Monday, December 18, 2017

Certified Government Auditing Professional® (CGAP®)

The Certified Government Auditing Professional® (CGAP®) is a specialty certification designed for and by public-sector internal auditing practitioners. The exam tests a candidate’s knowledge of the unique features of public-sector internal auditing — fund accounting, grants, legislative oversight, confidentiality rights, and more. The program’s broad scope emphasizes the internal auditor’s role in strengthening accountability to the public and improving government services.

The one-part Certified Government Auditing Professional® (CGAP®) exam includes 125 multiple-choice questions, covers four domains, and requires a completion time of three hours and fifteen minutes. The exam includes questions on INTOSAI government auditing standards. Candidates who registered to take the exam in the United States will receive a local version with questions on U.S. Government Auditing Standards (Yellow Book).

Standards tested on the CGAP exam:

The Institute of Internal Auditors (IIA) Professional Practices Framework (P) (Includes the Code of Ethics, International Standards for the Professional Practice of Internal Auditing, Practice Advisories, and Development and Practice Aids)
International Organization of Supreme Audit Institutions (INTOSAI) Standards and Code of Ethics (A)

Exam Nondisclosure
The CGAP exam is a nondisclosed examination, which means that current exam questions and answers will not be published or divulged.

Note: Exam topics and/or format are subject to change as approved by the Board of Regents.


Domain I: Standards, Governance, and Risk/Control Frameworks(10-20 percent)

  1. Standards
    1. Role of a comprehensive set of auditing/evaluation standards (A)
    2. Application of appropriate standards in all assignments (P)
    3. Role and impact of other auditing standards (standards of public accounting bodies, quality assurance bodies, etc.) and their relationship with the above standards (A)
  2. Governance
    1. Governance in the public sector (e.g., audit committee, code of conduct, open government, public scrutiny, equity, accountability) (P)
    2. Role of audit within the governance structure (P)
  3. Risk/Control Frameworks (e.g., COSO, CoCo)
    1. Role of frameworks (A)
    2. Elements of a risk/control framework (P)
    3. Application of frameworks (P)
  4.  IIA Code of Ethics (P)


Domain II: Government Auditing Practice(35-45 percent)

  1. Management of the Audit Function
    1. Need for a formal document of purpose, authority, and responsibility (P)
    2. Policies and procedures (A)
    3. Quality assurance (A)
    4. Planning (A)
    5. Staffing (A)
    6. Marketing the audit function (A)
    7. Mission/role/outcome of audit function within government (A)
  2. Types of Audit Services
    1. Audits of compliance (P)
    2. Audits of performance/value-for-money/operations (e.g., economy, efficiency, effectiveness) (P)
    3. Audits of financial statements (A)
    4. Audits of financial systems (P)
    5. Audits of information and related technology (P)
    6. Consulting/assistance services (e.g., non-audit advisory services) (A)
    7. Integrity services (e.g., Fraud, Waste, and Abuse) (P)
  3.  Processes for Delivery of Audit Services
    1. Management of individual projects (P)
    2. Planning (The role of laws, regulations, rules, and ordinances in your planning process should be considered in the planning process) (P)
    3. Risk and control assessment practices (P)
    4. Performing the engagement (P)
    5. Communicating results (P)
    6. Monitoring results (follow-up) (P)


Domain III: Government Auditing Skills and Techniques(20-25 percent)

  1. Management Concepts and Techniques (A)
  2. Performance Measurement (P)
  3. Program Evaluation (A)
  4. Quantitative Methods (e.g., statistical methods and analytical review) (P)
  5. Qualitative Methods (e.g., questionnaires, interviews, and flow charts) (P)
  6. Methods for the Identification and Investigation of Integrity Violations (P)
  7. Research/Data Collection Techniques (P)
  8. Analytical Skills (e.g., distinguish between significant and insignificant information) (P)


Domain IV: Government Auditing Environment(20-25 percent)

  1. Performance Management (P)
  2. Financial Management
    1. Unique requirements in accounting for and reporting on government financial operations (P)
    2. Principles of taxation and revenue generation (P)
    3. Unique aspects of governmental budgeting (e.g., encumbrances, earmarking) (P)
    4. Government accounting (e.g., fund accounting, resource accounting) (P)
    5. Legal restrictions on sources and uses of funds (e.g., voted funds, conditional grants, revenues) (A)
    6. Investment restrictions for public funds (A)
    7. Activity-based costing/cost-allocation (A)
  3. Implications of Various Service Delivery Methods
    1. Direct delivery by government employees (P)
    2. Grants (P)
    3. Contracts (P)
    4. Joint Ventures/Partnerships/Authorities/Special Operating Agencies/Quasi-governmental (A)
    5. Privatization (A)
  4. Implications of Delivering Services to Citizens
    1. Due process rights of clients/citizens (P)
    2. Confidentiality/privacy/rights of clients/citizens (P)
    3. Issues arising from the methods of funding/delivering services (condition that client receiving service may not be party paying for the services; ability-to-pay principle; user pay; eligibility requirements; limitations on services available; entitlements; etc.) (A)
    4. Reality of conflicting missions (e.g., satisfy both developers and environmentalists, keep families together and kids safe) (A)
    5. Issues associated with at-risk populations (e.g., multiple, interacting causes and conditions; difficulty of measuring prevention) (A)
  5.  Unique Characteristics of Human Resources Management (A)
  6.  Unique Purchasing and Procurement Requirements (P)


P = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in these topic areas.
A = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas


When you are ready to begin the exam, the system will advise you of the time that you have to complete the exam. The time allotted for each actual exam is as follows:

CERTIFICATION IN CONTROL SELF-ASSESSMENT (CCSA)115 multiple choice questions*2 hours and 55 minutes*
CERTIFIED GOVERNMENT AUDITING PROFESSIONAL (CGAP)115 multiple choice questions*2 hours and 55 minutes*
CERTIFIED FINANCIAL SERVICES AUDITOR (CFSA)115 multiple choice questions*2 hours and 55 minutes*


Note:  As of mid-2013 the table above lists the number of questions and timing for the IIA specialty exams. Until the time of transition, the current 125-question specialty exam structure will remain in place. To view the transition timeline, please see:…