r/InternalAudit

So the thing about me is I really get in there and ask a million questions and really try to understand the process, identify weaknesses and process improvements when I'm auditing.

Without fail, this always rubs the process owners the wrong way. Even after opening the audit by reminding them I'm not trying to pull any punches or catch them in a mistake, when my first pass at testing is complete and I can't move forward without having some questions answered, process owners interpret my questions as passive aggressive or implying they made some kind of error.

I am direct. I usually ask my questions while peppering in my reason for asking. Sometimes I get too detailed so I have to chop it down. It's something I work on, being clear and concise.

Recently, even after doing all my self editing, the process owner I'm auditing who knows my style very well because he used to be my supervisor, told his boss he thought I was being passive aggressive in my questions. His boss talked to my boss and my boss said I'm just detailed and direct and never being passive aggressive. Then he told me about it.

I told my boss I didn't understand why I would come across as passive aggressive to him and asked why people don't just talk to me about it. He said people are afraid of me. They don't expect the level of detail at which I look at things and they get defensive. He said I get in the weeds. That made me cringe because I've always only heard that term negatively. Like we shouldn't get "too into the weeds." But then I'm also complimented for my attention to detail. It's confusing.

I feel like I can't properly provide assurance until I've thoroughly reviewed everything (within the scope). Is that not typical?

I learned on the job and self studied for my CIA and it seems like this is a subtilty to the job I haven't picked up on. I've been in IA for four years. I feel like with every employee I audit that's one more person I've pissed off that doesn't like me anymore because I've over examined them.

So, can an auditor be too detailed even when they remain in scope? How do you know where to stop? Did someone teach you or guide you? Is considering how people react and adjusting your results a conflict of objectivity and independence or is some adjustment normal?

Lastly, I'm also autistic and in the closet about it because I don't want to be seen as less than. I have a sneaking suspicion this is a neurodivergence issue... But I don't know.

Advice requested and appreciated. Thanks for reading.

Hi guys, I have an upcoming IT audit interview and part of the interview details state that I will be presented with a scenario and have some minutes to prepare my response to present to the hiring manager. Has anyone done this kind of interview lately? What were some of the scenarios you were presented with?

Have not heard good things about their work culture and have heard they do stack ranking. What is it like working in IA?

I have just applied and scheduled my CIA challenge exam this year, and trying to find study materials from IIA but couldn’t find anything. Then i saw they partnered with Becker, and they offered different packages.

Can anyone share your experience on whether i should get the CIA Review package or the CIA Challenge Exam Review - Essentials package?

Can anyone who has successfully taken the CIA Challenge exam please recommend what study materials worked for them and if possible why?

And does the IIA provide any study materials or question banks at all? Free or included in the application/exam fee?

Just wanted to get a sense of the RTO requirements for those in Internal Audit, especially those working in the northeast US (NYC, CT, Penn).

For context, I work at an investment bank in NYC and the RTO has increased to now 4days per week. If there is a holiday, or you take a day off, you are still required to meet the 4 day requirement.

This is becoming increasingly hard for me as I have a toddler at home and I have to help with daycare dropoff/pickup….

Just wanted to get a sense of what the “norm” is nowadays.

For the June month, will CIA part-wise results also be declared in 8 weeks, or is that only for the Challenge Exam?

My team feels severely understaffed for our size. $4B annual sales. International pharmaceutical/self care company. Multiple reporting segments and geographic clusters. 25+ countries for physical presence and even more for distribution.

8 total.

1 VP

1 BP Director

1 BP Manager

3 BP Staff/Senior

1 IT Director

1 IT Senior

For people in internal audit / IT audit / AI assurance:

Are your teams using AI to draft workpaper language, control-testing summaries, issue language, or management-response summaries yet? I’m trying to understand how firms are handling the review boundary. The risk I keep thinking about is not just hallucination. It is AI-generated language that sounds professional but subtly changes the meaning of the record:

- a sample becomes a population

- a limitation becomes comfort language

- a pending item becomes resolved

- vague language starts sounding like a conclusion

- a required format gets ignored

For teams already allowing AI-assisted drafting, is there a formal review step before the language enters the audit file? Or is this still mostly handled through normal reviewer judgment?

I feel burnt out with my job, need to get some advice.

My audit shop has a strict, unwritten rule: We are never allowed to issue clean audit reports. We are forced to find at least 4-5 observations in every single engagement.

Still, there are lots of restriction on what's not qualified as an audit point:

• If it costs money (like implementing a data classification tool to stop data leaks), it’s banned for being too expensive.
• If it’s an industry best practice (like sending security questionnaires to vendors), it’s banned for being "too academic" with no immediate, visible effect.

I’m currently halfway through an audit on Third-Party Risk Management. With these constraints, I am struggling to come up with any valid points. The deadline is looming, and my anxiety is through the roof. Please help.

Does being a CIA give the holder an advance to move abroad? Does it increase the job opportunities?

I am in the US and passed all three parts of the CIA exam in 4 months and on the first attempt. I do have three years of internal audit experience. For me, part 3 was the easiest, followed by part 1 and then part 2 being the hardest. I used Becker and thought it was wonderful, but I also had the opportunity to use Gleim and to me, Gleim is awful. I am sure my experience helped, but some of the concepts involve logic and knowing the Standards, not just memorization. It can be very overwhelming but it can be done!

Hi all,

How long did it take you to study for and pass all 3 parts of the CIA?

I’m not from an audit background, but I worked 2 years as an Internal Auditor at a large multinational and enjoyed it. I’m considering going back into audit, but many job postings seem to require/prefer the CIA and is a blocking point.

Trying to understand the realistic time investment needed before I commit.

I’m a Certified Fraud Examiner (CFE) and a Certified Regulatory Compliance Manager (CRCM). I’m considering obtaining the CAMS certification as well at some point.

I know people generally find the CFE exams to be a lot easier than both the CRCM and CAMS. For those of you who have both the CRCM and CAMS certifications, which one was more difficult for you to obtain? If you could compare and contrast the two, I think that would be helpful for me.

For additional context, I worked for an FFIEC agency in the U.S. and participated in some BSA/AML exams of financial institutions, but I wouldn’t say I’m a BSA/AML expert by any means. I bought the book Anti-Money Laundering in a Nutshell (Second Edition) by Kevin Sullivan, which I’m essentially reading for fun this summer before potentially diving into the ACAMS study materials later this year or early next year.

Thanks in advance for any responses to my post.

Quick Review on my background, and if CIA for me or not, and do these counts for CPE, and please don't tell me to take CMA, or CPA, thank you:

⁠Bachelor’s degree in accounting, with 6 months as External Auditor at Deloitte
• ⁠Manage daily financial operations
• ⁠Review and process payments, invoices, and taxes
• ⁠Payroll
• ⁠Verify vendor bank details and keep records
• ⁠Perform vendor checks, including sanctions screening
• ⁠Ensure all payments follow company policies
• ⁠Check transactions to reduce risk
• ⁠Prepare monthly, quarterly, and yearly budgets
• ⁠Support the General Manager with financial reports
• ⁠Coordinate with the Dubai office as they do the journal entries and monthly closing
• ⁠Keep records organized and ready for audit
• ⁠Identify risks and suggest improvements
• ⁠Provide basic IT and admin support for the office

Passed my CIA finally! 😭

Took 2 attempts for part 3 but its done (thank you to everyone in this community that shared their experience and provided guidance on my previous posts)

Just wanted to share my CIA completion and wish everyone best of luck in your journey! 🥳

Do feel free to let me know what I'm supposed to do next to get my certificate (I'll be trying to figure it out 😅)

Edit: Link to my previous post which had insights that helped me with this attempt

https://www.reddit.com/r/InternalAudit/s/cmOUTQyJv9

​

Hi everyone,

I recently passed all three parts of the CIA exam, and my CCMS/access page now shows “Passed” for all parts.

I’m trying to figure out the next step: where exactly can I see the official CIA designation/certificate with my name on it?

Should there be a certificate tile or downloadable PDF in CCMS?

Does it only appear after The IIA verifies experience/education requirements, or should it show immediately after all exam parts are passed?

For anyone who recently completed the CIA process, how long did it take for the designation/certificate to appear, and where did you find it in CCMS?

Thanks.

Hi
Is iia mock exams harder than the real one? For part 1, i have the exam on Monday. I scores 73&70% on iia mock exams. Should i reschedule or how to improve

I gave part 1 on May 9th. I wasn't expecting any positive results and here's why. I found the reddit discussions rather late in my preparation journey. What I did wrong:

1. Hyper focused on the Gliem material. They seemed super easy and obvious to me. Honestly some of the sections felt like a value education class to me.

2. I had subscribed to the Udemy CIA part 1 lecture and a course which has around 1125 MCQs. I practised around 500-600 of them due to lack of time.

3. Made use of Chatgpt to quiz me with some MCQs but they were supppperrrr simple no matter how many times I asked Chatgpt to make it tougher.

Needless to say I half-assed the preparation. Nevertheless, I will give another attempt in a month's time and hopefully won't waste money.

What I learnt from reddit community:

1. Absolutely be thorough with the IIA Standards (the red book). And by thoroughly not mindlessly mugging it up, but actually understand the concept.

2. IIA practise questions. However they are a little pricey and I am wondering if completing the Udemy MCQs would help.

3. Use Gemini AI to prepare super hard MCQs.. apparently gemini is better than Chatgpt.

Is there something I am obviously missing in my prep? Please let me know. Thank you all in advance.

First time reddit poster! 😊