Standards, Governance, and Risk/Control Frameworks (10-20%)
(P) = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in these topic areas.
(A) = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.
- Role of a comprehensive set of auditing/evaluation standards (A)
- Application of appropriate standards in all assignments (P)
- Role and impact of other auditing standards (standards of public accounting bodies, quality assurance bodies, etc.) and their relationship with the above standards (A)
- Governance in the public sector (e.g., audit committee, code of conduct, open government, public scrutiny, equity, accountability) (P).
- Role of audit within the governance structure (P)
- Role of frameworks (A)
- Elements of a risk/control framework (P)
- Application of frameworks (P)
Certified Government Auditing Professional® (CGAP®) Exam Syllabus — Domain IIGovernment Auditing Practice (35-45%)
A. Management of the Audit Function
- Need for a formal document of purpose, authority, and responsibility (P)
- Policies and procedures (A)
- Quality assurance (A).
- Planning (A).
- Staffing (A).
- Marketing the audit function (A).
- Mission/role/outcome of audit function within government (A)
- Audits of compliance (P)
- Audits of performance/value-for-money/operations (e.g., economy, efficiency, effectiveness) (P).
- Audits of financial statements (A).
- Audits of financial systems (P).
- Audits of information and related technology (P).
- Consulting/assistance services (e.g., non-audit advisory services) (A).
- Integrity services (e.g., Fraud, Waste, and Abuse) (P)
- Management of individual projects (P).
- Planning (The role of laws, regulations, rules, and ordinances in your planning process should be considered in the planning process) (P).
- Risk and control assessment practices (P).
- Performing the engagement (P).
- Communicating results (P).
- Monitoring results (follow-up) (P)
Certified Government Auditing Professional® (CGAP®) Exam Syllabus — Domain IIIGovernment Auditing Skills and Techniques (20-25%)
A. Management Concepts and Techniques (A)
B. Performance Measurement (P)
C. Program Evaluation (A)
D. Quantitative Methods (e.g., statistical methods and analytical review) (P)
E. Qualitative Methods (e.g., questionnaires, interviews, and flow charts) (P)
F. Methods for the Identification and Investigation of Integrity Violations (P)
G. Research/Data Collection Techniques (P)
H. Analytical Skills (e.g., distinguish between significant and insignificant information) (P)
Certified Government Auditing Professional® (CGAP®) Exam Syllabus — Domain IVGovernment Auditing Environment (20-25%)
A. Performance Management (P)
B. Financial Management
- Unique requirements in accounting for and reporting on government financial operations (P).
- Principles of taxation and revenue generation (P).
- Unique aspects of governmental budgeting (e.g., encumbrances, earmarking) (P).
- Government accounting (e.g., fund accounting, resource accounting) (P).
- Legal restrictions on sources and uses of funds (e.g., voted funds, conditional grants, revenues) (A).
- Investment restrictions for public funds (A).
- Activity-based costing/cost-allocation (A)
- Direct delivery by government employees (P)
- Grants (P).
- Contracts (P).
- Joint Ventures/ Partnerships/ Authorities/ Special Operating Agencies/ Quasi-governmental (A).
- Privatization (A)
- Due process rights of clients/citizens (P).
- Confidentiality/privacy/rights of clients/citizens (P).
- Issues arising from the methods of funding/delivering services (condition that client receiving service may not be party paying for the services; ability-to-pay principle; user pay; eligibility requirements; limitations on services available; entitlements; etc.) (A).
- Reality of conflicting missions (e.g., satisfy both developers and environmentalists, keep families together and kids safe) (A).
- Issues associated with at-risk populations (e.g., multiple, interacting causes and conditions; difficulty of measuring prevention) (A)
F. Unique Purchasing and Procurement Requirements (P)
Certified Government Auditing Professional® (CGAP®) Exam Preparation ResourcesThe CGAP exam is a self-study exam and does not require a prescribed curriculum. Candidates may choose their own method of preparing for the exam.
CGAP Study GuideThe IIA publishes a CGAP study guide to assist candidates in preparing for the exam. It is available for order through The IIA Research Foundation Bookstore. The guide provides a general overview of the topics that will be covered in the exam. However, it is critical that candidates perform additional study in areas where their experience or background dictates the need for review. We also recommend that candidates supplement their studying by reviewing the IFAC's International Standards on Auditing and the International Organization of Supreme Audit Institutions (INTOSAI) Code of Ethics and Auditing Standards. Candidates taking the US version of the CGAP exam should also study the U.S. Generally Accepted Government Auditing Standards (GAGAS/Yellow Book) in preparation for the exam.
Other CGAP Study MaterialsThe Bookstore offers the following books on government auditing. While these books are not written as CGAP study guides, they may assist candidates in preparing for the exam.
- Auditor Roles in Government Performance Measurement: A Guide to Exemplary Practices at the Local, State, and Provincial Levels by Paul D. Epstein, Stuart Griefel, and Stephen L. Morgan
- Performance Auditing: A Measurement Approach by Ronell B. Raaum and Stephen L. Morgan.
Certified Government Auditing Professional® (CGAP®) Sample Exam QuestionsSample CGAP Exam Questions
The IIA provides a limited number of sample CGAP exam questions (with answers) to give candidates an understanding of the types of questions that typically appear on the CGAP exam.
- In a financial statement audit, Government Auditing Standards (Yellow Book) require that the scope of the review of compliance and internal control over financial reporting be specifically communicated to all of the following except the:
B. Audit committee.
C. Requestor of audit services.
D. Funding agency.
A. Incorrect. Specific communication with the audit client is one of the required communications.
B. Incorrect. Specific communication with the audit committee is one of the required communications.
C. Incorrect. Specific communication with the individuals contracting for or requesting the audit services is one of the required communications.
D. Correct. Specific communication with the funding agency is not a Government Auditing Standards requirement.
- It is important that an internal audit department's statement of purpose, authority, and responsibility detail:
B. The organizational status of the internal audit function.
C. Whether the agency head will present audit findings to the oversight committee.
D. Under what circumstances the internal audit director may have confidential access to the oversight committee.
A. Incorrect. Proper planning and coordination between internal and external auditors should provide efficient audit coverage of the entity, but this can change from year to year and is not addressed in a more nearly permanent document such as a charter.
B. Correct. Independence is a key aspect of the internal audit charter.
C. Incorrect. The director of internal audit should share audit results directly with the audit committee.
D. Incorrect. The internal audit director's access to the audit committee should not be restricted.
- An internal auditor plans an audit of a city's highway maintenance. The audit objective is to determine if fixed assets employed are properly reflected in the accounting records. Which of the following approaches is most effective?
B. Scanning the asset subsidiary ledger for credit entries.
C. Selecting items from the asset subsidiary ledger and recalculating depreciation.
D. Examining documentation concerning the cost of fixed assets used in the road maintenance process.
A. Correct. This objective is likely to be effective because it requires sampling from the population of existing assets and tracing to the accounting records.
B. Incorrect. The issue is completeness of financial records (that is, whether existing assets are recorded in the accounting records). The write-down or removal of recorded assets is not relevant.
C. Incorrect. The issue is completeness, not valuation, so this approach would not be relevant.
D. Incorrect. The issue is not valuation, but rather the appropriate inclusion of assets in the records.
- Which of the following analysis techniques would be most useful to determine if the time to process disability claims has increased?
B. Aging schedule.
D. Pareto analysis.
A. Correct. A run chart displays changes in a particular event over a given period of time.
B. Incorrect. An aging schedule is used to show the distribution of time to complete a given task (for example, collection of receivables) relative to a desired time period. It would not be most useful in determining whether a change has occurred.
C. Incorrect. A histogram is used to show the frequency distribution around an average. This would not particularly determine whether a change has occurred.
D. Incorrect. Pareto analysis involves the ranking of data to focus on the few things (or people) that make the biggest impact on a situation. It cannot be applied to display changes of a particular event over time.
- An internal control that may be useful in the detection of integrity violations is:
B. Periodic surprise cash counts.
C. Regularly scheduled site visits.
D. Properly designed forms.
A. Incorrect. Segregation of incompatible duties is a deterrent to wrongdoing, not a detective control.
B. Correct. Periodic surprise cash counts can act as a deterrent and can actually detect integrity violations.
C. Incorrect. Regularly scheduled site visits will not necessarily detect problems because the individual who is perpetrating a fraud can prepare for the visit.
D. Incorrect. Properly designed forms can act as a deterrent, but they do not constitute a detective control.
- Which contract type should be used for acquiring a commodity?
A. Correct. Firm-fixed-price contracts are suitable for acquiring commercial items.
B. Incorrect. Cost-sharing is a cost-reimbursable contract, which is prohibited for acquiring commercial items.
C. Incorrect. Cost-plus-incentive-fee is a cost-reimbursable contract, which is prohibited for acquiring commercial items.
D. Incorrect. Cost-plus-award-fee is a cost-reimbursable contract, which is prohibited for acquiring commercial items.