Exam Identity and Core Lens
This independent Quick Reference supports candidates preparing for the AICPA U.S. CPA AUD - Auditing and Attestation exam, code CPA AUD.
For AUD questions, think in this order:
- What engagement is being performed? Audit, review, compilation, preparation, examination, agreed-upon procedures, issuer audit, nonissuer audit, government audit.
- What standard applies? AICPA GAAS, PCAOB, SSARS, SSAE, GAGAS, or special reporting guidance.
- What assertion or objective is at risk? Existence, completeness, valuation, rights/obligations, cutoff, classification, presentation.
- What evidence is most persuasive? External, direct, written, original, generated under strong controls.
- What report wording or modification follows? Unmodified, qualified, adverse, disclaimer, emphasis-of-matter, other-matter, restricted-use, no assurance.
Standards and Engagement Selection
| Engagement / subject matter | Common standards | Assurance level | Practitioner output | High-yield exam point |
|---|
| Audit of nonissuer historical financial statements | AICPA GAAS / AU-C | Reasonable assurance | Opinion on whether F/S are fairly presented | Auditor obtains sufficient appropriate evidence; not absolute assurance |
| Audit of issuer financial statements | PCAOB auditing standards | Reasonable assurance | Opinion under PCAOB reporting model | Issuer audits have PCAOB reporting and independence requirements |
| Integrated audit of issuer F/S and ICFR | PCAOB | Reasonable assurance on both | Opinions on F/S and internal control over financial reporting | Material weakness in ICFR requires adverse ICFR opinion |
| Review of nonissuer historical F/S | SSARS | Limited assurance | Conclusion: not aware of material modifications | Primarily inquiry and analytical procedures; no opinion |
| Compilation of nonissuer F/S | SSARS | No assurance | Compilation report | Independence not required, but lack of independence must be disclosed |
| Preparation of F/S | SSARS | No assurance | Prepared statements, generally no report | Each page should indicate no assurance or disclaimer is required |
| Examination of subject matter or assertion | SSAE / AT-C | Reasonable assurance | Opinion | Similar assurance level to an audit, but on non-F/S subject matter |
| Attestation review | SSAE / AT-C | Limited assurance | Conclusion | Less evidence than examination; more than compilation |
| Agreed-upon procedures | SSAE / AT-C | No assurance | Procedures and findings | Practitioner does not conclude; users draw conclusions |
| Prospective financial information | SSAE / AT-C | Varies by service | Examination, compilation, or AUP report | Forecast = expected results; projection = hypothetical assumptions |
| Government audit | GAGAS, sometimes Single Audit rules | Varies | Audit report plus compliance/internal control reporting | Adds public accountability, compliance, and reporting considerations |
Audit Risk Model
\[
\text{Audit Risk (AR)} = \text{Risk of Material Misstatement (RMM)} \times \text{Detection Risk (DR)}
\]\[
\text{Risk of Material Misstatement (RMM)} = \text{Inherent Risk (IR)} \times \text{Control Risk (CR)}
\]
| Concept | Meaning | Exam use |
|---|
| Audit risk | Risk auditor issues inappropriate opinion when F/S are materially misstated | Overall risk to manage through planning and evidence |
| Inherent risk | Susceptibility to misstatement before considering controls | Higher for estimates, complex transactions, related parties, fraud incentives |
| Control risk | Risk controls fail to prevent, detect, and correct misstatement timely | Lower only if controls are designed, implemented, and operating effectively |
| Detection risk | Risk audit procedures fail to detect material misstatement | Auditor controls this through nature, timing, and extent of procedures |
| RMM | Combined inherent and control risk | Assessed at financial statement and assertion levels |
| Significant risk | Risk requiring special audit consideration | Requires tailored response; usually not addressed by analytical procedures alone |
Detection Risk Relationship
| If assessed RMM is… | Acceptable detection risk is… | Auditor response |
|---|
| Higher | Lower | More persuasive evidence, larger samples, more year-end testing, more experienced staff |
| Lower | Higher | Less extensive procedures may be acceptable if justified |
| Control risk assessed below maximum | Depends on control testing results | Must test operating effectiveness of controls |
| Controls not tested | Usually maximum for relevant assertions | Rely primarily on substantive procedures |
Materiality Quick Reference
| Term | Practical meaning | Common trap |
|---|
| Overall materiality | Amount that could influence users’ decisions on F/S as a whole | Not the same as tolerable misstatement |
| Performance materiality | Lower amount used to reduce risk that aggregate misstatements exceed overall materiality | Used to plan nature, timing, extent |
| Tolerable misstatement | Maximum misstatement accepted in a population during sampling | Applied to specific account/class testing |
| Clearly trivial threshold | Amount below which misstatements need not be accumulated | Not a free pass for qualitative issues |
| Qualitative materiality | Small amount may be material due to nature | Fraud, covenant compliance, trend reversal, related-party concealment |
Audit Process Map
| Phase | Key actions | Common AUD focus |
|---|
| Acceptance / continuance | Independence, competence, integrity, engagement terms, predecessor communication | Permission needed before predecessor responds |
| Planning | Strategy, audit plan, team discussion, materiality, preliminary analytics | Planning is iterative, not one-time |
| Risk assessment | Understand entity, environment, controls, fraud risks, significant risks | Procedures identify risk; they do not provide sufficient evidence alone |
| Internal control evaluation | Understand design and implementation; test operating effectiveness if relying on controls | Walkthroughs help confirm understanding |
| Further audit procedures | Tests of controls, substantive analytical procedures, tests of details | Link procedures to assertions |
| Completion | Subsequent events, going concern, misstatement evaluation, representation letter, review | Management representation letter does not replace other evidence |
| Reporting | Form opinion, modify if needed, add required sections/paragraphs | Separate GAAP departures from scope limitations |
Assertions and Best-Fit Procedures
| Assertion | Applies to | What can go wrong | Best-fit procedure examples |
|---|
| Existence | Assets, liabilities, equity | Recorded item does not exist | Confirm receivables; inspect securities; observe inventory |
| Occurrence | Transactions/events | Recorded transaction did not occur | Vouch sales to shipping docs/customer orders |
| Completeness | Accounts, transactions, disclosures | Item omitted | Trace receiving reports to payables; search for unrecorded liabilities |
| Rights and obligations | Assets/liabilities | Entity lacks rights or has unrecorded obligations | Inspect title, contracts, debt agreements, leases |
| Valuation / allocation | Balances | Wrong amount, allowance, impairment, estimate | Recalculate depreciation; test allowance; evaluate fair value inputs |
| Accuracy | Transactions/disclosures | Math or recorded amount wrong | Recalculate invoice extensions, payroll, interest |
| Cutoff | Transactions | Recorded in wrong period | Test shipping/receiving around year-end |
| Classification | Transactions/accounts | Recorded in wrong account | Inspect coding, agreements, board minutes |
| Presentation | F/S and disclosures | Not properly aggregated, described, or disclosed | Review disclosures against framework and agreements |
Directional Testing
| Audit direction | Starts with | Ends with | Primary assertion | Detects |
|---|
| Vouch | Accounting records | Source documents | Existence / occurrence | Overstatement |
| Trace | Source documents | Accounting records | Completeness | Understatement |
| Recalculate | Client calculation | Auditor math | Accuracy / valuation | Mathematical errors |
| Inspect subsequent cash disbursements | Post-year-end payments | Year-end liability population | Completeness | Unrecorded liabilities |
| Confirm with third party | External party | Auditor directly | Existence, rights, obligations | False or misstated recorded balances |
Evidence Reliability
| Evidence characteristic | More reliable | Less reliable |
|---|
| Source | Independent external source | Internal source |
| Route | Sent directly to auditor | Passed through client |
| Form | Written/electronic documentary | Oral representation |
| System | Produced under strong controls | Produced under weak controls |
| Nature | Original document | Copy or scanned image |
| Procedure | Auditor recalculation/reperformance | Inquiry alone |
Inquiry alone is rarely sufficient appropriate audit evidence for a significant assertion.
Audit Procedures by Account Area
| Area | Key risks | Common procedures | High-yield notes |
|---|
| Cash | Existence, restrictions, kiting, unrecorded debt | Bank confirmations, bank reconciliations, cutoff bank statement, proof of cash | Bank confirmations may reveal loans and collateral, not just balances |
| Accounts receivable | Existence, valuation, cutoff | Positive/negative confirmations, subsequent collections, allowance testing, sales cutoff | Confirmations mainly test existence, not collectability |
| Revenue | Occurrence, cutoff, fraud | Vouch sales, inspect contracts, cutoff testing, analytics, journal-entry testing | Revenue recognition is a presumed fraud risk unless rebutted with support |
| Inventory | Existence, valuation, cutoff | Observe count, test counts, inspect condition, price/cost tests, lower of cost/NRV | Observation supports existence and condition, not ownership by itself |
| Accounts payable | Completeness | Search for unrecorded liabilities, vendor statements, subsequent disbursements | Confirming A/P is less common; use vendor statements and unmatched receiving reports |
| Long-term debt | Completeness, classification, covenant disclosure | Confirm debt, inspect agreements, recalculate interest, review covenants | Debt confirmation can identify collateral and terms |
| Equity | Authorization, classification | Inspect board minutes, stock records, treasury stock activity | Few transactions, high legal significance |
| Payroll | Occurrence, accuracy | Reconcile payroll register, test rates, inspect HR authorizations | Ghost employees are occurrence risk |
| Estimates | Valuation, bias | Test management process, develop independent estimate, review subsequent events | Management bias can be directional across estimates |
| Fair value | Valuation, disclosure | Evaluate model, inputs, specialist work, sensitivity | Lower-level inputs usually require more skepticism |
| Related parties | Completeness, disclosure, business purpose | Inquire, inspect minutes/contracts, review unusual transactions | Risk is often concealment, not just measurement |
| Litigation/claims | Completeness, disclosure | Attorney letter, management inquiry, minutes review | Attorney refusal or limitation may create scope limitation |
Confirmations
| Confirmation type | Use when | Evidence strength | Common trap |
|---|
| Positive confirmation | Large balances, high risk, expected disputes, complex accounts | Higher | Nonresponse requires follow-up or alternative procedures |
| Blank positive confirmation | Respondent fills in amount | Higher than confirming stated amount | Lower response rate possible |
| Negative confirmation | Many small homogeneous balances, low RMM, low expected exceptions, recipients likely to respond | Lower | Silence is evidence only under appropriate conditions |
| Bank confirmation | Cash, loans, collateral, arrangements | High | Confirms more than cash balance |
| A/R confirmation | Receivable existence and rights | High for existence | Does not prove collectability |
| A/P confirmation | Completeness, terms | Sometimes useful | Vendors with zero balances may be more useful than recorded balances |
Analytical Procedures and Ratios
Analytical procedures are required during planning and final overall review in an audit. They may also be used as substantive procedures when suitably precise.
| Ratio / measure | Plain formula | Audit interpretation |
|---|
| Current ratio | Current assets / Current liabilities | Liquidity; going-concern indicators |
| Quick ratio | Quick assets / Current liabilities | More conservative liquidity measure |
| Gross margin % | Gross profit / Net sales | Revenue, COGS, inventory valuation issues |
| Receivables turnover | Net credit sales / Average A/R | Collection speed and collectability |
| Days sales outstanding | 365 / Receivables turnover | Higher DSO may indicate collectability or cutoff issues |
| Inventory turnover | COGS / Average inventory | Obsolescence, overstocking, costing issues |
| Days in inventory | 365 / Inventory turnover | Slow movement may signal valuation issues |
| Debt-to-equity | Total liabilities / Equity | Leverage, covenant risk |
| Interest coverage | Income before interest and taxes / Interest expense | Going-concern and debt covenant analysis |
| Unexpected trend | Possible audit concern |
|---|
| Sales increase but cash collections decrease | Fictitious sales, collectability, channel stuffing |
| Gross margin improves sharply | Premature revenue, understated COGS, inventory costing error |
| Inventory grows faster than sales | Obsolescence, overstatement, demand decline |
| A/P decreases while purchases increase | Unrecorded liabilities |
| Legal expense increases | Litigation disclosure risk |
| Repairs expense decreases while assets increase | Improper capitalization |
Internal Control Reference
COSO Components
| Component | What auditor considers | Example |
|---|
| Control environment | Tone at the top, integrity, governance oversight | Audit committee oversight |
| Risk assessment | Entity process to identify and respond to risks | New system implementation risk analysis |
| Control activities | Policies/procedures that address risks | Approvals, reconciliations, segregation of duties |
| Information and communication | Relevant information captured and communicated | Reliable financial reporting system |
| Monitoring | Ongoing or separate evaluations | Internal audit reviews, control deficiency follow-up |
Control Testing
| Procedure | Purpose |
|---|
| Inquiry | Understand how control is performed; weak alone |
| Observation | See control being performed; limited to moment observed |
| Inspection | Examine evidence of performance |
| Reperformance | Auditor independently executes control; strong evidence |
| Walkthrough | Trace transaction through system to confirm understanding/design/implementation |
| If auditor plans to rely on controls | Then auditor must… |
|---|
| Reduce substantive testing based on controls | Test operating effectiveness |
| Assess control risk below maximum | Test operating effectiveness |
| Perform integrated audit | Test controls over financial reporting |
| Believe substantive procedures alone are insufficient | Test relevant controls |
Control Deficiency Severity
| Deficiency type | Meaning | Communication |
|---|
| Control deficiency | Control missing or not operating such that misstatements may not be prevented/detected/corrected timely | Communicate as appropriate |
| Significant deficiency | Less severe than material weakness but important enough for governance attention | Written communication to management and those charged with governance |
| Material weakness | Reasonable possibility material misstatement will not be prevented/detected/corrected timely | Written communication; adverse ICFR opinion in integrated audit |
Fraud, Noncompliance, and Professional Skepticism
| Area | Auditor responsibility | High-yield procedures |
|---|
| Fraud risk | Obtain reasonable assurance F/S are free of material misstatement due to fraud or error | Brainstorming, inquiries, analytics, journal-entry testing |
| Management override | Presumed fraud risk | Test journal entries, review estimates for bias, evaluate significant unusual transactions |
| Revenue recognition fraud | Presumed fraud risk unless rebutted | Cutoff testing, contract review, confirmations, analytics |
| Misappropriation of assets | Consider incentives/opportunities | Cash, inventory, payroll, expense testing |
| Noncompliance with laws/regulations | Consider effect on F/S | Inquire, inspect correspondence, legal letters, minutes |
| Illegal acts with direct material effect | Treat like other material misstatements | More direct audit procedures |
| Illegal acts with indirect effect | Limited responsibility unless information comes to attention | Inquire and evaluate implications |
Fraud vs Error
| Feature | Error | Fraud |
|---|
| Intent | Unintentional | Intentional |
| Common form | Miscalculation, misunderstanding | Fraudulent reporting or asset misappropriation |
| Auditor challenge | Detect material error | Fraud may involve concealment, collusion, override |
| Reporting implication | Correct or modify if material | Consider governance communication, legal implications, withdrawal where appropriate |
Sampling Reference
| Sampling concept | Effect on sample size |
|---|
| Higher desired confidence | Increases sample size |
| Lower acceptable risk of incorrect acceptance / overreliance | Increases sample size |
| Higher tolerable misstatement or deviation rate | Decreases sample size |
| Higher expected misstatement or deviation rate | Increases sample size |
| Greater population variability | Increases variables sample size |
| Larger population size | Usually limited effect after moderate size |
| Sampling risk | Type of test | Effect |
|---|
| Risk of overreliance | Test of controls | Effectiveness problem; auditor relies on ineffective control |
| Risk of underreliance | Test of controls | Efficiency problem; auditor does more work than needed |
| Risk of incorrect acceptance | Substantive test | Effectiveness problem; auditor accepts materially misstated balance |
| Risk of incorrect rejection | Substantive test | Efficiency problem; auditor investigates balance that is not materially misstated |
| Sampling type | Used for | Output |
|---|
| Attribute sampling | Tests of controls | Deviation rate |
| Variables sampling | Substantive dollar testing | Estimated misstatement |
| Monetary-unit sampling | Substantive testing, overstatement emphasis | Probability proportional to size |
| Classical variables sampling | Substantive testing | Mean/difference/ratio estimates |
Communications and Documentation
| Communication | Timing / audience | Key exam point |
|---|
| Engagement letter | Before or at start of engagement; management/TCWG | Establishes objective, responsibilities, framework, scope |
| Predecessor auditor inquiry | Before accepting, with client permission | Ask about integrity, disagreements, fraud, noncompliance, reasons for change |
| Those charged with governance | Planned scope/timing and significant findings | Includes significant difficulties, disagreements, uncorrected misstatements |
| Management letter | Management | May include control observations and recommendations |
| Internal control deficiencies | Management and governance depending severity | Significant deficiencies and material weaknesses communicated in writing |
| Representation letter | Management, dated as of audit report date | Refusal is scope limitation |
| Attorney letter | Sent by management to external counsel | Counsel response supports litigation/claims evaluation |
| Specialist communication | When using auditor’s or management’s specialist | Auditor evaluates competence, capabilities, objectivity, and work |
| Component auditor communication | Group audits | Group auditor decides whether to make reference or assume responsibility |
Management Representation Letter
| Representation area | Why it matters |
|---|
| Management responsibility for F/S | Confirms management, not auditor, owns statements |
| Completeness of information | Supports access to records and minutes |
| Fraud and suspected fraud | Required corroborative representation |
| Uncorrected misstatements | Management acknowledges effects |
| Litigation and claims | Supports legal contingency evaluation |
| Subsequent events | Confirms events through report date |
| Related parties | Supports completeness and disclosure |
Subsequent Events and Subsequently Discovered Facts
| Period | Auditor responsibility | Report dating choice |
|---|
| Balance sheet date to audit report date | Perform subsequent events procedures | Report date not earlier than sufficient evidence date |
| After report date but before report release | No active search duty, but investigate facts that come to attention | Dual date for specific event or extend date for all procedures |
| After report release | No active search duty, but act if facts existed at report date and report may be affected | Notify appropriate parties; consider revised report or user notification |
| Event type | Accounting treatment |
|---|
| Type I recognized subsequent event | Conditions existed at balance sheet date; adjust F/S |
| Type II nonrecognized subsequent event | Conditions arose after balance sheet date; disclose if material |
| Going-concern issue | Evaluate conditions and management plans; report implications depend on disclosure adequacy |
Going Concern
| Situation | Auditor response |
|---|
| Conditions raise substantial doubt | Perform additional procedures and evaluate management’s plans |
| Substantial doubt alleviated by management plans | Consider disclosure adequacy |
| Substantial doubt remains and disclosure is adequate | Unmodified opinion with required going-concern wording/section |
| Disclosure is inadequate | GAAP departure; qualified or adverse opinion depending materiality/pervasiveness |
| Management refuses assessment or evidence unavailable | Possible scope limitation |
Common indicators: recurring losses, negative cash flows, loan defaults, denial of trade credit, legal proceedings, loss of major customer, uninsured catastrophe, work stoppage.
Audit Reporting: Opinion Decisions
| Issue | Material but not pervasive | Material and pervasive |
|---|
| GAAP departure | Qualified opinion | Adverse opinion |
| Scope limitation | Qualified opinion | Disclaimer of opinion |
| Inadequate going-concern disclosure | Qualified opinion | Adverse opinion |
| Lack of independence | Do not issue standard audit opinion; disclaimer or withdrawal depending circumstances | Do not issue standard audit opinion; disclaimer or withdrawal depending circumstances |
Report Modification Terms
| Term | Use when | Core meaning |
|---|
| Unmodified opinion | Sufficient appropriate evidence and F/S fairly presented | Clean opinion |
| Qualified opinion | Material issue but not pervasive | “Except for” |
| Adverse opinion | Material and pervasive GAAP departure | F/S not fairly presented |
| Disclaimer of opinion | Auditor cannot obtain sufficient appropriate evidence and possible effects are pervasive | No opinion expressed |
| Emphasis-of-matter | Matter is properly presented/disclosed but fundamental to users’ understanding | Does not modify opinion |
| Other-matter | Matter not presented/disclosed in F/S but relevant to audit/report/users | Does not modify opinion |
Emphasis-of-Matter vs Other-Matter
| Paragraph | Matter location | Examples |
|---|
| Emphasis-of-matter | In the financial statements or notes | Major catastrophe, significant subsequent event, related-party transaction, special purpose framework |
| Other-matter | Outside the financial statements | Prior-period statements audited by predecessor, restricted use, required supplementary information issues |
Issuer vs Nonissuer Reporting Distinctions
| Area | Nonissuer audit | Issuer audit |
|---|
| Main auditing standards | AICPA GAAS / AU-C | PCAOB standards |
| Independence baseline | AICPA Code; other rules may apply | SEC/PCAOB independence rules |
| Report addressee | Often board, owners, or management | Often shareholders and board |
| Critical audit matters | Not generally required under AICPA GAAS | Included when required by PCAOB reporting rules |
| Internal control reporting | Separate engagement unless required by other rules | Integrated audit may include ICFR opinion |
| Terminology | Generally accepted auditing standards | Standards of the PCAOB |
Group Audits and Component Auditors
| Group auditor decision | Meaning | Reporting effect |
|---|
| Assume responsibility for component auditor | Group auditor is responsible for component work | No reference to component auditor |
| Make reference to component auditor | Responsibility is divided for component | Report refers to component auditor and magnitude of portion audited |
| Component auditor not independent or work inadequate | Group auditor cannot use work as planned | Perform additional procedures or modify approach |
High-yield distinction: making reference is not a scope limitation by itself. It indicates divided responsibility.
Special Purpose Frameworks and Other Presentations
| Presentation | Audit focus | Reporting point |
|---|
| Cash basis | Cash receipts/disbursements and related disclosures | Report identifies special purpose framework |
| Tax basis | Tax reporting principles | Users must understand framework |
| Regulatory basis | Regulator-prescribed accounting | May require restricted-use language depending purpose |
| Contractual basis | Agreement-prescribed accounting | Often restricted to parties to contract |
| Single financial statement or element | Specific statement/account | Materiality relates to the element |
| Supplementary information | Presented with audited F/S | “In relation to” opinion possible if procedures performed |
| Required supplementary information | Required by framework but outside basic F/S | Limited procedures; no opinion |
SSARS: Preparation, Compilation, Review
| Service | Assurance | Independence required? | Procedures | Report |
|---|
| Preparation | None | No | Prepare F/S from client information | No assurance indication on statements or disclaimer |
| Compilation | None | No, but disclose if not independent | Read F/S for obvious issues; no verification | Compilation report |
| Review | Limited | Yes | Inquiry and analytical procedures | Review report with limited assurance conclusion |
SSARS Traps
| Trap | Correct exam treatment |
|---|
| Compilation gives limited assurance | Incorrect; compilation gives no assurance |
| Review requires tests of controls | Incorrect; review primarily uses inquiry and analytics |
| Preparation requires independence | Incorrect |
| Lack of independence prevents compilation | Incorrect; disclose lack of independence |
| Review report expresses an opinion | Incorrect; it expresses a conclusion |
SSAE: Attestation Engagements
| Engagement | Assurance | Practitioner work | Report language |
|---|
| Examination | Reasonable | Obtain sufficient evidence to support opinion | Opinion |
| Review | Limited | Inquiry, analytics, other limited procedures | Conclusion |
| Agreed-upon procedures | None | Perform specified procedures | Findings only |
| Compliance examination | Reasonable | Test compliance with specified requirements | Opinion |
| Prospective F/S examination | Reasonable | Evaluate assumptions and presentation | Opinion on conformity with guidelines and assumptions |
| Prospective F/S compilation | None | Assemble information; limited procedures | No assurance |
Forecast vs Projection
| Item | Forecast | Projection |
|---|
| Basis | Management’s expected financial results | Hypothetical assumptions |
| Use | Broader use may be appropriate | Often limited use |
| Key risk | Reasonableness of expected assumptions | Clear identification of hypothetical assumptions |
| Exam clue | “Best estimate” | “What-if” or hypothetical scenario |
Independence and Ethics
| Area | Rule of thumb | Common trap |
|---|
| Direct financial interest in attest client | Impairs independence | Materiality does not save a direct interest |
| Material indirect financial interest | Impairs independence | Immaterial indirect interest may not impair under AICPA rules |
| Management responsibilities | CPA cannot perform them for attest client | Preparing source docs or authorizing transactions impairs |
| Nonattest services | May be allowed for some clients if safeguards met | Management must accept responsibility and have suitable skill/knowledge/experience |
| Bookkeeping for audit client | May impair unless safeguards and limits satisfied; issuer rules are stricter | Do not apply nonissuer flexibility to issuer clients |
| Contingent fees | Generally prohibited for attest clients in relevant circumstances | Tax refund claims and attest clients are common test areas |
| Commissions/referral fees | Restricted for attest clients; disclosure may be required when allowed | Independence and disclosure are separate issues |
| Gifts/entertainment | Threat if more than clearly insignificant | “Customary” is not automatic approval |
| Employment with client | Key team member employment negotiations create threat | Remove from engagement and evaluate prior work if needed |
| Unpaid fees | May impair if significant and unpaid for extended period | Treated like a loan in substance |
Conceptual Framework Threats
| Threat | Meaning | Example safeguard |
|---|
| Self-review | CPA audits own work | Separate personnel; avoid prohibited services |
| Advocacy | CPA promotes client position | Do not advocate in ways impairing objectivity |
| Adverse interest | CPA and client are opposed | Remove conflicted personnel |
| Familiarity | Too close to client | Rotation, independent review |
| Undue influence | Client pressure affects judgment | Governance communication, firm consultation |
| Financial self-interest | CPA benefits financially | Dispose of interest; remove individual |
| Management participation | CPA acts as management | Prohibited for attest client |
Use of Specialists, Internal Auditors, and Service Organizations
| Resource | Auditor responsibility | Key exam point |
|---|
| Auditor’s specialist | Evaluate competence, capabilities, objectivity; understand work | Auditor may refer to specialist only in limited reporting contexts |
| Management’s specialist | Evaluate specialist and data/assumptions used | Specialist’s work is audit evidence, not a substitute for auditor judgment |
| Internal auditors | May use work or direct assistance if appropriate | External auditor remains responsible for opinion |
| Service organization | Understand user entity controls and complementary user controls | SOC 1 reports are relevant to financial reporting controls |
| SOC 1 Type 1 | Design and implementation at a point in time | Less evidence than Type 2 for operating effectiveness |
| SOC 1 Type 2 | Design, implementation, and operating effectiveness over a period | More useful when relying on controls |
Government Auditing and Single Audit Concepts
| Area | High-yield distinction |
|---|
| GAGAS / Yellow Book | Adds requirements beyond GAAS, including reporting on internal control and compliance in many audits |
| Independence | Emphasizes conceptual framework and threats from nonaudit services |
| Compliance | Auditor considers laws, regulations, contracts, and grant agreements relevant to audit objectives |
| Findings | Must be developed with condition, criteria, cause, effect, and recommendation when applicable |
| Single Audit | Focuses on federal awards, Schedule of Expenditures of Federal Awards, major programs, and compliance requirements |
| Reporting | May include reports on F/S, internal control, compliance, and schedule-related information |
High-Yield “If You See This, Think That” Table
| Exam clue | Think |
|---|
| “Recorded sales may be fictitious” | Vouch sales; confirm A/R; occurrence/existence |
| “Liabilities may be omitted” | Search for unrecorded liabilities; completeness |
| “Inventory held on consignment” | Rights and obligations; exclude if not owned |
| “Client refuses attorney letter” | Scope limitation |
| “Management refuses representation letter” | Scope limitation, possible disclaimer/withdrawal |
| “Substantial doubt adequately disclosed” | Unmodified opinion with going-concern language |
| “Substantial doubt not disclosed” | GAAP departure; qualified/adverse |
| “Scope limitation imposed by client” | Qualified/disclaimer or withdrawal depending severity |
| “Departure from GAAP is pervasive” | Adverse opinion |
| “Unable to obtain evidence; possible effects pervasive” | Disclaimer |
| “Review engagement” | Inquiry and analytical procedures; limited assurance |
| “Compilation engagement” | No assurance; independence disclosure if impaired |
| “AUP engagement” | Findings only; no assurance |
| “Projection” | Hypothetical assumptions; often limited use |
| “Component auditor referenced” | Divided responsibility, not scope limitation |
| “Negative confirmations only” | Appropriate only for low-risk, many small homogeneous accounts |
| “Substantive analytics for significant risk” | Usually need stronger, specifically responsive procedures |
Common CPA AUD Traps
| Trap | Correct answer logic |
|---|
| Audit provides absolute assurance | Audit provides reasonable assurance |
| Auditor guarantees no fraud exists | Auditor obtains reasonable assurance about material misstatement, including fraud |
| Strong controls eliminate substantive testing | Some substantive procedures are still required for material classes/accounts/disclosures |
| Control risk can be reduced without testing controls | No; operating effectiveness must be tested |
| Walkthrough equals test of operating effectiveness | Not necessarily; walkthrough primarily supports understanding/design/implementation |
| Confirmations prove valuation | They mainly prove existence/rights; collectability needs separate work |
| Management representation letter is primary evidence | It is required but corroborative |
| Analytical procedures alone are enough for high-risk assertions | Usually not sufficient |
| All subsequent events require adjustment | Only Type I events generally require adjustment |
| Emphasis-of-matter modifies opinion | It does not modify the opinion |
| Review report expresses positive assurance | Review provides limited/negative assurance style conclusion |
| Compilation requires verification | Compilation does not verify information |
| Lack of independence always prevents SSARS work | It prevents review, but compilation may be performed with disclosure |
Final Review Checklist
Before exam day, be able to answer quickly:
- Which standard applies: AICPA GAAS, PCAOB, SSARS, SSAE, or GAGAS?
- Is the engagement providing reasonable, limited, or no assurance?
- Which assertion is tested by vouching, tracing, confirmation, recalculation, observation, or inquiry?
- Does the issue involve a GAAP departure or a scope limitation?
- Is the issue material only or material and pervasive?
- Does the report need qualified, adverse, disclaimer, emphasis-of-matter, or other-matter wording?
- Are controls being merely understood, or is operating effectiveness being tested?
- Is the candidate answer confusing review, compilation, and preparation?
- Are issuer rules being mixed up with nonissuer rules?
- Is the question asking for the most persuasive evidence, not just any evidence?
Practical Next Step
Use this Quick Reference to drill mixed CPA AUD questions by engagement type: first identify the applicable standard, then the assertion or reporting issue, then the procedure or opinion consequence. Focus extra practice on report modifications, SSARS/SSAE distinctions, internal control testing, and evidence-to-assertion matching.