CPA AUD — U.S. - Auditing and Attestation Exam Blueprint
Practical readiness checklist for AICPA CPA AUD auditing, attestation, reporting, evidence, controls, ethics, and review topics.
How to Use This CPA AUD Exam Blueprint
This independent Exam Blueprint is for candidates preparing for the AICPA U.S. CPA AUD - Auditing and Attestation exam, exam code CPA AUD. Use it as a practical study map: not as a replacement for the official AICPA materials, and not as a promise about exact exam weighting.
Work through the checklist in three passes:
- Coverage pass: Mark every topic as green, yellow, or red.
- Application pass: Practice scenario questions where you must choose the correct audit response, report, procedure, or professional judgment.
- Final-review pass: Focus on weak distinctions: audit vs review vs compilation, tests of controls vs substantive procedures, report modifications, independence, sampling, subsequent events, and evidence quality.
Readiness means you can do more than define terms. For CPA AUD, you should be able to read a short fact pattern and decide what a CPA should do next, what evidence is persuasive, what report language is appropriate, and what professional standard or responsibility is being tested.
Topic-Area Readiness Table
| Readiness area | What to review | You are ready when you can… | Common weak spot |
|---|---|---|---|
| Ethics, independence, and professional responsibilities | Independence rules, integrity, objectivity, due care, confidentiality, professional skepticism, engagement quality | Identify threats to independence, distinguish permitted from prohibited services, and apply professional skepticism in ambiguous situations | Memorizing definitions without applying them to client relationships, fees, family interests, bookkeeping, or management responsibilities |
| General audit principles | Purpose of an audit, reasonable assurance, management responsibilities, auditor responsibilities, inherent limitations | Explain what an audit does and does not provide; separate management’s role from the auditor’s role | Treating the auditor as responsible for preparing the financial statements |
| Engagement acceptance and continuance | Client acceptance, predecessor auditor communications, engagement letters, management integrity, competence, scope limitations | Decide whether to accept, continue, modify, or withdraw from an engagement based on risk facts | Forgetting required communications before accepting a new audit engagement |
| Planning and risk assessment | Audit strategy, audit plan, understanding the entity, business risks, materiality, analytical procedures, fraud risk | Link identified risks to audit responses and documentation | Treating planning as administrative instead of risk-driven |
| Internal control | Control environment, control activities, risk assessment, information systems, monitoring, control deficiencies, significant deficiencies, material weaknesses | Identify control design problems, decide whether controls are implemented, and choose tests of controls | Confusing design effectiveness with operating effectiveness |
| IT and automated environments | General IT controls, application controls, access controls, change management, automated reports, audit data | Recognize when IT control issues affect substantive testing and reliance on system-generated information | Assuming automated evidence is reliable without testing access, change, or report completeness |
| Audit evidence and procedures | Inspection, observation, inquiry, confirmation, recalculation, reperformance, analytical procedures, external evidence | Choose the best procedure for an assertion and judge evidence reliability | Overvaluing inquiry alone |
| Assertions | Existence, completeness, rights and obligations, accuracy, valuation, cutoff, classification, presentation and disclosure | Match assertions to account balances, transaction classes, and disclosures | Mixing up existence and completeness tests |
| Substantive testing | Tests of details, substantive analytical procedures, account-specific audit programs | Select procedures for cash, receivables, inventory, investments, debt, revenue, expenses, estimates, and disclosures | Picking a generic procedure without considering the assertion |
| Fraud and noncompliance | Fraud risk factors, management override, revenue recognition risk, illegal acts, communication responsibilities | Identify fraud indicators and select appropriate responses | Assuming all fraud risks require the same procedure |
| Sampling and testing logic | Sampling risk, nonsampling risk, tolerable misstatement, expected misstatement, deviation rate, attribute vs variables sampling | Interpret sample results and understand how sample size changes with risk and tolerable error | Memorizing terms without knowing direction of effect |
| Audit documentation | Working papers, audit trail, signoffs, review notes, retention concepts, subsequent changes | Identify what must be documented and why | Thinking undocumented work is equivalent to completed work |
| Using the work of others | Internal auditors, specialists, component auditors, service organizations | Decide when and how the auditor may use another party’s work | Forgetting to evaluate competence, objectivity, and scope |
| Service organizations and SOC reports | User entity controls, complementary user entity controls, service auditor reports, type distinctions conceptually | Determine whether a report supports control reliance or only describes controls | Ignoring complementary user entity controls |
| Accounting estimates and fair value | Management assumptions, bias, reasonableness, subsequent events, specialist input | Test assumptions, data, and methods used in estimates | Accepting management’s estimate without testing key assumptions |
| Related parties | Identification, business purpose, authorization, disclosure, unusual transactions | Recognize related-party risk and choose responsive procedures | Treating related-party transactions as routine |
| Subsequent events and subsequently discovered facts | Events after period end, dual dating, report date, reissuance, revision, disclosure | Decide the auditor’s responsibility based on timing and discovery | Confusing subsequent events with subsequently discovered facts |
| Going concern | Conditions and events, management plans, disclosure, reporting implications | Evaluate substantial doubt indicators and related report effects | Assuming going concern always causes a modified opinion |
| Forming an audit opinion | Sufficient appropriate evidence, uncorrected misstatements, financial statement presentation, disclosure adequacy | Decide whether the evidence supports an unmodified or modified opinion | Jumping to report wording before deciding the audit conclusion |
| Audit reporting | Unmodified opinions, qualified opinions, adverse opinions, disclaimers, emphasis-of-matter, other-matter, basis paragraphs | Identify the correct report effect for scope limitations, GAAP departures, and uncertainty disclosures | Confusing qualified opinion with disclaimer or adverse opinion |
| Integrated and issuer-related reporting concepts | Internal control over financial reporting, control deficiencies, report relationships, public-company-style audit concepts | Recognize how internal control findings affect reporting | Treating all control deficiencies as material weaknesses |
| Attestation engagements | Examinations, reviews, agreed-upon procedures, subject matter, criteria, assertion-based vs direct engagements | Choose the correct engagement type and report level based on requested assurance | Mixing attestation review with SSARS review |
| SSARS engagements | Preparation, compilation, review of financial statements, independence implications, accountant’s report | Distinguish no assurance, limited assurance, and procedures performed | Assuming compilation provides assurance |
| Governmental, compliance, and specialized engagements | Compliance audits, governmental auditing concepts, special purpose frameworks, regulatory reporting | Recognize when additional reporting or compliance responsibilities may apply | Applying ordinary audit report logic without considering the engagement context |
| Communication with governance and management | Required communications, control deficiencies, corrected and uncorrected misstatements, fraud, illegal acts, disagreements | Decide who must be told, when, and in what form | Communicating everything only to management |
| Professional judgment under uncertainty | Skepticism, contradictory evidence, bias indicators, escalation, documentation | Choose defensible next steps when facts are incomplete | Selecting the fastest answer instead of the best-supported answer |
Core CPA AUD Skills: Can You Do This?
Use this as a self-test. If you cannot confidently check an item, add it to your final-review list.
Audit Purpose, Responsibilities, and Professional Conduct
- Explain the difference between reasonable assurance and absolute assurance.
- Identify management’s responsibility for the financial statements, internal control, estimates, and disclosures.
- Identify the auditor’s responsibility for obtaining sufficient appropriate evidence.
- Apply professional skepticism when evidence conflicts with management explanations.
- Distinguish independence in fact from independence in appearance.
- Spot independence threats involving:
- Financial interests
- Family relationships
- Employment relationships
- Bookkeeping or management functions
- Contingent fees or fee dependence
- Loans or business relationships
- Identify when a CPA may need safeguards, withdrawal, refusal, or report modification.
- Distinguish confidentiality duties from required or permitted disclosures.
Engagement Acceptance and Planning
- Determine whether predecessor auditor communication is relevant before accepting a new audit.
- Identify what belongs in an engagement letter.
- Recognize red flags in client acceptance:
- Management integrity concerns
- Scope restrictions
- Unusual related-party transactions
- Weak accounting records
- Prior disputes with auditors
- High fraud risk
- Distinguish audit strategy from detailed audit plan.
- Determine when planning analytical procedures are useful.
- Use materiality and performance materiality conceptually to plan audit work.
- Adjust audit strategy when new risks are discovered.
Risk Assessment and Internal Control
- Identify inherent risk, control risk, and detection risk in a scenario.
- Link risk assessment to the nature, timing, and extent of audit procedures.
- Determine whether a control is designed effectively.
- Determine whether a control has been implemented.
- Determine whether operating effectiveness testing is needed.
- Distinguish:
- Walkthrough
- Inquiry
- Observation
- Inspection
- Reperformance
- Identify control deficiencies, significant deficiencies, and material weaknesses conceptually.
- Recognize segregation-of-duties problems.
- Identify risks from override of controls.
- Determine when the auditor cannot rely on controls and must increase substantive testing.
Audit Evidence and Assertions
- Match an assertion to the best procedure.
- Rank evidence reliability by source, form, and auditor involvement.
- Identify when inquiry alone is insufficient.
- Distinguish sufficiency from appropriateness.
- Choose procedures for common accounts:
| Account or area | Key assertions often tested | Example readiness task |
|---|---|---|
| Cash | Existence, rights, cutoff, presentation | Know when to use bank confirmations, bank reconciliations, cutoff testing, and review of restrictions |
| Accounts receivable | Existence, valuation, cutoff | Decide when positive confirmations, negative confirmations, alternative procedures, or allowance testing are appropriate |
| Inventory | Existence, completeness, valuation, rights | Know how observation, test counts, cutoff, pricing, and obsolescence procedures work |
| Revenue | Occurrence, cutoff, accuracy, classification | Trace from invoices to shipping documents and from shipping documents to invoices depending on assertion |
| Expenses | Completeness, cutoff, classification | Search for unrecorded liabilities and review subsequent disbursements |
| Investments | Existence, valuation, rights, disclosure | Consider confirmations, market pricing, fair value hierarchy concepts, and impairment indicators |
| Debt | Completeness, classification, disclosure | Review debt agreements, confirmations, board minutes, covenants, and current/noncurrent classification |
| Equity | Authorization, classification, disclosure | Review minutes, agreements, stock records, and equity transactions |
| Estimates | Valuation, disclosure | Test data, methods, assumptions, bias, and subsequent outcomes |
| Disclosures | Completeness, accuracy, presentation | Tie disclosures to audit evidence and applicable reporting framework requirements |
Sampling and Testing Logic
- Distinguish audit sampling from testing 100% of a population.
- Explain sampling risk versus nonsampling risk.
- Identify whether a scenario calls for attribute sampling or variables sampling.
- Understand these directional relationships:
| If this increases… | Sample size usually… | Why it matters |
|---|---|---|
| Desired confidence / lower acceptable risk | Increases | More evidence is needed |
| Expected deviation or misstatement | Increases | More exceptions are anticipated |
| Tolerable deviation or tolerable misstatement | Decreases | Less error is acceptable |
| Population size | May increase, often less dramatically | Depends on method and context |
| Reliance on controls | Increases tests of controls | Control reliance requires evidence of operating effectiveness |
- Interpret sample exceptions and decide whether additional work is needed.
- Avoid assuming a sample exception is automatically immaterial.
- Separate projection of misstatement from evaluation of qualitative factors.
Reporting and Opinion Decisions
- Decide whether a matter is a GAAP departure, scope limitation, uncertainty, emphasis matter, or other matter.
- Distinguish report effects:
| Scenario cue | Likely reporting analysis |
|---|---|
| Material GAAP departure, not pervasive | Qualified opinion may be appropriate |
| Material and pervasive GAAP departure | Adverse opinion may be appropriate |
| Material scope limitation, not pervasive | Qualified opinion may be appropriate |
| Material and pervasive scope limitation | Disclaimer may be appropriate |
| Properly disclosed uncertainty | May require emphasis, depending on facts |
| Going concern adequately disclosed | May affect emphasis/reporting but not automatically a modified opinion |
| Auditor lacks independence | Audit opinion cannot be expressed in the ordinary way |
| Financial statements omit substantially all disclosures | Consider whether the report must be modified or whether the engagement type is appropriate |
- Identify the purpose of a basis for opinion paragraph.
- Distinguish emphasis-of-matter from other-matter communication.
- Determine when comparative financial statements affect reporting.
- Recognize when prior-period information creates additional reporting considerations.
- Identify reporting effects of subsequently discovered facts.
Attestation, Review, Compilation, and Preparation
- Distinguish an audit from an attestation engagement.
- Distinguish an examination, review, and agreed-upon procedures engagement.
- Identify what makes criteria suitable.
- Determine whether the practitioner is reporting on subject matter or an assertion.
- Distinguish SSARS preparation, compilation, and review engagements.
- Match assurance level to engagement type:
| Engagement type | Assurance concept | Candidate readiness check |
|---|---|---|
| Audit | Reasonable assurance | Can you identify audit evidence, assertions, risks, and opinion effects? |
| Attestation examination | Reasonable assurance | Can you apply criteria to subject matter and choose an appropriate report conclusion? |
| Attestation review | Limited assurance | Can you distinguish inquiry/analytical-style procedures from examination-level work? |
| Agreed-upon procedures | No opinion; procedures and findings | Can you identify specified parties, procedures, and factual findings? |
| SSARS preparation | No assurance | Can you tell when no report is required versus when disclaimers or legends matter? |
| SSARS compilation | No assurance | Can you identify report wording and independence disclosure issues? |
| SSARS review | Limited assurance | Can you distinguish review procedures from audit procedures? |
High-Yield Decision Points
CPA AUD often tests judgment through small fact changes. Practice deciding what changes when one fact is added, removed, or reworded.
Risk-to-Response Decision Table
| If the scenario says… | Think about… | Likely audit response |
|---|---|---|
| Revenue increased sharply near year-end | Cutoff, occurrence, fraud risk | Test sales near year-end, shipping terms, subsequent returns, and revenue recognition |
| Management bonus depends on earnings | Bias, fraud risk, estimates | Increase skepticism, review estimates and adjustments, consider management override |
| New complex IT system was implemented | System reliability, access, change controls | Understand IT controls, validate reports, consider IT specialist involvement |
| Inventory is stored at third-party warehouses | Existence, rights, completeness | Confirm with custodian, inspect agreements, consider observation or alternative procedures |
| Legal dispute exists | Contingency recognition/disclosure | Review legal correspondence, attorney letters, board minutes, management representations |
| Significant related-party transaction | Business purpose, authorization, disclosure | Inspect agreements, approvals, payment terms, and disclosure completeness |
| Auditor cannot observe inventory count | Scope limitation possibility | Perform alternative procedures if possible; evaluate report effect if not |
| Management refuses a representation letter | Severe evidence limitation | Consider disclaimer or withdrawal depending on facts |
| Control deviations exceed expectation | Reliance on controls may be reduced | Increase substantive procedures and reassess control risk |
| Subsequent event affects estimate | Evidence about year-end condition | Determine whether adjustment or disclosure is needed |
Assertion Selection Cues
| If you need evidence about… | Primary assertion cue | Common procedure |
|---|---|---|
| Recorded asset actually exists | Existence | Inspect asset, confirm balance, observe inventory |
| All liabilities are recorded | Completeness | Search for unrecorded liabilities, review subsequent disbursements |
| Revenue recorded in correct period | Cutoff | Examine shipping documents, invoices, delivery terms |
| Client owns the asset | Rights and obligations | Inspect title, contracts, confirmations |
| Estimate is reasonable | Valuation | Test assumptions, data, model, subsequent outcome |
| Transaction is properly described | Presentation and disclosure | Review financial statement notes and classification |
| Expense is recorded in the proper account | Classification | Inspect supporting documents and chart-of-accounts coding |
| Disclosure includes all required information | Completeness of disclosure | Use disclosure checklist and tie to audit evidence |
Control Testing Decision Cues
| Question | If yes | If no |
|---|---|---|
| Is the control relevant to a significant risk or planned reliance? | Consider testing design, implementation, and operating effectiveness | Substantive testing may be more efficient |
| Is the control designed to prevent or detect a material misstatement? | Continue evaluating implementation | It may be a poor control even if performed |
| Has the control operated throughout the period? | Test operating effectiveness over the relevant period | Consider roll-forward, additional testing, or no reliance |
| Is the evidence generated by the client’s IT system? | Test report completeness and accuracy if relying on it | Seek independent or alternative evidence |
| Are deviations found? | Evaluate severity and effect on reliance | Continue planned control reliance only if supported |
Audit Report Modification Checklist
Before choosing an opinion, answer these in order:
- Is there sufficient appropriate evidence?
- If no, analyze scope limitation.
- Are the financial statements materially misstated?
- If yes, analyze GAAP departure or disclosure problem.
- Is the issue material?
- If no, an unmodified opinion may still be possible.
- Is the issue pervasive?
- If yes, consider adverse opinion for misstatement or disclaimer for scope limitation.
- Is the issue adequately disclosed?
- Adequate disclosure can change the reporting result, especially for uncertainty or going concern matters.
- Does the matter require emphasis or other-matter communication rather than modification?
- Does independence, engagement type, or special framework change the report?
| Reporting result | Use when the issue is mainly… | Key distinction |
|---|---|---|
| Unmodified opinion | Evidence supports fairly presented statements | No material unresolved issue |
| Qualified opinion | Material but not pervasive issue | “Except for” concept |
| Adverse opinion | Material and pervasive misstatement | Financial statements are not fairly presented |
| Disclaimer of opinion | Material and pervasive inability to obtain evidence | Auditor does not express an opinion |
| Emphasis-of-matter | Properly presented or disclosed matter needs emphasis | Does not modify the opinion |
| Other-matter | Communication about matter other than the financial statements | Does not modify the opinion |
Evidence Reliability Checklist
Use this hierarchy as a practical guide, not as a mechanical rule. Context matters.
| Evidence characteristic | Generally stronger | Generally weaker |
|---|---|---|
| Source | Independent external source | Internal source only |
| Form | Written or electronic documentary evidence | Oral explanation only |
| Auditor involvement | Directly obtained by auditor | Obtained indirectly through client |
| Control environment | Produced under effective controls | Produced under weak or untested controls |
| Consistency | Corroborated by other evidence | Contradicted by other evidence |
| Objectivity | Factual, observable, verifiable | Highly subjective or management-biased |
Readiness prompts:
- Can you explain why a bank confirmation may be stronger than a client-prepared schedule?
- Can you identify when external evidence still needs evaluation?
- Can you explain why inquiry must often be corroborated?
- Can you identify contradictory evidence and decide what additional work is needed?
- Can you decide whether evidence is sufficient, appropriate, or both?
Engagement Artifact Checklist
Know what each artifact is for, who prepares it, what it supports, and how it can appear in a scenario.
| Artifact | Purpose | CPA AUD readiness check |
|---|---|---|
| Engagement letter | Defines objective, responsibilities, scope, and terms | Can you identify missing or inappropriate terms? |
| Audit strategy | Sets overall approach | Can you connect risk, staffing, timing, and scope? |
| Audit plan / program | Lists detailed procedures | Can you choose procedures responsive to assessed risks? |
| Working papers | Document work performed, evidence, and conclusions | Can you identify inadequate documentation? |
| Management representation letter | Confirms management representations | Can you identify the effect of refusal or contradiction? |
| Attorney letter / legal inquiry | Supports contingencies and litigation evaluation | Can you decide when legal evidence is needed? |
| Confirmation request | Obtains external evidence | Can you choose positive, negative, or alternative procedures? |
| Bank reconciliation | Supports cash existence, completeness, and cutoff | Can you identify reconciling items that require follow-up? |
| Inventory count instructions | Supports observation and cutoff | Can you identify count control weaknesses? |
| Internal control memo | Documents understanding and evaluation | Can you distinguish deficiency severity? |
| Management letter | Communicates recommendations or less severe matters | Can you avoid confusing it with required deficiency communication? |
| Governance communication | Communicates required audit matters | Can you identify matters requiring governance attention? |
| Compilation report | Communicates no assurance under SSARS | Can you identify independence disclosure issues? |
| Review report | Communicates limited assurance | Can you distinguish review from audit wording and procedures? |
| Attestation report | Reports on subject matter or assertion | Can you match criteria, procedures, and conclusion type? |
| SOC report | Provides service organization control information | Can you identify relevance to user auditor work? |
Specialized Topic Checks
Fraud, Illegal Acts, and Management Override
- Identify fraud risk factors involving incentives, opportunities, and rationalizations.
- Recognize that management override can exist even when controls appear strong.
- Identify procedures commonly associated with management override:
- Journal entry testing
- Review of accounting estimates for bias
- Evaluation of unusual significant transactions
- Distinguish errors from fraud.
- Distinguish direct-effect illegal acts from other illegal acts conceptually.
- Decide when communication to governance is required.
- Decide when legal counsel or withdrawal may become relevant.
Subsequent Events and Subsequently Discovered Facts
| Timing cue | What to consider |
|---|---|
| Event occurs after balance sheet date but before auditor’s report date | Determine whether it provides evidence about conditions existing at period end or conditions arising later |
| Auditor becomes aware before report release | Perform necessary procedures and update conclusions |
| Facts discovered after report date | Determine whether the report would have been affected if facts were known |
| Financial statements are revised | Consider report dating, dual dating, or reissuance concepts |
| Management refuses necessary revision | Consider communication and steps to prevent reliance, depending on facts |
Can you do this?
- Decide whether an event requires adjustment, disclosure, both, or neither.
- Identify the auditor’s responsibility based on when the fact is discovered.
- Distinguish dual dating from extending the report date.
- Determine when management representations should be updated.
Going Concern
- Identify conditions that may raise substantial doubt:
- Recurring losses
- Negative cash flows
- Loan defaults
- Loss of major customers
- Legal or regulatory problems
- Inability to obtain financing
- Evaluate management’s plans.
- Decide whether disclosures are adequate.
- Determine the reporting effect when disclosures are adequate.
- Determine the reporting effect when disclosures are inadequate.
- Avoid assuming going concern uncertainty automatically means adverse opinion.
Estimates, Fair Values, and Bias
- Identify key assumptions in management’s estimate.
- Test the accuracy and completeness of data used.
- Evaluate consistency of methods.
- Compare estimates to subsequent events when relevant.
- Consider whether management has a pattern of optimistic or pessimistic bias.
- Determine when a specialist may be useful.
- Document how contradictory evidence was resolved.
Service Organizations
- Identify when a client uses a service organization relevant to financial reporting.
- Determine whether complementary user entity controls are necessary.
- Recognize whether a service auditor report is relevant to:
- Understanding controls
- Assessing control risk
- Testing operating effectiveness
- Avoid assuming the service organization report eliminates the user auditor’s responsibility.
- Identify when additional procedures may be necessary at the user entity.
SSARS and Non-Audit Services
| Scenario cue | Likely engagement issue |
|---|---|
| Accountant prepares financial statements from client records | Preparation engagement considerations |
| Accountant assists without providing assurance | No-assurance language may be relevant |
| Client wants financial statements compiled for a bank | Compilation engagement and report issues |
| Accountant is not independent for a compilation | Independence disclosure may be needed |
| Client wants limited assurance on financial statements | Review engagement under SSARS |
| Client expects fraud detection from a review | Misunderstanding of review scope |
| Accountant performs inquiry and analytical procedures only | Review-style procedures, not audit evidence |
Common CPA AUD Weak Areas and Traps
| Trap | Why it causes missed questions | How to fix it |
|---|---|---|
| Memorizing report names without knowing triggers | Report questions turn on materiality, pervasiveness, evidence, and disclosure | Use the reporting decision sequence before choosing an answer |
| Confusing completeness and existence | Procedures often go in opposite directions | Remember: completeness often starts from source documents; existence often starts from recorded amounts |
| Treating inquiry as strong evidence | Inquiry is useful but often insufficient alone | Ask what corroborating evidence is available |
| Assuming review and compilation are similar | Review gives limited assurance; compilation gives no assurance | Build a separate SSARS comparison table |
| Ignoring independence in non-audit engagements | Independence rules can still affect reports and disclosures | Ask whether the CPA is independent and whether disclosure is required |
| Overlooking management responsibilities | Management owns the financial statements, controls, and representations | Separate “prepare” from “audit” in every scenario |
| Misreading “pervasive” | Pervasiveness changes qualified to adverse or disclaimer | Decide materiality first, then pervasiveness |
| Confusing control design with operation | A control can be well designed but not operating | Identify whether the test is about design, implementation, or operating effectiveness |
| Forgetting IT report reliability | System reports may be incomplete or altered | Test completeness and accuracy before relying on reports |
| Treating all deficiencies equally | Severity depends on likelihood and magnitude | Practice deficiency classification scenarios |
| Assuming adequate disclosure fixes every issue | Some matters still affect reporting | Determine whether the issue is misstatement, uncertainty, or evidence limitation |
| Skipping governance communications | Some matters must go beyond management | Identify required communication recipient |
| Overusing confirmations | Confirmations are not always best for every assertion | Match procedure to assertion and account |
| Missing cutoff clues | Dates, shipping terms, receipt dates, and subsequent payments matter | Underline timing facts in every simulation or scenario |
| Confusing attorney letters and management reps | They support different evidence needs | Know purpose, source, and limitation of each artifact |
“When You See This, Think That” Review Table
| Exam fact pattern wording | Think about |
|---|---|
| “Management refuses to provide…” | Scope limitation, possible withdrawal, report effect |
| “Uncorrected misstatement…” | Materiality, qualitative factors, opinion impact |
| “Not pervasive…” | Qualified opinion may be in play |
| “Pervasive…” | Adverse or disclaimer may be in play depending on cause |
| “Unable to obtain sufficient appropriate evidence…” | Scope limitation |
| “Departure from the applicable reporting framework…” | Misstatement / GAAP departure |
| “Adequately disclosed…” | Emphasis may be possible; modification may not be needed |
| “Substantial doubt…” | Going concern evaluation and disclosure |
| “Client uses a payroll processor…” | Service organization and user controls |
| “Control was not performed consistently…” | Operating effectiveness issue |
| “Control does not address the risk…” | Design deficiency |
| “Prepared by client…” | Reliability and control over information |
| “External confirmation not returned…” | Alternative procedures |
| “Lawyer did not respond…” | Evidence limitation for contingencies |
| “Related party not disclosed…” | Disclosure and potential fraud risk |
| “Agreed-upon procedures…” | No opinion; specified procedures and findings |
| “Compilation…” | No assurance; independence disclosure if applicable |
| “Review engagement…” | Limited assurance; inquiry and analytical procedures |
| “Specialist…” | Competence, capability, objectivity, and work relevance |
Practice Prompts for Scenario Readiness
Use these prompts to test whether you can apply CPA AUD concepts without answer choices.
Scenario 1: Inventory Observation Missed
A client completed its year-end inventory count before the auditor was engaged. Inventory is material.
Can you answer?
- What assertion is most directly affected?
- What alternative procedures might provide evidence?
- When would the issue become a scope limitation?
- How would materiality and pervasiveness affect the report?
- What documentation should support the conclusion?
Scenario 2: Related-Party Sale Near Year-End
A company recorded a large sale to an entity owned by a board member. Payment terms are unusual.
Can you answer?
- What fraud and disclosure risks exist?
- What documents should be inspected?
- What approvals should be reviewed?
- How would you test business purpose?
- What if disclosure is omitted?
Scenario 3: Control Deviations Found
The auditor planned to rely on purchase approval controls, but testing found several missing approvals.
Can you answer?
- Is this a design or operating effectiveness issue?
- How does it affect control risk?
- What substantive procedures may increase?
- How should deviations be evaluated?
- Could this be a significant deficiency or material weakness?
Scenario 4: Management Representation Refusal
Management refuses to sign the representation letter because it disagrees with responsibility language.
Can you answer?
- Why is this significant evidence?
- Can other evidence fully replace it?
- What report effect may result?
- Should governance be informed?
- When might withdrawal be considered?
Scenario 5: Compilation for a Nonpublic Client
A client asks a CPA to compile financial statements but the CPA is not independent.
Can you answer?
- Does a compilation provide assurance?
- Is independence required to perform the engagement?
- What disclosure issue arises?
- How is this different from a review?
- What should the accountant avoid implying?
Final-Week CPA AUD Checklist
Seven-Day Readiness Plan
| Timeframe | Focus | Output |
|---|---|---|
| 7 days out | Reporting decisions and opinion modifications | One-page report modification chart |
| 6 days out | Audit evidence, assertions, and substantive procedures | Account-by-account assertion procedure table |
| 5 days out | Internal control, IT controls, and deficiency classification | Control deficiency decision notes |
| 4 days out | SSARS, attestation, reviews, compilations, agreed-upon procedures | Engagement comparison matrix |
| 3 days out | Fraud, related parties, estimates, subsequent events, going concern | Scenario flashcards |
| 2 days out | Missed questions and weak simulations | Error log cleanup |
| 1 day out | Light review of tables, reports, and decision rules | Final checklist only; no new deep topics |
Final Review Must-Knows
- I can identify the engagement type from the fact pattern.
- I can distinguish audit, review, compilation, preparation, examination, and agreed-upon procedures.
- I can match procedures to assertions.
- I can determine whether evidence is sufficient and appropriate.
- I can identify when inquiry is not enough.
- I can classify the issue as misstatement, scope limitation, uncertainty, emphasis, or other matter.
- I can decide whether a report issue is material and pervasive.
- I can identify common independence threats.
- I can evaluate control design separately from operating effectiveness.
- I can respond to control deviations.
- I can evaluate service organization evidence.
- I can handle subsequent event timing questions.
- I can identify going concern reporting implications.
- I can evaluate management estimates and bias.
- I can identify required communications with governance.
- I can explain why the wrong answer is wrong, especially in reporting questions.
Personal Red-Yellow-Green Tracker
Use this table during final review. Red means “I miss scenario questions.” Yellow means “I know definitions but hesitate in application.” Green means “I can explain and apply.”
| Topic | Red | Yellow | Green | Next action |
|---|---|---|---|---|
| Independence and ethics | [ ] | [ ] | [ ] | Review threats and safeguards scenarios |
| Engagement acceptance | [ ] | [ ] | [ ] | Drill predecessor and engagement letter questions |
| Planning and materiality | [ ] | [ ] | [ ] | Practice risk-to-response mapping |
| Internal control | [ ] | [ ] | [ ] | Classify design, implementation, and operating issues |
| IT controls | [ ] | [ ] | [ ] | Review access, change, and report reliability |
| Audit evidence | [ ] | [ ] | [ ] | Rank reliability and corroboration |
| Assertions | [ ] | [ ] | [ ] | Build procedure-by-assertion table |
| Substantive procedures | [ ] | [ ] | [ ] | Drill account-specific scenarios |
| Sampling | [ ] | [ ] | [ ] | Review direction-of-effect rules |
| Fraud | [ ] | [ ] | [ ] | Practice management override scenarios |
| Estimates | [ ] | [ ] | [ ] | Review assumptions, data, methods, and bias |
| Related parties | [ ] | [ ] | [ ] | Drill authorization and disclosure questions |
| Subsequent events | [ ] | [ ] | [ ] | Practice timing decision questions |
| Going concern | [ ] | [ ] | [ ] | Review disclosure and report effects |
| Audit reporting | [ ] | [ ] | [ ] | Rebuild opinion modification chart |
| Attestation | [ ] | [ ] | [ ] | Compare examination, review, and AUP |
| SSARS | [ ] | [ ] | [ ] | Compare preparation, compilation, and review |
| Communications | [ ] | [ ] | [ ] | Review management vs governance communications |
| Documentation | [ ] | [ ] | [ ] | Review working paper sufficiency |
| Governmental or specialized engagements | [ ] | [ ] | [ ] | Review unique reporting and compliance cues |
Practical Next Step
After marking this Exam Blueprint, spend your next study block on the areas marked red or yellow. For CPA AUD, prioritize mixed practice that forces you to choose the correct audit response, evidence procedure, engagement type, or report effect from a realistic scenario. Keep an error log organized by decision type, not just by chapter name.