1.3 Blueprint Sections and Weighting

The four Part 1 sections

The current IIA test specifications divide CIA Part 1 into four weighted sections, labeled A through D. The weights tell you where the 125 questions are most likely to come from, so they should drive your study schedule before personal preference does.

Two sections dominate. Foundations of Internal Auditing (35%) is by far the largest and alone supplies roughly a third of the exam. Combined with Governance, Risk Management, and Control (30%), these two sections account for 65% of all questions — a candidate who masters them is already well past the halfway mark toward the 600 passing line. The other two sections, Ethics and Professionalism (20%) and Fraud Risks (15%), are smaller but rule-rich and easy to score on once learned.

What each section tests

• Section A — Foundations of Internal Auditing (35%) — the purpose, mandate, and definition of internal auditing; the internal audit charter and its required elements; the difference between assurance and advisory (consulting) services; organizational independence (the chief audit executive's functional reporting line to the board) versus individual objectivity; impairments such as self-review and familiarity; the proficiency and due professional care auditors must apply; and the quality program, including internal assessments and external assessment at least once every five years. This is the largest section because it absorbs much of what older outlines split across several separate domains.
• Section B — Ethics and Professionalism (20%) — the principles of the IIA's Code of Ethics (integrity, objectivity, confidentiality, competency), professional skepticism, due care as a matter of conduct, and how auditors recognize and resolve ethical dilemmas and conflicts of interest.
• Section C — Governance, Risk Management, and Control (30%) — governance principles, the Three Lines Model, organizational culture, risk concepts and the risk management process, and control design and effectiveness (often framed through COSO).
• Section D — Fraud Risks (15%) — fraud concepts, the fraud triangle (pressure, opportunity, rationalization), red flags, fraud prevention and detection controls, and internal audit's role in fraud.

Keep a one-page tracker: for each section mark whether you can recall it, apply it under time, and explain why distractors are wrong.

Cognitive levels: Basic vs Proficient

The test specifications tag every objective with a cognitive level that signals how deeply that topic is tested:

• Basic — recall and comprehension. You must know and understand the concept. Example: list the required components of the internal audit charter.
• Proficient — application and analysis. You must apply the concept to a scenario and evaluate options. Example: determine whether a proposed reporting line preserves the CAE's organizational independence.

Part 1 is weighted toward Basic-level objectives compared with Parts 2 and 3, which is why it is considered the most definitional of the three parts — but every section still contains Proficient objectives that demand judgment in a scenario.

Turning weights into a study plan

Allocate review hours roughly in proportion to weight, then adjust for diagnostic misses:

1. Spend the most time on Foundations of Internal Auditing (35%) — it is the single biggest source of points and the broadest in scope.
2. Lock down Governance, Risk Management, and Control (30%) next; it is dense with frameworks like the Three Lines Model and COSO.
3. Treat Ethics and Professionalism (20%) and Fraud Risks (15%) as high-yield, rule-based sections — learn the Code of Ethics principles and the fraud triangle cleanly so you never lose those points.

A weak high-weight section is a far greater threat to your score than a weak low-weight subtopic. Use practice-test analytics to confirm where points are actually leaking before redistributing study time.

How the blueprint maps to the 2024 Standards

The four Part 1 sections are not arbitrary categories — they trace directly to the 2024 Global Internal Audit Standards and the supporting concepts internal auditors must know:

Knowing this mapping helps you read the intent behind an item: a Governance, Risk Management, and Control question is usually probing whether you understand the Three Lines Model (the relationship among management, risk/compliance functions, and internal audit) or the risk management process (identify, assess, respond, monitor), while a Foundations question is often about a reporting line, an impairment to objectivity, or a required element of the charter.

A practical study-allocation rule

1. Anchor on the weights. Foundations alone is ~44 questions and Governance, Risk Management, and Control adds ~38; entering the test weak in either almost guarantees a fail.
2. Respect the second tier. Ethics and Professionalism (~25) and Fraud Risks (~19) round out the exam and contain many quick, rule-based points.
3. Do not lose the easy points. The Code of Ethics principles and the fraud triangle's three elements are small, memorable rules that you should never miss.

Because the weights are public but the exact item count per section can shift slightly between forms, treat the percentages as planning targets, not guarantees, and let your own diagnostic data fine-tune the final allocation.