CIA logo
Focused certification exam prep
Start practice
Home / Study Resources / Core Study Guides / CIA Exam Scoring 2026: How the 600 Passing Score

CIA Exam Scoring 2026: How the 600 Passing Score Works

Updated 10 min read CIA Exam Prep
Table of Contents
TL;DR
  • The CIA passing score is a scaled score of 600 on a 250-750 scale - not a raw percentage of correct answers.
  • All three parts use the same 250-750 scale; each part must be passed independently with a 600 or higher.
  • Effective April 2026, the IIA issues official score results within three weeks of your exam date.
  • The 2025 syllabus added Fraud Risks as a standalone Part 1 domain, directly affecting how Part 1 scores are weighted.

What Is Scaled Scoring and Why Does the IIA Use It?

When candidates first learn that the CIA passing score is 600, a natural assumption is that it represents 60% of questions answered correctly. That interpretation is incorrect - and misunderstanding it can cost you the exam. The IIA uses a scaled scoring model, which means your raw number of correct answers is mathematically converted into a score on a fixed 250-750 scale before it is compared against the passing threshold.

Scaled scoring exists because the CIA is administered continuously throughout the year across Pearson VUE test centers in multiple countries and in more than 14 languages. Different exam administrations use different question sets. Some versions of Part 1 or Part 2 may contain questions that are statistically harder or easier than questions on another administration. Scaled scoring corrects for that variation. A candidate who sat for a slightly harder administration and answered the same proportion of questions correctly as a candidate on an easier administration will receive a comparable scaled score - reflecting true ability rather than test-version luck.

Why This Matters for Your Prep: You cannot reverse-engineer a "pass" from a target raw score. Focusing on mastering CIA-specific content across every domain is far more effective than chasing a particular number of practice questions answered correctly. Depth of understanding - not score math - drives a 600.

The 600 Passing Score: What It Actually Means

The scale runs from 250 at the bottom to 750 at the top, with 600 as the passing threshold. A score of 250 is the lowest possible result and is awarded even to candidates who answer very few questions correctly. A score of 750 represents the maximum. The midpoint of the scale is 500, which means the 600 passing threshold sits meaningfully above the center - it is a genuine performance bar, not a participation mark.

The IIA does not publicly disclose the exact equating formula it uses to convert raw scores to scaled scores, and this formula can shift slightly between exam forms through a process called equating. What the IIA has confirmed is that the 600 standard is set through a criterion-referenced process: subject-matter experts define the minimum level of knowledge a competent entry-level internal auditor should demonstrate, and the passing score is anchored to that standard rather than to the performance of the candidate population.

This distinction matters. The CIA is not graded on a curve. Whether 30% or 70% of candidates in a given month pass Part 2, the passing score remains 600. That is also why published pass rates - which the IIA periodically releases and which have historically fallen in the 40-50% range on first attempt - can vary across exam periods without the score threshold changing.

Key Takeaway

A 600 is not "60% correct." It is a criterion-referenced standard set by the IIA to reflect minimally competent internal audit knowledge. Prepare to understand the material, not to hit a raw-question target.

How Scoring Works Across All Three Parts

Each of the CIA's three parts is scored independently on the same 250-750 scale with the same 600 passing threshold. There is no averaging across parts, and a high score on one part does not compensate for a failure on another. Every part must clear 600 on its own.

Part Questions Time Allowed Passing Score Score Scale
Part 1 - Essentials of Internal Auditing 125 MCQ 2.5 hours 600 250-750
Part 2 - Practice of Internal Auditing 100 MCQ 2 hours 600 250-750
Part 3 - Business Knowledge for Internal Auditing 100 MCQ 2 hours 600 250-750

Because Part 1 contains 125 questions while Parts 2 and 3 each contain 100, the raw-to-scaled conversion process is applied differently for each part. Statistically, answering the same proportion of questions correctly across all three parts does not guarantee the same scaled score - the difficulty profile of each part's question pool and the specific equating parameters for that administration are both factors.

Candidates may sit for the three parts in any order. From a scoring strategy perspective, many candidates begin with Part 1 because it covers the broadest foundational content: Internal Audit Fundamentals, Ethics and Professionalism, Governance, Risk Management, and Control, and the newly separated Fraud Risks domain. Establishing conceptual clarity in Part 1 domains supports performance across Parts 2 and 3, where domains assume fluency with core standards and professional judgment.

The April 2026 Scoring Process Update

One of the most practically significant changes for candidates preparing now is the IIA's updated score reporting timeline, effective April 2026. Under this change, candidates receive their official results within three weeks of their exam date. This is a meaningful operational improvement.

Previously, score reporting timelines were less predictable, which created anxiety around registration decisions for subsequent parts and complicated planning for candidates managing work, travel, and study schedules simultaneously. The three-week window gives candidates a defined planning horizon: if you sit for Part 2 in early April, you will know your result in time to register for Part 3 without a lengthy gap in momentum.

Planning Around the April 2026 Change: If you are in the middle of your CIA journey now, build your multi-part schedule to account for the three-week result window after April 2026. Registering for a subsequent part before you have confirmed a pass on the prior one is a risk - both financially and logistically, given per-part registration fees of approximately $215 for IIA members and $340 for non-members.

Candidates should also note that the three-year program completion window - from acceptance into the CIA program to passing all three parts and fulfilling experience requirements - does not pause while results are pending. Every week matters when that clock is running.

Domain Weights and Their Impact on Your Score

The IIA publishes content weights for each domain within each part. While the IIA periodically updates exact percentages, understanding the relative emphasis of each domain directly informs where a score can be won or lost.

Part 1 Domains - Essentials of Internal Auditing

Part 1 has four domains tested across 125 questions. Each domain contributes to your scaled score differently based on its weight.

  • Internal Audit Fundamentals: Covers the purpose of internal auditing, the role of the IIA's Global Internal Audit Standards, and the relationship between internal audit and organizational stakeholders.
  • Ethics and Professionalism: Addresses the IIA Code of Ethics, independence, objectivity, and due professional care - areas frequently tested with scenario-based questions.
  • Governance, Risk Management, and Control: Tests understanding of the three lines model, risk appetite, control frameworks, and the auditor's role in governance.
  • Fraud Risks: A standalone domain introduced in the 2025 syllabus. Covers fraud indicators, the auditor's responsibility in fraud detection versus investigation, and fraud risk assessment within the audit process.

Part 2 Domains - Practice of Internal Auditing

Part 2 tests operational execution of the audit lifecycle across four domains and 100 questions.

  • Managing the Internal Audit Function: Strategic positioning of internal audit, CAE responsibilities, quality assurance, and improvement programs.
  • Planning the Internal Audit Engagement: Risk-based engagement planning, audit universe, resource allocation, and engagement objectives.
  • Performing the Internal Audit Engagement: Evidence gathering, sampling, analytical procedures, documentation, and working papers.
  • Communicating Internal Audit Results and Monitoring Progress: Report structure, observation attributes, management responses, and follow-up procedures.

Part 3 Domains - Business Knowledge for Internal Auditing

Part 3 spans business acumen, information security, and technology across 100 questions. The 2025 syllabus significantly expanded the technology and security emphasis.

  • Business Acumen: Organizational strategy, financial statement analysis, managerial accounting, and business process understanding.
  • Information Security: Security frameworks, access controls, threat and vulnerability management, data privacy - now tested with greater depth following the 2025 update. See our CIA Domain 10: Information Security Study Guide 2026 for a complete breakdown of what this domain demands.
  • Information Technology: IT governance, general IT controls, application controls, emerging technologies, and IT audit approaches.

From a scoring perspective, neglecting a heavily weighted domain is the fastest path to falling below 600. Candidates who over-invest in domains they find interesting while under-studying domains they find abstract - a common pattern with Information Security in Part 3 - frequently fall just short of the passing threshold. Use CIA practice tests that mirror the actual domain distribution to identify where your scaled score is most at risk.

How Results Are Reported at the Test Center

At the conclusion of your exam, the Pearson VUE testing interface provides a preliminary pass/fail result on screen. This immediate feedback is unofficial - it does not include your numeric scaled score and is not the score report used for IIA records. Candidates should not make program decisions (such as waiving a part) based solely on the screen result until the official report is available.

The official score report, delivered within three weeks effective April 2026, includes your numeric scaled score for the part attempted, a pass or fail designation, and - in the event of a failure - a performance feedback profile organized by domain. This domain-level feedback is valuable: it identifies which content areas contributed most to a below-600 result and should directly guide your retake preparation strategy.

If you fail a part, the IIA permits retakes after a 90-day waiting period, and you may attempt each part up to four times within a 12-month period. The three-year program clock continues to run during this time, so failed attempts are not neutral events - they consume both time and money, reinforcing why score-aware, domain-specific preparation matters before sitting.

Score Impact of the 2025 Syllabus Changes

The May 2025 launch of the updated CIA exam syllabus - aligned with the new Global Internal Audit Standards - introduced structural changes that directly affect how scores are distributed across domains. Two changes are especially significant for candidates preparing in 2025 and 2026.

First, Fraud Risks became a distinct Part 1 domain. Previously, fraud content was embedded within other Part 1 topics. By elevating it to its own domain, the IIA signals that fraud risk awareness is no longer a secondary skill - it is a core competency tested as its own discrete content area. Candidates who prepared under an older study framework may have gaps here that create meaningful score risk in Part 1.

Second, the expanded emphasis on information security and technology in Part 3 means that Domain 10 (Information Security) and Domain 11 (Information Technology) now represent a larger portion of Part 3's question pool than in prior syllabi. Candidates with limited IT backgrounds should treat these domains as high-priority preparation targets, not elective reading. Our CIA Domain 10: Information Security Study Guide 2026 provides the domain-specific depth that surface-level review cannot replace.

Syllabus Alignment Check: Ensure every study resource you use - textbooks, question banks, flashcard sets - explicitly states alignment with the 2025 CIA syllabus and the Global Internal Audit Standards effective May 2025. Pre-2025 materials may omit Fraud Risks as a standalone domain and underrepresent the current technology content weight.

Structuring Your Prep Around the Scoring Model

Given what the 250-750 scale and 600 threshold actually measure, effective preparation focuses on diagnostic self-assessment and domain coverage balance rather than volume of questions alone. A structured approach might look like this for Part 1:

Weeks 1-2

Internal Audit Fundamentals + Ethics and Professionalism

  • Read the Global Internal Audit Standards (2025 version) with annotation
  • Complete 30-40 diagnostic practice questions per domain on the CIA practice test platform
  • Record weak sub-topics for review in Week 4
Weeks 3-4

Governance, Risk Management, and Control + Fraud Risks

  • Study three lines model, risk frameworks (COSO, ISO 31000), and control design concepts
  • Deep-dive Fraud Risks as a standalone domain - fraud indicators, auditor responsibilities, fraud risk assessment steps
  • Revisit weak sub-topics flagged from Weeks 1-2
Weeks 5-6

Full Part 1 Integration + Simulated Exam

  • Complete a timed 125-question simulated Part 1 exam
  • Analyze domain-level performance gaps using feedback
  • Targeted review of any domain scoring below equivalent of 600 threshold in practice

The same diagnostic-first, domain-weighted approach applies to Parts 2 and 3. For Part 3, allocate proportionally more study time to Information Security and Information Technology given the 2025 syllabus's increased weighting. Candidates entering Part 3 from non-technology backgrounds should begin those domains first rather than last. Use practice tests organized by CIA domain to track where your simulated performance falls relative to the 600 standard throughout your prep cycle.

Frequently Asked Questions

Is a scaled score of 600 the same as getting 60% of questions correct?

No. The 600 is a scaled score on a 250-750 scale, not a raw percentage. Your number of correct answers is converted through a statistical equating process that accounts for the difficulty of your specific exam form. The raw number of correct answers needed to achieve a 600 scaled score varies by administration.

Do all three CIA parts use the same passing score?

Yes. Each part - Part 1 (125 questions), Part 2 (100 questions), and Part 3 (100 questions) - requires a minimum scaled score of 600 on the 250-750 scale. Parts are scored independently; there is no averaging across parts.

When will I receive my official CIA exam score after April 2026?

Effective April 2026, the IIA will deliver official score results within three weeks of your exam date. At the Pearson VUE test center, you will see a preliminary pass/fail result on screen immediately after completing the exam, but this is not the official score report.

How does the 2025 syllabus change affect Part 1 scoring?

The 2025 syllabus elevated Fraud Risks to a standalone Part 1 domain, meaning it now carries its own distinct weight in the Part 1 question pool. Candidates who prepared using pre-2025 materials that treated fraud as embedded content within other domains may have a coverage gap that affects their Part 1 scaled score.

If I fail one CIA part, does it affect my score on other parts I have already passed?

No. Scores on passed parts remain valid within your three-year program window. A failure on one part only affects that specific part's standing. You must retake and pass the failed part within the three-year program completion deadline, with a 90-day waiting period before retaking and a limit of four attempts per part per 12-month period.

Continue reading:

Ready to pass your CIA exam?

Put this into practice with free CIA questions across every exam domain.