIA exam Part 3 is a unique obstacle in your path to the CIA certification, the reasons people fail are the same as that of any other accounting certification exam.

Insufficient Preparation Time

One of the most common causes of failing a CIA exam part is underestimating the amount of time needed to study.

Again, the Part 3 CIA exam includes theoretical questions, and only by reading the textbooks of a CIA review course can you be ready to answer these questions. Your work history will not sufficiently prepare you for them.

So, because you’ll need to go through a course to ensure you know all about the exam content and are familiar with the exam questions, you must give yourself enough time to get it done. Don’t rush the process or settle for less than complete preparation.

Insufficient Effort

As a reminder, the CIA exam is a professional accounting certification exam. The purpose of the exam is to prove that you have what it takes to be a Certified Internal Auditor, not just an internal auditor or an auditor. Therefore, because this exam connects to such a prestigious designation, passing it is work.

And by work, I mean quality study time. Quantity alone won’t cut it. So, you’ve got to stay totally focused for the duration of each study session to truly make that time effective. If you’re not invested in the process of learning, you’re not getting any closer to passing the exam. Consequently, you’re just wasting your time.

Furthermore, if this fact doesn’t convince you to concentrate, consider the additional amount of time and money you’ll have trashed if you fail the exam once or even multiple times. If you just refrain from giving your attention to anything else and make every minute count, you can clock super productive study sessions and have enough time to pass Part 3 on your first try.

Unsuitable Review Course for Your Learning Style

You can only blame your CIA review course for letting you down after you’ve ruled out all other options. So, to be certain that your review course was the problem, you must assess your study habits and your usage of the course first. To do so, ask yourself if you

  • studied for a sufficient number of hours,
  • really gave every study session your best effort,
  • answered plenty of practice questions,
  • read the answer explanations, and
  • attempted to strengthen your weak areas.

Only when the answer to each of these questions is yes should you start to assume that the course didn’t fit your learning style or was low-quality. And if this is the case, you would be wise to purchase a course supplement or a new course altogether.

To make sure that you don’t end up with the wrong review course in the first place, you should investigate all of your CIA exam prep options by discovering the pros and cons of the most popular CIA review courses, interacting with the free trials, and seeking my professional CIA course recommendation if necessary.

Follow These Steps to Pass CIA Part 3 on Your First Try

Now that you’ve done some reconnaissance on CIA exam Part 3 by learning what this exam part is all about, how difficult it can be, and why people fail, you’re ready to take action. And, by incorporating each of these CIA exam tips into your CIA exam Part 3 strategy, you can take out this imposing exam part in just one go.

1. Focus on your weak areas.

Homing in on unfamiliar or troublesome content areas is the most efficient way to master the CIA Part 3 material. You don’t need to allocate the same amount of attention to all of the content areas if you’re already super comfortable with some of them.

Instead, you simply need to pinpoint the places in the Part 3 syllabus where you know your knowledge is shallow and put those topics at the top of your study list. Analyzing the CIA exam syllabus and signing up for my free e-course will help you complete the evaluation process.

2. Deepen your understanding of financial and managerial accounting.

Financial and managerial accounting are significant players in CIA Part 3, so base-level familiarity with these areas of accounting won’t suffice. Specifically, you must understand these concepts at the deepest level rather than settling simply for memorization of the associated calculations, especially because the calculation questions are not as common.

Therefore, your knowledge must be extensive because the exam may ask you to apply what you know to determine the effects of financial and managerial accounting in certain scenarios.

Also, your depth of understanding must cover the full scope of financial and managerial topics including:

  • CVP analysis
  • variable costing
  • full costing
  • process costing
  • JIT
  • BEP
  • CM
  • manufacturing COS
  • residual income

So, don’t skimp on either of these content areas or you’ll struggle to answer many of the questions on your CIA Part 3 exam. To ensure you know enough about financial and managerial accounting, utilize all of the resources in your CIA review course, such as the books, video lectures, and assistance from professors.

3. Answer plenty of practice questions about information technology.

The other CIA Part 3 content area that should dominate your studies is information technology (IT). The exam expects a strong foundation in IT by asking about such topics as:

  • The difference between application and ITGCs
  • The types of IT controls, especially the different types of application controls
  • The different IT stakeholders and their job functions and responsibilities
  • Cybersecurity
  • Disaster recovery
  • Data analytics

IT is one area of Part 3 that many internal auditors may struggle through due to their lack of experience. Consequently, you may need to start addressing the basics of these topics by reading your textbooks. Then, use the video lectures and answer explanations of your review course to further develop your understanding.

Then, to nail the information in place, drill through practice questions: a lot of practice questions. You’ll need a course with a pretty big test bank to do so. But, you won’t regret the investment after you’ve passed Part 3.

4. Prioritize learning the concepts over the computations.

In general, CIA Part 3 doesn’t seem to emphasize formulas or computations. So, you must resist the temptation to keep coming back to practice questions like these.

Now, I know that you might find calculation questions easier to answer. But, due to their lack of popularity in Part 3, answering so many of them is not the best use of your time. And you don’t want to realize how true that statement is when you’re sitting for the exam.

So, employ some self-control now and stick to the conceptual questions CIA Part 3 loves to serve candidates.

5. Make sure you understand the context of the question.

Again, the MCQs on the Part 3 CIA exam can be pretty tricky. But you’ll probably find them more confusing than necessary if you rush through the step of reading the question stem. So, avoid this pitfall by taking the time to read each question very carefully.

If you don’t know exactly what the question is asking for, then the answer options that seem feasible will easily blind you to the best answer choice. And don’t forget: the best answer choice is what you’re looking for. Sometimes, the distractor answer options can seem perfectly valid. Therefore, the only way to decide between these and the truly best answer is to have a rock-solid grasp of the concepts and the question.

Get More Info About How to Pass CIA Part 3 on Your First Try

If you’d like to get even more guidance through the process of passing the CIA exam and becoming a CIA, you’ll find it in my free CIA e-course. This course walks you through every step of earning the CIA certification. So, learn more or sign up now!

Please rate this

About the Author Stephanie

I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.

follow me on:
  • jon says:

    hi David, congrats! I’m just starting on my CIA journey. do you mind passing me your email so i could ask more detailed Qs abt the process (instead of posting on mssg boards)?

    • D Tomas says:

      Hi David,
      I followed your four key points to the letter in the cramming area, and that worked a treat!! Excellent advice and right on the mark. I spent too much time previously doing the mock exams and just learning those questions, but reading the GTAGs, and the Guides made a massive difference, largely as the fundamentals are repeated a lot, so bed themselves in to your brain. It also helped highlighting just the essence of key areas. Your advice was invaluable.
      I also saw another site that said ‘read the night before and do another hour the morning before the exam, so things are fresh’. All other advice i’d have previous was to not do anything on the day, but the more recent studies show it’s like warming up for a race, you get your brain working: it really works!!!

  • Jamillah Hughes says:

    Hi David!
    I am scheduled to take Part 3 on March 1, 2017.

    I have been studying via the CIA Learning System since December. I study 1.5 hours every morning before work. I am very confident in all of the concepts except Financial Management. I get anxiety when these test questions come up. Do you have any advice on how to study this last month on this area? There’s just to much material and I have no idea where to focus.

  • Adeel says:

    I just passed part 3 today and agree with all of what is said above.

    I also took the practice exam 3 days ago and failed. I believe Gleim questions are the closest to what one will find in the exams and so won’t recommend the practice exam.

    Jamillah, David’s advice regarding Finance is spot on and I would also recommend to study the book and just go through the questions briefly; don’t overburden yourself there. Major areas to practice are Governance and Risk Management.

    Let me know if I can of any help.

    • Stephanie says:

      That’s awesome Adeel. Thanks for letting us know, and congrats!

    • Jamillah says:

      Thank you so much! That is actually good new regarding Governance and Risk Management as I deal with these items on my day to day job. I have my CRMA as well which helped me understand the concepts.

      What about IT related questions. Did you get many of those?

    • Jamillah says:

      Adeel, you were absolutely right in your assessment. Unfortunately my study strategy was all wrong even though I thought I was taking the advice from you guys on this site.

    • Axo says:

      Hi guy,
      Trust that you doing well.

      Please advise if is it necessary for one to know all the formulars for ratios by heart before taking exam? I am referring to Financial Management Study Unit 15.

      Thank you in advance for our replies.

      • Stephanie says:

        Hi Axo, you are referring to Gleim right? No need… just understanding the basic concepts and the most important formulas should be ok. The exam questions are likely at the general and basic level and you will only get a handful of computational questions.

    • jehan says:

      hi congratulation for passing part 3

      now i want to start part 3 and i am confused which material to buy gliem or iia

      would you please advice

  • semsem says:

    guys, i need ur help for part 3 as i failed last month although i studied MCOs of gliem, IIA, hock, matrix, i really don’t know what to do as i will retake it in March, the exam was Chinese!!!

  • Adfundum says:

    Hello everybody

    Based on your experience, did you get more questions on accounting (1 and 2), Finance (e.g. derivatives, etc.) or managerial accounting?

    I am scared about the mere accounting topics…

    Thanks beforehand for your help!

    • Jessica says:

      I was super concerned about accounting, as well, and these topics were my biggest time sucker. Fortunately, I passed on my first attempt, but if I hadn’t, my biggest regret would have been the amount of time I spent focused on the financial areas in my initial studies. I’m a non accountant and basically tried to relearn basic, intermediate, and managerial accounting (which I hadn’t been exposed in in 7-8 years).. biggest waste in my preparations. Spend no more on these chapters than the rest! I know it’s hard to let it go, but you’ll be glad you did.

  • Jamillah says:

    Hello everyone, I’m back! I took the Part 3 Exam yesterday (March 1, 2017) and failed miserably!

    Not all is lost as I gained valuable insight to the exam.

    David and others are spot on when it comes to what to study for Part 3.

    The LAST thing I would do is spend a lot of time on multiple choice questions.

    I can’t stress enough on how important it is to study Governance, Risk Management, Corporate Social Responsibility (I probably had about 20 questions here). Don’t just study these areas, know them front and back. Every detail written in the practice guides are important. Also study IT Frameworks, General and Application controls. (Know the related ISO’s, governance, CSR, and risk management concepts in these areas as well.)

    I also found that the big 3 (Governance, RM, CSR) were embedded in a lot of other areas. So really know how to apply those concepts across the internal audit material. This is possibly why the syllabus is misleading saying 5-15% & 10-20%. Majority of my questions contained some element of the 3 areas. If not, it was IT related to the big 3.

    PLEASE PLEASE PLEASE do not waste too much time on the financial management portion. Although the syllabus says 10-20%, it was more like 5% for me. I don’t even think I had 10 financial questions.

    • Stephanie says:

      Yes, agree — the big topics are embedded in others so it is in fact an even bigger representation. And yes! Don’t spend much time on the financial management portion. I must have repeated myself 50 times here, but really, I hope people get it 😉

      • Nur says:

        Dear Stephanie

        Im currently studying for CIA pt 3 and im very worried about the financial portion. There is too much concepts, formulaes etc to learn and understand, especially that i am not an accountant and have not come across some of these concepts before. When you say “dont spend too much time on financial mngt portion”, what exactly do you mean? Appreciate your advice on how much studying id need to do on this portion to just be able to pass this particular portion? Another question i have is – if i were to get all of the financial portion questions wrong, will it affect my overall exam score? Thank you in advance for your kind assistance.

        • Stephanie says:

          Hi Nur,
          On the financial management portion, there should be a bunch of computational questions (from Gleim) that are pretty complex. I believe Gleim extracts these questions from CPA/CMA exams. It’s great for learning, but if your purpose is to just pass this exam, I would just skip them. But stick with the basic questions, and ones that if you straightly apply the formula you will get the answer.

          You don’t need to pass a particular portion for an overall pass. As long as you do well enough overall it’s good. Of course it is always the best to master every topics in Part 3 but it’s pretty hard to do for full-time professionals.

          So don’t worry just work on improving the performance one topic at a time! Stephanie

  • Jessica says:

    Hi everyone,

    I just passed Part 3 yesterday on my first attempt, which completes my certification. I am so thankful I found this website during my Part 2 preparations, because I’m not confident I would have passed Part 3 without the insight provided here.

    I agree with David’s comments 100%. He is spot on. I’m a non-accountant and spent entirely too much time concerned about the financial chapters. I used the Gleim premium review and all supplemental reading referenced above. Initially, before referring to this website, I was a little misled by Gleim’s layout of the material and put more emphasis on the calculations, financial chapters, and some other areas than necessary. I would advise anyone else struggling in the financial area to not be so concerned.

    As I read on this website, Gleim didn’t do Part 3 justice in the areas of Risk Management, Governance, and CSR. I also found the GTAG supplemental reading helpful. I thought this reading was enough combined with Gleim, but I did use every resource available through Gleim (video lectures, audio, read, and practice quizzes).

    I studied for this exam about 6 hours a week from early November 2016 through the holidays, then began daily study on January 1. From January until March 8, I studied about 12 hours a week (more or less depending on how hard a topic was for me, to stay on track with my Gleim study planner). I felt like I was rushing to cram this amount of material into that timeframe, but I set my test date in January and was dedicated to taking it on that date. I began my final review on March 9, including a practice test (I scored 71), and studied a minimum of 3 hours per day up until about 48 hours until my test. I’d guess I studied about 16 hours in the 48 hours leading up to my exam. Not easy, but I am very thankful I dedicated this time and feel it was essential to my passing.

    Thank you all for your advice, as it was crucial for me!! This website is a God send!


    • William says:

      Hi Jessica, big congrats on passing and obtaining your certification. Any advice on how to tackle the difficult questions? Should we be focusing on the key words, or do we have to think a certain way to identify the correct answer? Appreciate you feedback!

      • Jessica says:

        Thank you! I worked these problems much more slowly than Part 1 and Part 2, trying to read very carefully and put on the right “hat” since there are so many subjects in this Part. Although there weren’t many that required computations, the questions required application of knowledge and a deeper understanding. I think having a very good grasp on the underlying concepts is key. The Gleim MC was helpful, but I agree that the actual questions were tougher than the majority of my review questions.

    • Stephanie says:

      Hi Jessica, so happy for you and I am truly very glad that this site has been helpful to your Part 3. This is the exact reason why I set up the website. It made my day!

    • Nur says:

      Hi Jessica

      Thank you for your tips/comments. I am taking CIA part 3 for the first time next week and am struggling with the financial chapters. Like you, im a non-accountant by background and i fear the financial chapters!! After reading everyone’s tips n comments here on not to be so concerned with the financial chapters, id like to know how much studying should i put into the financial chapters? I understand from the comments here that the the financial chapters should be the least of my concern, but how well should i know the concepts, formula and calculations? And if i were to not bother with it and instead focus all my energy and time in studying hard on governance, IT, CSR and Risk Mngt, will it affect my overall exam score? Thanks!

  • Melanie says:

    Hi Guys,

    I’m taking the exam the first week of April and am so glad I found this site. I’ve read through and made notes on were to refocus. My only question is around David’s advice to go thru the IIA practice guides. Do you think this is critical or very helpful to passing? Did anyone else take this approach?


    • Jessica says:

      What review system are you using? I used Gleim and was glad I read the practice guides and GTAG. There were areas that were not well covered by Gleim and I felt like the supplemental reading proved useful. I definitely can’t see that it would hurt, regardless. Good luck!

  • Elise says:

    I passed the CIA part 3 today after multiple attempts. This is what i did which helped me this time around.
    I read all sections of this blog dedicated to retakers. As David said read practice guides on ERM and governance, CSR, IT. To this list i will add IIA guidance on Global Reporting Initiative, this was a new topic to me. I studies the following materials which i obtained from the IIA website:
    Assessing Organizational Governance in the Private Sector​ ​
    Assessing the Adequacy of Risk Management Using ISO 31000​
    Coordinating Risk Management and Assurance​
    Evaluating Corporate Social Responsibility/Sustainable Development​
    Auditing Application Controls
    Global Technology Audit Guide (GTAG) 17: Auditing IT Governance
    Auditing User-developed Applications (Previously GTAG 14)
    Information Technology Risk and Controls, 2nd Edition (Previously GTAG 1)
    Business Continuity Management (there is a power point version which is summarized and straight to the point)

    Do not attempt to answer all question in Gleim or whatever study guide you are using. Focus on mastering the concept. I watched YouTube videos for some of the topics I could not understand.

  • N says:

    Thanks Steph and everyone who shared their success tips on part 3. To be honest, initially I was frustrated and reluctant to take part 3 because of its difficulty and myriad material. But when I walked through this website and contemplated the handy tips shared, I couldn’t be more grateful.. Now I feel very determined to take part 3 with all confidence.

    Thanks all again!

  • N says:


    I just visited the IIA Website – Supplementary Guidance page; There are tons of papers.. Which papers should be studied for part 3? could you specifically guide me ? or name them?


  • Gunjan Deo says:

    I second Davids advice here. I took my third attempt for CIA Part 3 and Passed! Thank you David, Lynnel and Stephanie for the tips and tricks.
    I made a huge change in the study approach this time – relying more on the IIA supplementary guidance and GTAG along with the IIA study materials instead of focusing too much on practicing questions. The recommended study areas were spot on. I used to spend way too much time on financial and accounting area last time, but this time after reading this guidance I just practiced 20 questions from gleim and focussed on concepts.
    I come from an accounting background and I’m not so familiar with the IT areas. The flashcards on IIA on this topic were quite helpful.
    Hope this helps.
    Good luck to those who are taking the exam next.


  • James says:

    Hi everyone,
    I am studying for Part III and I just want to get better idea about exam Section weights since it seems that Gleim’s breakdown is not very reliable. Here is what I came up with based on discussions:

    Section I: Governance/Business Ethics (Chapter I in Gleim) – STUDY HARD
    Section II: Risk Management (Chapter 2) – STUDY HARD
    Section III: Organizational (Chapters 3-4) – STUDY HARD
    Section IV: Communications (Chapter 5) – NOT MANY QUESTIONS – DON’T OVERSTUDY
    Section V: Management/Leadership Principles (Chapters 6-10) – ????????????????????????
    Section VI: IT/Business Continuity (Chapters 11-13) – STUDY HARD
    Section VII: Financial Management (Chapters 14-18) – NOT MANY QUESTIONS – DON’T OVERSTUDY
    Section VIII: Global Business Environment (Chapters 19-20) – NOT MANY QUESTIONS – DON’T OVERSTUDY

    Please correct me if I am wrong. Please let me know about Section V.
    If Section V is not a big part of exam, is it fair to say that concentrating on 7 chapters (1-4, 11-13) gives me the best chance to pass?

    • William Chan says:

      Here’s the breakdown for Part 3 (with Gleim study system):

      CSR – study hard
      RM, COSO, ISO31000 – study hard
      ITGCs & Application Controls – study hard
      BCP and Outsourcing – study hard
      all other sections in Gleim – review the Gleim’s test-bank with full understanding behind all the questions
      Financial Mgmt – light study

      Good luck!

      • Kim says:

        I can agree with this breakdown!

        Just took the test last week and passed. I am a very bad example, as due to circumstances, I did not have time to properly study. So I ONLY took about 1/3 of the online questions (Gleim) as preparation. However, I do have experience in risk management, internal audit, internal control and BCP (9 years), so that was quite an advantage.

    • Stephanie says:

      Hello James,
      Thanks for the sharing. What Gleim offers is the average of the weighting in each exam. Each exam is different so it’s hard to predict based on one experience (or any experience). But I generally agree to your summary above. Cheers, Stephanie

  • Mely says:

    I did the Part 3 exam today. I used the tips gained in regards to reading the practice guides and I passed on the first attempt. I also used both the Gleim and CIA test Preps. The CIA explains the IT and COSO aspects better than Gleim. However I found the Gleim questions more challenging than the CIA. The exam was predominantly on the topics of CSR, IT Governance, COSO, and the ERM framework. There were only 4 accounting questions. Hope this info helps as prior comments helped me.

    • Nur says:

      Hi, Congratulations on passing your CIA part 3! Im taking mine next week and im nervous about it as majority has said that its challenging. Since you’ve recently sat for it (and passed!) would you mind sharing some insights? Particularly on the type of questions on the predominant topics; where they conceptual type questions? Do we need to know each of the topics inside out? And as for the practice guides, how was it helpful to you? Was it in terms of enforcing the concepts you’ve learnt? Any other insights you think can help would be great too!!

    • Stephanie says:

      Got lots of great news in Oct! Congrats Mely — yes good that we have the supplementary materials from the IIA. Everyone said they are very important to the success. All the best to you! Stephanie

  • Ndezi E. Shiwa says:

    Please, I need your advice on passing the CIA part III examinations. Am scheduling to sit for the exam on 20th of December, 2017

  • Jas says:

    Hello All,

    Great tips so far.

    Would anyone be able to let me know how many hours revision they would recommend?

    I know everyone is different but just as a rough guide as I am not sure whether I will be able to sit my exam before Christmas or not!

    Any advise is welcome!


  • Tanya says:

    Hello all,

    I sat and failed my part 3 exam yesterday (588). I only found this site a couple of days ago and really wished I had found it earlier!

    You are so right with regard to the type of questions. I was panicking about the finance element and probably spent too long on it. The majority of the questions were regarding IT, CSR and risk. I found that the IIA books didn’t really cover this so you really need to read the practice advisories and GTAGs etc. The exam also mentioned the Global Reporting Initiative which I had never heard of. I noticed that someone had been able to get a power point presentation from the IIA website on this however I have not been able to find it. Please could you forward me the link?

    Its lovely to hear about people passing after a few attempts, it stops me from feeling like I should give up.

    Thanks for the support, it is invaluable.



    • Stephanie says:

      Hi Tanya,
      Sorry to hear about not passing, but you have a great attitude, and sounds like these tips will help! So I am really confident that you’ll nail in your next attempt. Stay strong, and never give up! Stephanie 🙂

  • Mohammed says:


    I cleared part 1 & 2 of CIA with around one month’s study (mostly with Gleim), but I could not clear part 3.

    I am advised I need to wait for 90 days before I can re-take the exam. Is there any way we can request for re-exam earlier.

    Also appreciate if anyone can advise how to better prepare for part 3.


    • Stephanie says:

      Hi Mohammed,
      Part 3 is quite different with a much broader scope, so no worries, you will nail it in your next attempt.
      I don’t think there is a way to request an earlier exam though (otherwise the majority of candidates would request it).

      It’s hard, I know, but try to get some rest and recharge yourself 🙂


  • Osama Siddiqui says:

    Hi everyone,

    Today i passed my CIA Part 3 exam. Thanks for all the tips! they were really helpful.

    Main subjects tested were IT Governance, Application controls, CSR, Financial Concepts (hardly any calculation). GTAG 1,4 and 17 were quite helpful.. just read them 2-3 times.. and keep a good focus on IT section overall.. Thank you once again!!

  • Dee says:

    Hello all,

    I took the CIA 3rd part today and finally passed! I have to thank everyone’s comments and advice. Based on the advice in the comments and article, I changed my study approach this time and downloaded all the GTAG and Practice Advisories everyone suggested and re-read them 2 times. The exam was primarily IT Governance, CSR, COSO, application controls, ERM, conceptual financial questions. Good luck to everyone else studying for the exam!

  • Audrey says:

    I passed all three exams on my first try and finally have my CIA certification! I could not agree more with everything that is posted on here. This blog helped me so much!

    Governance, Risk Management, CSR, and IT (specifically being able to apply which type of control – general, application, logical, etc) to scenarios are all super important. The practice guides referenced also helped me get a better understanding in addition to my Gleim materials.

    If you have a background in accounting, I definitely recommend glazing over the management accounting, financial accounting, and finance sections. I think I had only two questions that related to these topics and they were very basic and did not have anything to do with the 50 or so formulas listed throughout these sections. I’m very happy I essentially skipped over this stuff to focus on the other areas!

    Good luck to everyone studying!

  • Steve says:

    Hello All,

    I have been revising the CIA Part 3 material religiously for about 2 months now and really struggling to remember all the information.

    Has anyone any revision tips? I know everyone is different but purely from a perspective of retaining all the information. Or even just getting through all the information?

    Could people give the study methods they used please? Are there any topics (other than Financial) that people wouldn’t get too caught up on?

    Any help would be appreciated please!


    • Audrey says:


      I had the same concern. It is pretty impossible to know all of the information. If you are using gleim, I would focus on the study units with this level of detail:

      HIGH: Study Units 1-5
      HIGH: Study Units 11-13
      MEDIUM: Study Units 6-10
      MEDIUM: Study Units 19-20
      LOW: Study Units 14-18

      If you really know the governance, risk management, CSR, and IT areas, you should be able to pass. Hope this helps!

      • Jim says:

        Hello All,

        Worrying about this exam.

        From the comments above I am going to focus 90% of my studying time on Governance, Risk Management, CSR and IT areas.

        When people say focus on ‘Governance’ do they mean the Governance section in the text books or do they mean Governance in all areas of the text books? (I.e. Governance in IT etc etc).

        Furthermore, when people say ‘learn the Financial prinicples’ what do they exactly mean by this please?

        Thank you for any responses in advance.


  • Anna says:

    I am scheduled to take part 3 of the CIA exam tomorrow. I’m so nervous. I read the GTAGs once and am afraid, I didn’t read them enough times for the concepts to stick. This is my second attempt at the test and I found this website late in the process. Please wish me luck.

  • Anna says:

    Hi I took the CIA part 3 exam tonight and passed. I’m so excited and I am still in shock. This is my second attempt at the test. I’m ever so grateful I found this website. It was a great help. I thought I would return the favor and summarize what I believe was important. A lot of this information can be found in comments by those who posted their comments.

    1) IT is heavily tested on the exam
    2) There is no need to study detailed financial calculations. Know the concepts and you will be fine.

    Gleim Chapters guide:
    1) Chapters 1-5 study hard
    2) Chapters 11-13 study hard
    3) Chapters 6-10 medium
    4) Chapters 19-20 medium
    5) remember know the concepts of the financial sections; no need to perform detailed calculations.

    Reading these guidance several times is must. I don’t think I could have passed the exam without reading the following:
    1) GTAG 2: Change and Paych Management Controls
    2) Global Reporting Initiative
    3) GAIT for business and IT Risk
    4) Business Continuity Management
    5) GTAG 7 Information Technology Outsourcing
    6) The Three Lines of Defense in Effective Risk Management and Control
    7) GTAG 8 Auditing Application Controls
    8) IIA Position paper: The role of Internal Auditing in Enterprise Risk Management
    9) Assessing the Adequacy of Risk Management using 31000
    10) Evaluating Corporate Social Responsibility/Sustainable Development
    11) Assessing Organizational Governance in the Private Sector
    12) Auditing User Developed Applications
    13) GTAG 1: Information Technology Risk and Controls
    14) GTAG 17: Auditing IT Governance

    I know this is a lot of information. But reading these guidance is a MUST.

    Remember ISO 31000, IT and CSR is heavily tested and reading these guidance to understand the concepts will help answer questions on the exam.

    It’s not about learning the questions in A test bank.

    I hope I can help someone, the way this site helped me. Thank you so much.

  • Donovan Cooper says:

    Hi Anna.

    Did you memorize the important concepts in the 14 reading materials/guidance that you’ve suggested?


    • Anna says:


      I read the 14 materials/guidance twice. And I also wanted to kick myself on the exam because I notice questions on the exam was geared towards the guidance. But I calmed myself down as I was sitting there and remembers what I had read. So I would say take notes on the important elements and try to study them.

      As I said, I failed the exam the first time. The guidance was what helped me pass this time around.

      If you follow this advice it will help you too. Many of folks on this site has said the same. People on here helped me quite a bit and I’m eternally grateful.

      And I know reading all this material seem overwhelming but maybe read 2 or 3 a week?

      Hope this helps.

      P.S. I find myself now continuing to read more of the guidance as it’s helpful to my job.

  • Kai says:

    I just passed part 3. I am now a CIA! I feel so happy , I want to help others. I used Gleim to study for all 3 parts. For part 3 I also bought the IIA study book.
    I read Gtag 1,4, 17
    I also read the IIA guides on ISO 3100 and Risk Management in the Private sector.

    I spent time actively reading the chapters of Gleim by taking notes. Then I took notes on the IIA study book. I did the questions on Gleim and IIA after reading the chapters. I did not max out on the questions.
    My test focused heavily on governance, risk management and business life cycles. Due to timing and the fact I am comfortable with accounting I did not spend much time on Financial Accounting. I just reviewed the basic ratios. I figured based on others, financial management is not tested heavily.
    My advice would be to understand the concepts. Read the practice guides, take notes on them and make flash cards. A month of this and you will be successful. I did not recognize any questions that I studied on the test. But I found the test relatively straightforward since I had studied the concepts.

    Good Luck!

    • Seta says:

      Hi Kai,

      Firstly congratulations.

      If possible, would you give some infos about finance/accounting part of the exam?

      Thanks in advance

      • Kai says:

        I did not have many accounting questions. Very similar to what people said above. Just have a basic understanding of the ratios. I wrote them out on index cards. Most of the questions were conceptual. You do not have to memorize many formulas. I read Gleim’s part for the financial accounting once. I did not read the IIA part for that topic.

        IMO you are better off devoting your time to IT, governance and risk.

    • Sandesh says:

      Hi Kai,

      Did you think it was essential to purchase the IIA guide as well? I am on a small budget and right now have all the practice guides, the gleim part 3 system and all the Gtag’s mentioned.

      • Kai says:

        I am split on this. I was on a tight budget too so I understand. I already had the entire Gleim system. But for Part 3 I did not want to take any chances. Looking back I guess I could have passed with out it. But I without a doubt the IIA lays out the material for Governance, Risk Management, and IT. Gleim gives an overview but I believe IIA book was an integral part to me passing the test. The practice guides I recommended will also help.

        I think you would be able to pass without it but it would be more difficult. I finished Part 3 of the CIA with 40 minutes left! So I advocate for purchasing it if you can swing it.

  • Adham Eliwa says:

    Hello all,

    Thanks a lot for the amazing forum and the useful posts
    I just have a question; what are the supplementary documents that you said they are required for passing the exam, like:
    – ISO 31000
    – IIA guides
    – 14 Guidance (what are the 14)
    – GTAG
    – GAIT
    – IIA position paper

    and more important; where “exactly” can I find them on IIA website. I mean; under which section ? can you give me a link ?
    I am a member of IIA, but don’t really know where exactly to find them.


  • Adham Eliwa says:

    and also; what are the “practice guides” ?

  • warrior says:

    HI All,

    I took the cia part 3 yesterday and passed from first attempt. the below are the reasons for the pass:

    – determination
    – time management
    -resilience and letting go of the past
    – you will face frustration but do not give up! keep going and ignore all what is worrying you because you need to focus on yourself only!!
    -2 months study leave (must)
    – Gleim is more than enough and a very efficient and quick method to rely on. However, you will need to do your own google search for anything that seems unclear especially if you lack substantial experience in the field of internal audit
    – the suggested practice guides and GTAG are a must too because it makes your life easier by understanding everything in out.
    – do not ignore any chapters.. study all chapters.
    – I did all questions from the test prep Gleim, doing so many questions were indeed a key success factor. So spend your time in those questions as 2 hours is not enough for 100 qs!

    I wish you all a good luck in your exam and career… the exam is doable, you just need to do some effort and do not underestimate it because the questions are tricky.

    • Stephanie says:

      Congrats! Wow, not sure if anyone can afford a 2 month leave but I can imagine sufficient preparation time is a key factor of success. All the best Warrior and thanks for giving back to our community 🙂 Stephanie

  • Nasipi Makiwane says:

    How I wish I had seen this website on time.

    I failed the CIA Exam Patr III today. I’m so said.

    But here is what my take
    1. All those IIA Guidance on IT (I only started reading these 2 days before the exam and I didn’t retain all the information well enough.
    2. The ISO 31000 on IIA Guidance
    3. Social Corporate Resposibility
    4. Global Reporting
    5. I had zero calculations on Financial Management, what was tested mostly was the inventory management section conceptually

  • Yannick says:

    I’mplanning to get my CIA…. but after reading all the comments.. im going to ask to all you guys if it is a good thing to start by the ( most difficult) third part? thank you

    • Stephanie says:

      Hmm, not necessarily… I would still go for Part 1/2 first to get used to the exam format etc first.

      But Art Yip (who often comes back to help out candidates) started with Part 3. He passed all parts on first try.

      So, doesn’t really matter but most candidates start with Part 1.

  • Stephanie says:

    Hi Sloth 😉
    Thanks for stopping by my site and I am thrilled that you passed your Part 3! And I love your site. Thanks for mentioning us in one of your posts. Cheers, Stephanie

  • Brave says:

    Please, can I pass part 3 before part 1 and part 3 ?
    And without any knowledge about part 1 and part 3 ?

    Thank You!

  • Dee says:


    Recently, Gleim issued an update to Part 3 to incorporate the new COSO ERM framework. This update completely replaced Subunit 2.2 of the book. The new COSO ERM framework consist of 5 NEW components and not the 8 that I learned in Parts 1 and 2. Apparently, the new COSO framework was issued in 2017. I passed parts 1 and 2 in 2018 but I was only tested on the old ERM framework. For anyone who has taken the test for Part 3 in 2018, where you tested on the new COSO ERM framework or the old framework with 8 components?

    • Dee says:

      I emailed the IIA and was told that the new COSO framework will not be incorporated into the CIA exam until 2019. I am not sure why Gleim changed/updated the 2018 study materials. Gleim has also updated its test banks so you cannot practice questions on the old framework. This is really frustrating and unfortunate for test takers like myself. I really wish they would have waited and released the study material for the new COSO ERM framework with the 2019 edition of the study materials for the CIA exam. I am still curious as to what any recent test takes may have encountered during the exam in regards to the COSO framework. Any insight is welcomed! Thanks, Dee

  • Justin says:

    Hi all,

    I passed part 3 on my second attempt Monday (6/25). A few takeaways…

    1) CSR, Risk Management, and IT Governance tested heavily. I would suggest heavy study with the Gleim materials as well as the Practice Guides referenced in the messages below for these sections.
    2) Only 2 calculations. Pretty simple ratios. Most content questions related to Accounting and Finance were around inventory methods and the most appropriate. I agree with everyone below that Gleim goes way to deep on these sections.
    3) I had roughly 5-10 questions on COSO ERM. I work with this framework in my day to day but for those who don’t I would suggest reviewing any practice guides related to this area.
    4) ISO3100 definitely read this practice guide for this area a few times to really understand how to apply to different scenarios.
    5) I personally struggled with the the business life cycles so again got comfortable enough with Gleim that I could identify which phase the question was asking about which really helped for these questions (maybe 3-5 total)
    6) One of the biggest tips I got was to mimic the testing environment as much as I could when studying. I went to the local university library and sat in a cube similar to at the testing center. I also tried to always do practice questions around the time that my exam was scheduled through so it almost became routine.

    Good luck!!

    • Mari says:

      Hi Justin,
      Since you the attempted the exam twice, I was hoping to understand if the topics that appeared in the second attempt were the ones that didn’t show up in the first?
      Did you have the same topics as you mentioned in your note above for both your exams?

    • Meghan D says:

      Congrats! I’m surprised you only saw a few questions requiring calculations. Thank you for letting everyone know about your exam experience!

  • E says:

    There was recently (June 2018) an update to the content of Part 3 related to the COSO enterprise risk management (ERM) framework. Any tips or insights from recent test takers on how the new COSO framework is tested?

  • Audit Audit Audit says:

    Hello All,

    I passed Part 3 on my second attempt Friday.

    I am not one for posting on blogs but feel obliged to contribute to this website as it helped me a lot! So I would firstly just like to say thank you very much to Stephanie.

    My Recommendations:

    – Control Frameworks (COSO, COSO ERM, ISO31000, Turnbull, Kings Report on Corporate Governance, Criteria of Control (CoCo), Cadburys Model, COBIT, e-SAC). Although Kings, Cadburys etc may not seem relevant for CIA Part 3, they definitely are. I personally learnt these all off by heart. By this I mean I was able to write out their Characteristics, elements, principles and components off by heart. This may seem rather excessive but I feel like this really was key to my success in this exam. How did I do this? I spent a few hours one day writing out each framework around 20- 30 times each. Then after this I spent 10 minutes everyday writing these out once or twice. This enabled me to get into the exam and before clicking ‘Start exam’, write out all of the memorised control frameworks as notes to refer back to when completing the questions. I would focus on getting every detail of ISO31000 drilled into your minds.

    – CSR – I learnt the definition off by heart and heavily studied this. There was a number of questions on CSR. Read the ISO26000 CSR and Global Reporting frameworks off by heart also.

    – Business Continuity – I would say this is one of the most important to learn. I personally printed out GTAG 10, which I don’t think has been listed below. This GTAG gives a really good level of detail and understanding on what it is and the differentiation between Business Continuity Management, Business continuity plan and Crisis Management etc.

    – Porter 5 forces / Industry Life cycles – Fairly interrelated, I would make sure you are fairly confident with this. I.e. in the maturity stage what would happen to quality, profit, controls etc.

    – Financial management – All of my questions were conceptual, no calculations. I would most definitely focus on Inventory Management I.e. what would happen if Opening Balance inventory was overstated etc.

    – Change Management/ Quality Management – These two cropped up every now and then.

    – In terms of the GTAGs they are very helpful but do overlap a lot. A good thing I found was highlighting the key details and then making notes from them. As mentioned earlier I think GTAG 10 was key to my success with this exam.

    I hope this helps anyone who is taking Part 3.

    Thanks again to everyone who has contributed.

    • Alice says:

      Thanks so much. It is one of the most original posts and also latest update indeed. 🙂

      Can I ask a couple of questions?
      1. Re BCM and GTAG10, is that enough to just go through the ppt on the IIA site instead of the 40 page doc for the sake of time? 🙂

      2. Re Porter 5 forces / Industry Life cycles, what do you mean by “control”, is that strategy, like defending market, diversifying brands etc. during the stage of maturity?

      3. Apart from the above update, how many questions were there for IT and finance respectively? Any other tips?

      Many thanks in advance!

    • Successful CIA says:

      I also recommend what Audit Audit Audit posted, since I just passed CIA Part 3 this month. He or she is right on point.

      In my experience, people posting on this blog have gotten it wrong sometimes. They post about failing a CIA part yet neglect to mention how they studied. (Some people will even criticize a particular exam study package without admitting how little they actually used it.)

      One more comment: I found passing CIA Part 3 to be the hardest. The MCs were tricky and never obvious/quick. Take all the reading very seriously. I was an obsessive studying fool and it paid off. My life still hasn’t gotten back to normal though. I wake up with cold sweats thinking I have to hurry back to my desk to read and review. Then I have to remind myself, no, it’s over. It’s really over.

  • tanya says:

    Hi Guys, i have just taken part 3 again for the 2nd time and got the same result (588). Not sure what to do, I can fit in a resit before the new syllabus starts but I’m unsure whether to do this or wait. I would appreciate any advice.


  • Karla says:

    Hello everyone!!!

    Please your help!!!. I found this PDF in the Global Reporting website that It is the GRI foundation (see the link below), for those who already passed the exam part 3, is this document enough or do we need more information to glace this part from the exam that many of you told us that is frequently tested?

    I really appreciate your comments. Thanks!

  • Malberta says:

    Hi everyone, like a lot of people, I really appreciated this site and valued the most recent exam experiences. I took Part 3 yesterday and passed! What I learned about the exam a whole (Parts 1-3) is do not read too much into the question. Remember that the exam is written in multiple languages, so the wording choice in the question or answers may be vague or not what you would choose yourself if you wrote the question. Nonetheless, do not overthink the answers or dream up scenarios where the answer can fit. Go with the most universal/likely answer. The advice on the site hits the topics tested: risk (know the details of the framework), COSO/ERM, ISO 31000, governance (very general, not detailed) project management/business processes (surprisingly a lot of questions from this area), TQM, PERT, CSR, outsourcing, user developed apps, industry life cycle, SDLC, IT infrastructure, IT application controls, basic leadership principles and theory, and a mixed bag of global business and communication. There were more finance/accounting/cost accounting questions, probably 10-12 total (IRR, NPV, bonds, budgeting, inventory theory, and 1 inventory calculation) than my previous attempt of Part 3 and also material that I never read or seen in my study material (Gleim) but was able to at least rule out 1-2 answers. Goodluck to everyone!

    • Successful CIA says:

      This was fascinating for me to read since I took the Part 3 exam about two weeks before you and had a very different experience!! I also passed, but it sounds like my questions were VERY different. This is really a big lesson to people who read this blog. Every exam is unique. The content is not the same even for people who take the exam at around the same date! What feels heavily tested for one tester may barely be covered at all by another tester.

      • Tina says:

        Congras to you both! thanks also for the good tips.

        Malberta, re business processes you mentioned above, do you mean business process analysis like queuing theory, TOC, re-engineering etc. (Gleim Unit 3) or some business processes like EOQ, inventory management, etc (Gleim Unit 4)? And what does mean “mixed bag of global business and communication”?

        Successful CIA, since you mentioned your exam was quite different, would it be possible to share with us such?

        Thanks again!

  • Uche says:

    Hello Stephanie. Do you have any tips on passing the CIA part 3 exams based on the revised 2019 syllabus?
    I also want to thank you for the information shared here, it really helped me in my part 2 exam which I passed yesterday.

    • Meghan D says:


      The article you commented on contains all the tips for passing part 3 (based on the new syllabus). But all of our best CIA exam tips. We’ve compiled those over many years, so give those a read 🙂

      Kind regards,
      I Pass the CIA Exam

  • LF says:

    Here’s my advice, for what it’s worth – if you are serious about passing each part of the CIA exam on the first attempt, invest (yes, it is an investment) in Gleim’s premium review course. No, I’m not getting any compensation from them, I’m someone who passed all three parts in the span of 12 months (taking five months off for my daughter’s tennis season.) Two months studying for each of Parts 1 and 2 (four months total). For Part 3, I kept a log of the hours I studied over the course of three months – 200+ hours.
    – I’ve seen advice on here about reading GTAGs and PGs because review courses aren’t sufficient. With Gleim, I didn’t read anything outside of their study materials.
    – I’ve seen several references on here about CSR being on the exam – not on mine. The material on the exam was pretty much what Gleim prepared me for.

    You can pass these exams if you make up your mind to put in the work – I sacrificed A LOT of family time to pass Part 3.

    Good luck to those of you who are studying. Remember, you’re investing in your career. You can do this!!!


  • >