Integrated Audit & Assurance Professional (IAAP™)

The IAAP is for all functions in an organization asked to assess the operations under their control or those of others. Learn how to give confidence that key risks in your assessment area have been properly addressed.

The IAAP demonstrates that you can perform assessments and provide assurance to your stakeholders that objectives in the area you're reviewing can be achieved. All Protectors should be able to give confidence that key risks have been properly addressed, and the IAAP teaches you how to do this.

This certification is your current focus. If you want to change your focus, remove your focus from this certification and pick another one to focus on.

Integrated Audit & Assurance Professional (IAAP™) Certification is your current focus. Go to your program dashboard for more information on resources and examination.

The IAAP demonstrates that you can perform assessments and provide assurance to your stakeholders that objectives in the area you're reviewing can be achieved. All Protectors should be able to give confidence that key risks have been properly addressed, and the IAAP teaches you how to do this.

Show me alternatives

Become a versatile professional who integrates governance, strategy, performance, risk, compliance, ethics, security, privacy, and audit to achieve Principled Performance. The GRC Professional (GRCP) certification demonstrates that you have the understanding and skills to apply GRC in your organization.

Show me alternatives

Assurance is for all Professionals

Audit & Assurance skills are useful for every professional working in governance, risk, compliance, security, continuity, and of course audit.

Get certified to prove your knowledge.

What is the IAAP?

The Integrated Audit & Assurance Professional (IAAP) certification validates that you can perform assessments and give assurance.

IAAP Candidate Handbook

The Integrated Audit and Assurance Candidate Handbook is your definitive resource for all things IAAP certification. This Handbook provides comprehensive insights into certification eligibility, exam details, and the certification renewal process. It also features a valuable set of sample questions to enhance your preparation for the IAAP exam. Whether you're a prospective candidate or currently pursuing IAAP certification, this Handbook is your roadmap to success for the IAAP Certification.

It ensures that you know the different steps and have the different skills needed to give confidence that risks that might block an organization from achieving its objectives have been properly addressed.

Integrated audit & assurance is a structured approach using empowered actors to give confidence to your stakeholders that the key risks across the organization have been appropriately addressed.

The IAAP certification is different from others because it doesn't focus on a specific role like "internal audit," or “external audit,” or "quality assurance." Instead, it integrates all these perspectives and provides a unified perspective of audit and assurance.

Integrated assurance ties together functional areas across an organization with the responsibility, reporting lines, and power to provide assurance over risk areas.

What does the IAAP Cover?

The IAAP is based on the essential body of knowledge used daily by GRC Professionals who provide assurance.

It covers:

  • Who can perform Integrated Audit & Assurance and how it gives confidence to stakeholders.
  • How to perform Audit & Assurance assessments.
  • Audit & Assurance tools and techniques
  • Planning and Coordinating Integrated Audit & Assurance
  • Designing optimal Integrated Audit & Assurance


Is IAAP right for me?

IAAP is perfect for anyone who works in risk management, compliance, information security, ethics, internal control, quality control, security, continuity, audit, assurance, or IT.

IAAP helps you to assess your own operations, or those of others you need to have confidence over.

Our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds. We do not require specific experience or educational degrees to apply.

Here are some of the functions that may need to provide assurance in an organization and that can benefit from the IAAP:

  • Information Security
  • Internal Control
  • Risk Management
  • Internal Audit
  • Ethics
  • Compliance
  • Data Protection
  • Financial Controllers
  • Quality Control
  • External Audit
  • Board of Directors, Management, or Heads of functions.

Join Professionals from Around the World

  • As a Senior Auditor, the IAAP certification was a game-changer for me. The integrated approach to audit and assurance gave me the edge in risk management. Essential for professionals seeking to innovate in audit.
    John C. (United States)
  • Achieving the IAAP certification elevated my strategic thinking in auditing. It's a comprehensive dive into integrated audit practices, which drastically improved my effectiveness in helping my organization.
    Sarah L. (Singapore)
  • The IAAP certification gave me a profound understanding of integrated audit and assurance. It's a transformative credential that sharpened my skills and broadened my perspective in handling complex audit scenarios.
    Alex R. (Canada)

When should I get IAAP?

IAAP is a versatile certification aimed to serve versatile needs for professionals in all stages of their careers. Professionals can use the IAAP in several scenarios:

  • Starter. Knowing how to verify that your own work is of excellent quality will help you be ahead of your peers. When you understand the big picture of how to help your function to best achieve its objectives, then you can truly add value. The IAAP gives you the tools and techniques to make sure that your own work helps propel your department and you, to new heights.
  • Enhancer. Some professionals use the IAAP to enhance an existing certification in risk, compliance, security, or audit. The IAAP gives you the knowledge of how to verify operations. Whenever you need to deeply assess work, the IAAP can help you. For example:
    • A compliance specialist may need to make sure that other functions follow rules, regulations and policies.
    • A risk management professional may need to understand whether the risks in other functions are managed.
    • An information security officer may need to assess against established information security standards.
  • Capstone. When you get to a level in your career where you're managing others, or managing multiple operations, then you need to know that those operations are working as intended. When you act as a Protector, you will need to give confidence to your stakeholders that risks to the achievement of objectives have been properly addressed.

IAAP is for new and experienced professionals

How do I get the IAAP Certification?

All of our certifications use a similar streamlined process. We pride ourselves on simplicity and accessibility. All of our exams are online and available at any time. No need to schedule! We include everything you need as part of your All Access Pass. To be clear, everything is included for no additional fees.

  1. 1. Get All Access Pass

    Our All Access Pass provides everything you need to prepare for the IAAP and all of our other certification exams. One fee for education, preparation, certification, and maintenance.

    Everything is included for no additional fees.

  2. 2. Prepare for IAAP

    Study the essential body of knowledge, follow the on-demand video courses or attend a live online course.

    Our self-study programs are delivered in English.

    Essential body of knowledge and self-study are included for no additional fees.

  3. 3. Apply for IAAP

    Our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds.

    We do not require specific experience or educational degrees to apply.

    Just complete a simple form at the beginning of the exam to update your information and agree to the code of conduct.

    Application is included for no additional fees.

  4. 4. Earn the IAAP (Pass!)

    Access the online exam anywhere and anytime.

    The exam is limited to two hours (120 minutes) to answer 100 questions. Correctly answer 70 questions to pass. Exams are "open book," which means that you may use Google and other resources while taking an exam.

    You can retake an exam up to six times per year to pass it.

    All retakes are included for no additional fees.

  5. 5. Maintain the IAAP

    Participate in the streamlined Unified Certification Maintenance program to maintain your certification. All continuing education is automatically tracked and administered under this unified program. Whenever you watch a video or attend an event on our website, it is automatically tracked and counted toward your certifications as appropriate.

    DOUBLE CREDIT! One CPE credit may track to multiple certifications. For example, a course on “Risk Assessments” counts toward all certifications that use Risk Assessment skills.

    All maintenance and CPEs are included for no additional fees.

  6. 6. BONUS! Add More Certifications

    Apply to gain additional certifications. We add new certifications regularly.

    All certifications are included for no additional fees.

FAQ about Preparing for IAAP

How long does it take to prepare for IAAP?

Preparation time varies based on your experience. People who pass the exam report anywhere from 2 hours to 40 hours of preparation before the exam.

This wide range is explained by the differences in background. If you are more experienced in internal audit, external audit, risk management or compliance, then less time may be required to prepare vs. someone who is new to audit & assurance.

What is the best way to prepare for IAAP?

To study for the IAAP, we recommend that you:

  • Carefully study the IAAP body of knowledge
  • Attend online self-study IAAP course
  • (optionally) Attend an online LIVE! course
  • Practice exam questions
How do I get IAAP Training?

We offer IAAP via self-study or by attending a live online course.

What does it cost to get IAAP training?

All of our self-study preparation courses are included for no additional fees. This means that IAAP is part of your All Access Pass.

Our global training partners charge separate fees for in-person experiences delivered in the localized language. These experiences also provide additional context and examples so that you understand how to implement solutions.

FAQ about the IAAP Exam

How do I schedule the IAAP Exam?

All of our exams are online and available at any time. No need to schedule!

How do I apply for the IAAP exam?

Applying for IAAP is simple! If you are already an OCEG member, we have most of the information necessary. Just complete a simple form at the beginning of the exam to update your information and agree to the code of conduct.

As a reminder, our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds. We do not require specific experience or educational degrees to apply.

How difficult is the IAAP Exam?

Most people who pass the exam report that they carefully studied the IAAP body of knowledge and completed the IAAP course.

Those who fail tend to pass on a subsequent attempt if they study and complete the IAAP course or attend a training course.

In other words ... STUDY and WATCH the videos or attend a class if you want to pass the exam.

What is on the IAAP Exam?

The IAAP certification exam assesses your knowledge and ability to apply audit & assurance principles. The exam content is weighted as follows:

Introduction to Integrated Audit & Assurance

Weighting: minimum 10%, maximum 15%

  • Define integrated audit & assurance
  • Understand the objectives of integrated audit & assurance
  • Understand key concepts associated with The Lines of Accountability Model™
  • Be able to use the principles for effective assurance

Performing Audit & Assurance Assessments

Weighting: minimum 25%, maximum 30%

  • Understand audit & assurance assessments
  • Define assessment parameters
  • Define assessment procedures and evidence
  • Know the standards used in assurance
  • Plan assessments
  • Perform assessments
  • Write assessment reports
  • Confirm observations
  • Define action plans
  • Communicate results
  • Monitor implementation status and changes in risks
  • Supervise assessments

Audit & Assurance Tools and Techniques

Weighting: minimum 30%, maximum 35%

  • Understand internal control
  • Test control design
  • Know how to use interview techniques
  • Understand statistical sampling and techniques
  • Know key techniques in data analysis
  • Understand the qualities of information and evidence
  • Evaluate on risk-based criteria
  • Evaluate the management of risks
  • Know risk identification techniques
  • Perform root cause analysis
  • Evaluate fraud risk
  • Evaluate maturity levels
  • Understand and perform control self-assessments

Planning and Coordinating Integrated Audit & Assurance

Weighting: minimum 15%, maximum 20%

  • Understand reliance and coordination with assurance providers
  • Map assurance activities

Designing Optimal Integrated Audit & Assurance

Weighting: minimum 15%, maximum 20%

  • Establish organizational independence and reporting structures
  • Establish an assurance charter
  • Establish appropriate reporting
  • Managing an assurance function
  • Promote principled conduct
How was the IAAP Exam developed?

Topics and questions were determined by conducting an extensive job analysis. Participants in the job analysis were asked to analyze skills and determine their significance to a GRC professional, executive, or auditor. The job analysis and other research yielded a blueprint that serves as a competency model for the IAAP.

We update the IAAP periodically to reflect important and relevant changes in GRC disciplines and practices.

How many questions are on the IAAP Exam?

There are 100 scored questions and up to 15 unscored questions on the exam. We calculate your final score on the 100 scored questions. Scored questions have gone through a rigorous validation process.

The unscored questions are used to introduce and validate new questions without affecting your score. However, the unscored items are not labeled – so make sure you answer each question as if it counts!

All questions are multiple choice.

How do I pass the IAAP Exam?

You have 2 hours to complete the exam. You must correctly answer 70 of the 100 scored items.

Is the IAAP Exam "open book" like the real world?

Yes! The IAAP Exam is open-book, which means that you may use Google and other resources while taking the exam.

We believe that the exam process should reflect modern reality and user experiences. In your job, you use Google and online resources daily. You should be able to use these resources when you learn and when you take the exam.

However, don't be fooled! The exam is challenging even with the help of these resources.

When do I find out if I passed the IAAP?

You get your result immediately after taking the exam. If you pass, your certificate is immediately available for sharing and printing.

What happens if I fail the IAAP and how many times can I take the exam?

You may retake the exam up to six (6) times per year. Almost everyone is able to accomplish this goal. We believe that certification should be part of the learning process and help reinforce understanding and not just be a point-in-time proof of memorized knowledge.

Consider being fully prepared each time that you attempt the exam. Our database of questions is extensive, so it is unlikely that you will see the same questions each time that you attempt the exam.

FAQ about Maintaining IAAP

How long is my certificate valid?
  1. When a certificate is awarded, it is awarded for a full year starting on the day you passed the exam.
  2. Your first full year has no CPE requirement (because you spent at least 8 hours preparing for and taking the exam).
  3. Starting your second year, you must earn at least eight (8) credits of continuing education related to the certification topic annually.
  4. When a certificate renews, it renews for a full year. Automatic renewal on the day of certificate expiration happens if both of these conditions are true: a) Member has an active AAP and b) CPE requirement has been met (if applicable).
  5. If the expiration date passes and you do not meet both conditions, you have a grace period of 90 days to fulfil the requirements (renewing your AAP and/or getting enough credits). After the grace period is over, your certification gets deleted from our records, and certificates are no longer available for display.
Do I need to recertify every year?

NO! You only need to pass the exam once every five (5) years. We use continuing education requirements to ensure that you stay current with new developments.

How do I maintain the IAAP?

Maintaining ALL of your certifications is simple and straightforward. We use a Unified Certification Maintenance program on our website. Whenever you watch a video or attend an event on our website, it is automatically tracked and counted toward your certification.

You can see all of your current CPE credits on your Certification Dashboard and CPE Transcript.

The unified program allows you to track one CPE credit to multiple certifications. So, for example, a course on “Risk Assessments” would count toward not only THIS certification but also ALL other certifications that rely on Risk Assessment skills.

How do I submit CPEs for the IAAP?

You don’t have to!

All continuing education for OCEG certifications is automatically tracked and administered under a unified program on our website.

Whenever you watch a video or attend an event, such as a webinar on our website, it is automatically tracked and counted toward your IAAP (or other OCEG certifications as appropriate).

You may also manually submit CPEs from other pre-approved continuing education experiences.

You can check your CPE progress at any time on your CPE Dashboard.

Do I get "double credit" for CPEs?

Yes! Many of our continuing education experiences count toward multiple OCEG certifications. The unified program also allows you to track one CPE credit to multiple certifications. This means that a single webinar or course can count toward one or more of your certifications.

One experience. Multiple credits.

So, for example, a course on “Risk Assessments” would count toward not only IAAP but also several other certifications that rely on Risk Assessment skills.