CPA AUD Quick Review: Auditing and Attestation

Last revised: June 25, 2026

Fast CPA AUD quick review for U.S. CPA Auditing and Attestation candidates, with high-yield audit concepts and practice focus.

CPA AUD Quick Review

This independent quick review is for candidates preparing for the AICPA U.S. CPA AUD - Auditing and Attestation exam, code CPA AUD. Use it as a final-pass review before moving into topic drills, mock exams, and detailed explanations in an independent companion practice question bank.

The AUD mindset is not “memorize every report.” It is:

Identify the engagement type.
Identify the applicable standards.
Decide the level of assurance.
Evaluate evidence, risk, materiality, and independence.
Choose the correct report or modification.

AUD Exam Mindset: The Core Decision Pattern

Most CPA AUD questions test professional judgment through a small set of recurring decisions.

Question asks about…	First decision	Common trap
Audit procedure	Which assertion?	Picking a strong procedure that tests the wrong assertion
Report wording	What engagement and opinion?	Confusing audit, review, compilation, examination, and agreed-upon procedures
Risk response	Is control reliance planned?	Testing controls when the auditor will not rely on them
Independence	Is the person a covered member / attest team / able to influence?	Assuming disclosure cures independence impairment
Misstatement	Material? Pervasive?	Treating all material issues as adverse opinions
Subsequent events	Type I recognized or Type II disclosed?	Adjusting for events that only provide new conditions
Internal control	Deficiency, significant deficiency, or material weakness?	Calling every control problem a material weakness
Sampling	Controls or substantive testing?	Mixing attribute sampling and variables sampling logic

Assurance Levels: Know the Engagement Before Answering

Engagement	Standards area	Assurance level	Primary procedures	Report language concept
Financial statement audit	GAAS / PCAOB as applicable	Reasonable assurance	Risk assessment, controls if relied on, substantive procedures	Opinion
Review of historical financial statements	SSARS for nonissuers in certain contexts	Limited assurance	Inquiry and analytical procedures	“Not aware of material modifications”
Compilation	SSARS	No assurance	Assist in presenting financial information	No opinion or conclusion
Preparation of financial statements	SSARS	No assurance	Prepare statements	No report required, but statements need no-assurance indication
Examination attestation	SSAE	Reasonable assurance	Evidence to support opinion on subject matter/assertion	Opinion
Review attestation	SSAE	Limited assurance	Inquiry, analytical, limited procedures	Conclusion
Agreed-upon procedures	SSAE	No assurance	Procedures agreed to by specified parties or users	Findings only, no opinion/conclusion

Quick rule: Audit/examination = reasonable assurance. Review = limited assurance. Compilation/preparation/AUP = no assurance.

Audit Risk Model

For audits, the auditor plans work to reduce audit risk to an acceptably low level.

\[ \text{Audit Risk} = \text{Risk of Material Misstatement} \times \text{Detection Risk} \]\[ \text{Risk of Material Misstatement} = \text{Inherent Risk} \times \text{Control Risk} \]

Risk	Meaning	Auditor controls it?	Key response
Inherent risk	Susceptibility before controls	No	Understand business, complexity, estimates, fraud risk
Control risk	Client controls fail to prevent/detect/correct	No	Test controls only if relying on them
Detection risk	Auditor procedures fail to detect misstatement	Yes	Change nature, timing, and extent of audit procedures
Audit risk	Auditor gives inappropriate opinion	Indirectly	Lower detection risk when RMM is high

High-Yield Risk Relationship

If assessed RMM is…	Detection risk should be…	Evidence should be…
Higher	Lower	More persuasive, often more year-end testing
Lower	Higher	Less extensive, but still sufficient and appropriate

Common trap: Higher inherent/control risk does not mean higher detection risk. It means the auditor must accept lower detection risk and perform stronger procedures.

Planning and Engagement Acceptance

Before accepting or continuing an audit, the auditor considers:

Independence and ethical requirements.
Management integrity.
Competence and availability of engagement team.
Whether the financial reporting framework is acceptable.
Whether management acknowledges its responsibilities.
Whether scope limitations are likely.
Communication with predecessor auditor when applicable.

Engagement Letter: What It Usually Covers

Engagement letter item	Why it matters
Objective and scope of audit	Prevents misunderstanding
Auditor responsibilities	Audit provides reasonable, not absolute, assurance
Management responsibilities	FS, internal control, access, representations
Applicable financial reporting framework	Defines criteria for fair presentation
Expected report form	May change if circumstances require
Use of specialists, internal auditors, component auditors	Clarifies responsibilities
Fees and logistics	Administrative but still important

Common trap: The auditor does not accept responsibility for preventing fraud or maintaining internal control. Those are management responsibilities.

Materiality: How AUD Questions Use It

Materiality is judged from the perspective of a reasonable user. It includes quantitative and qualitative factors.

Concept	Meaning	Exam use
Overall materiality	Materiality for financial statements as a whole	Planning benchmark
Performance materiality / tolerable misstatement	Lower amount used to reduce aggregation risk	Testing accounts/classes
Clearly trivial threshold	Items not accumulated	Evaluation efficiency
Qualitative materiality	Nature of item makes it important	Fraud, covenants, trends, related parties, compliance

Common Qualitative Red Flags

Turns a loss into income.
Helps meet analyst, lender, or bonus targets.
Masks a trend.
Affects debt covenant compliance.
Involves fraud or illegal acts.
Affects related-party disclosures.
Concerns a sensitive estimate or significant disclosure.

Assertions: Match Procedure to Objective

Transaction Assertions

Assertion	What can go wrong?	Common procedures
Occurrence	Recorded transaction did not happen	Vouch sales invoice to shipping document/order
Completeness	Transaction omitted	Trace shipping docs/receiving reports to records
Accuracy	Amount incorrect	Recalculate invoice, compare price/quantity
Cutoff	Wrong period	Test transactions around period-end
Classification	Wrong account	Inspect coding/chart of accounts
Presentation	Not properly presented/disclosed	Review disclosure requirements

Account Balance Assertions

Assertion	What can go wrong?	Common procedures
Existence	Asset/liability does not exist	Confirm receivables, observe inventory
Rights and obligations	Entity does not own asset or owe liability	Inspect title, contracts, confirmations
Completeness	Asset/liability omitted	Search for unrecorded liabilities
Accuracy, valuation, allocation	Incorrect amount or valuation	Test pricing, estimates, allowances
Classification	Current/noncurrent or account classification wrong	Review terms and agreements
Presentation	Disclosure incomplete or unclear	Review notes and framework requirements

Directional Testing

Audit concern	Direction	Example
Existence / occurrence	From accounting records to source evidence	Vouch recorded sales to shipping docs
Completeness	From source evidence to accounting records	Trace shipping docs to sales journal
Overstatement	Vouch	Recorded amount may not be valid
Understatement	Trace	Valid item may not be recorded

Common trap: Confirming accounts receivable primarily tests existence, not completeness.

Evidence: Reliability Ranking

Evidence must be sufficient and appropriate. Sufficiency is quantity; appropriateness is relevance and reliability.

More reliable	Less reliable
Direct auditor knowledge	Client-provided explanations
External evidence received directly by auditor	External evidence routed through client
Original documents	Copies or scanned documents
Written evidence	Oral evidence
Evidence from strong internal controls	Evidence from weak internal controls
Recalculation/reperformance	Inquiry alone

Procedure Strengths and Weaknesses

Procedure	Best for	Limitation
Inquiry	Understanding, corroborating	Not enough alone for important assertions
Observation	Seeing process performed	Only valid at observed time
Inspection	Documents/assets	Documents may not prove ownership or valuation
Confirmation	Existence/rights/terms	Nonresponse requires follow-up
Recalculation	Mathematical accuracy	Does not prove underlying data is valid
Reperformance	Control effectiveness	Can be time-consuming
Analytical procedures	Relationships/trends	Less persuasive for detailed assertions
Scanning	Unusual items	Depends on auditor judgment

Internal Control: COSO Components

Component	What to remember
Control environment	Tone at the top, integrity, governance, assignment of authority
Risk assessment	Entity identifies and responds to business/reporting risks
Control activities	Approvals, reconciliations, segregation, physical controls, IT controls
Information and communication	Capturing, processing, reporting relevant information
Monitoring	Ongoing or separate evaluations of control performance

Control Deficiency Severity

Type	Meaning	Communication
Control deficiency	Control design or operation does not prevent/detect/correct misstatement timely	Usually management-level
Significant deficiency	Important enough to merit attention by those charged with governance	Communicate to governance
Material weakness	Reasonable possibility material misstatement will not be prevented/detected/corrected timely	Written communication to management and governance

Common trap: A material weakness means there is a reasonable possibility of material misstatement, not that a misstatement definitely occurred.

Testing Controls vs Substantive Procedures

    flowchart TD
	    A[Assess risk of material misstatement] --> B{Plan to rely on controls?}
	    B -->|Yes| C[Test design and operating effectiveness]
	    C --> D{Controls effective?}
	    D -->|Yes| E[Reduce substantive testing as appropriate]
	    D -->|No| F[Increase substantive procedures]
	    B -->|No| G[Perform substantive procedures]
	    A --> H{Substantive procedures alone insufficient?}
	    H -->|Yes| C

When Tests of Controls Are Needed

Auditor plans to rely on controls.
Substantive procedures alone cannot provide sufficient appropriate evidence.
Compliance or integrated audit requirements apply.
Controls address high-volume automated processing.

Control Testing Procedures

Procedure	Use
Inquiry	Ask personnel how control is performed
Observation	Watch control being performed
Inspection	Review evidence of control performance
Reperformance	Auditor independently performs the control

Inquiry alone is rarely sufficient for testing operating effectiveness.

Fraud: High-Yield Review

Fraud includes fraudulent financial reporting and misappropriation of assets.

Fraud triangle element	Meaning	Example
Incentive/pressure	Motivation to commit fraud	Debt covenant pressure
Opportunity	Ability to commit/conceal fraud	Weak segregation of duties
Rationalization	Justification	“We will fix it next quarter”

Required Fraud Mindset

Maintain professional skepticism.
Discuss fraud risks with engagement team.
Inquire of management, internal audit, and others.
Consider management override.
Evaluate unusual journal entries.
Review accounting estimates for bias.
Consider whether revenue recognition presents a fraud risk.

Common trap: An audit is designed to obtain reasonable assurance, not to guarantee fraud detection.

Management Override: Typical Responses

High-yield procedures include:

Test journal entries and other adjustments.
Review accounting estimates for bias.
Evaluate business rationale for significant unusual transactions.
Consider related-party transactions.
Incorporate unpredictability into audit procedures.

Analytical Procedures

Audit phase	Required or common?	Purpose
Planning	Expected	Understand business, identify risks
Substantive testing	Optional	Obtain evidence if predictable relationships exist
Final review	Expected	Evaluate overall financial statement reasonableness

Analytical procedures are strongest when:

Data is reliable.
Relationships are predictable.
Expectation is precise.
Difference threshold is appropriate.
Unexpected differences are investigated and corroborated.

Common trap: Inquiry alone does not resolve an unexpected analytical difference. The auditor needs corroborating evidence.

Sampling: Fast Rules

Control Sampling

Concept	Attribute sampling
Used for	Tests of controls
Measures	Deviation rate
Key risk	Overreliance on ineffective controls
If deviations exceed tolerable rate	Do not rely as planned; increase substantive testing

Substantive Sampling

Concept	Variables / monetary-unit sampling
Used for	Tests of details
Measures	Monetary misstatement
Key risk	Incorrect acceptance of materially misstated balance
If projected misstatement exceeds tolerable misstatement	Expand testing, request adjustment, or modify approach

Sampling Risk Effects

Risk	Affects	Meaning
Risk of assessing control risk too low	Effectiveness	Auditor relies too much on bad controls
Risk of assessing control risk too high	Efficiency	Auditor does extra work
Risk of incorrect acceptance	Effectiveness	Auditor accepts misstated balance
Risk of incorrect rejection	Efficiency	Auditor rejects fairly stated balance

Sample Size Direction

Change	Sample size effect
Higher desired confidence	Increase
Lower tolerable deviation/misstatement	Increase
Higher expected deviation/misstatement	Increase
Greater population variability	Increase
Larger population, after a point	Usually limited effect

Monetary-Unit Sampling Trap

Monetary-unit sampling is efficient for detecting overstatements in populations with recorded book values. It is less effective for understatements, zero balances, or negative balances.

High-Yield Audit Areas by Cycle

Revenue and Receivables

Risk/assertion	Strong procedures
AR existence	Positive confirmations, subsequent cash receipts
Sales occurrence	Vouch recorded sales to shipping docs/orders
Sales completeness	Trace shipping documents to sales invoices/journal
Cutoff	Test shipments around year-end
Allowance valuation	Aging analysis, subsequent collections, historical loss rates
Fraud risk	Journal entries, side agreements, unusual terms

Common trap: Negative confirmations are appropriate only when risk is low, controls are effective, balances are small/homogeneous, and recipients are expected to respond if incorrect.

Inventory

Risk/assertion	Strong procedures
Existence/condition	Observe physical count
Completeness	Trace floor counts to final inventory records
Rights	Inspect consignment/warehouse agreements
Valuation	Test cost, lower of cost and net realizable value, obsolescence
Cutoff	Test receiving/shipping around year-end

If inventory observation is impracticable, the auditor performs alternative procedures. If sufficient evidence cannot be obtained, consider a scope limitation.

Purchases, Payables, and Expenses

Risk/assertion	Strong procedures
AP completeness	Search for unrecorded liabilities
Expense cutoff	Review receiving reports and vendor invoices around year-end
Validity	Vouch recorded purchases to purchase orders/receiving reports
Accrued liabilities	Review subsequent disbursements
Related parties	Inspect board minutes, contracts, confirmations

Search for unrecorded liabilities usually focuses on understatement, so it starts with subsequent cash disbursements, unmatched receiving reports, vendor statements, and invoices.

Cash

Risk/assertion	Strong procedures
Existence	Bank confirmations
Completeness	Bank reconciliations, cutoff bank statements
Kiting	Interbank transfer schedule
Restrictions	Review agreements and disclosures
Fraud	Surprise counts, segregation of duties review

Payroll

Risk/assertion	Strong procedures
Occurrence	Compare payroll to HR records/time approvals
Completeness	Reconcile payroll tax filings to payroll records
Authorization	Inspect approval of pay rates
Segregation	Separate HR authorization, timekeeping, payroll processing, distribution

Debt and Equity

Risk/assertion	Strong procedures
Completeness	Confirm debt with lenders, inspect board minutes
Classification	Review maturity dates and covenant terms
Valuation	Recalculate interest and amortization
Disclosure	Review covenants, collateral, restrictions
Equity authorization	Inspect minutes and shareholder records

Estimates and Fair Value

Risk/assertion	Strong procedures
Reasonableness	Evaluate method, assumptions, and data
Bias	Retrospective review of prior estimates
Specialist use	Evaluate competence, capability, objectivity
Fair value	Compare to market data or independent pricing
Disclosure	Review sensitivity and uncertainty disclosures

Common trap: The auditor does not simply accept management’s estimate because it is complex. Complexity often increases inherent risk.

Confirmations

Type	Meaning	Best use
Positive confirmation	Recipient responds whether agrees or disagrees	Higher risk, large balances, expected errors
Blank confirmation	Recipient fills in amount/info	More persuasive but lower response rate
Negative confirmation	Recipient responds only if disagrees	Low risk, many small balances, strong controls

If a positive confirmation is not returned, the auditor should perform follow-up and alternative procedures, such as examining subsequent cash receipts and supporting documents.

Written Representations

Written representations are required audit evidence but do not replace other procedures.

Common representations include:

Management responsibility for financial statements.
Management responsibility for internal control.
All relevant information and access provided.
Disclosure of fraud or suspected fraud.
Disclosure of known noncompliance.
Related-party relationships and transactions disclosed.
Subsequent events evaluated.
Uncorrected misstatements acknowledged.

Common trap: Refusal to provide written representations is a serious scope limitation and may affect the auditor’s ability to issue an opinion.

Attorney Letters, Contingencies, and Litigation

Area	Auditor focus
Pending litigation	Existence, likelihood, estimate
Claims and assessments	Completeness and disclosure
Attorney response	Corroborates management’s information
Refusal to permit inquiry	Scope limitation
Unasserted claims	Often depend on management’s assessment and legal advice

Loss contingency accounting generally depends on likelihood and estimability. AUD questions often test whether the auditor has enough evidence and whether disclosure is adequate.

Related-party transactions are not automatically improper, but they require careful evaluation.

High-yield procedures:

Inquire of management and governance.
Inspect minutes, contracts, and conflict-of-interest statements.
Review unusual transactions.
Confirm terms with related parties when appropriate.
Evaluate business purpose.
Ensure proper disclosure.

Common trap: A transaction with a related party may need disclosure even if recorded at the correct amount.

Subsequent Events

Type	Condition existed at balance sheet date?	Financial statement treatment
Type I recognized event	Yes	Adjust financial statements
Type II nonrecognized event	No	Disclose if material; do not adjust

Subsequent Events Periods

Period	Auditor responsibility
Balance sheet date to auditor report date	Perform subsequent events procedures
After report date but before report release	No active search, but respond to facts discovered
After report release	Consider whether users need notification or revised statements

Common trap: If a subsequent event provides evidence about conditions existing at year-end, it usually affects recognition. If it relates to new conditions after year-end, it usually affects disclosure.

Going Concern

The auditor evaluates whether substantial doubt exists about the entity’s ability to continue as a going concern for a reasonable period under applicable standards.

Situation	Audit reporting effect
Substantial doubt alleviated by management plans	Consider disclosure; unmodified opinion if adequate
Substantial doubt remains, disclosure adequate	Unmodified opinion with appropriate going-concern emphasis
Disclosure inadequate	Qualified or adverse opinion, depending on materiality/pervasiveness
Auditor cannot obtain sufficient evidence	Scope limitation; possible qualified opinion or disclaimer

Common trap: Going concern uncertainty does not automatically mean adverse opinion. The key is whether the financial statements and disclosures are appropriate.

Audit Reports: Opinion Modifications

Issue	Material but not pervasive	Material and pervasive
GAAP departure / misstatement	Qualified opinion	Adverse opinion
Scope limitation / insufficient evidence	Qualified opinion	Disclaimer of opinion

Opinion Types

Opinion	When used
Unmodified / unqualified	Financial statements are presented fairly, in all material respects
Qualified	Except for a material issue, statements are fairly presented
Adverse	Financial statements are materially and pervasively misstated
Disclaimer	Auditor cannot obtain sufficient appropriate evidence, or independence issue prevents opinion

Emphasis-of-Matter vs Other-Matter

Paragraph	Refers to	Opinion modified?
Emphasis-of-matter	Matter appropriately presented/disclosed in financial statements	No
Other-matter	Matter not presented/disclosed in financial statements but relevant to users’ understanding	No

Examples of emphasis matters may include going concern, significant uncertainty, or a major subsequent event when properly disclosed. The exact placement and wording depend on the applicable standards and report type.

Issuer vs Nonissuer Reporting: Quick Distinctions

Area	Nonissuer audits	Issuer audits
Standards	AICPA auditing standards	PCAOB standards
Opinion terminology	Unmodified opinion	Unqualified opinion commonly used in PCAOB context
Key audit matters / CAMs	Not the same as issuer CAM requirements	Critical audit matters may apply
Independence	AICPA and applicable rules	SEC/PCAOB independence considerations may apply
Internal control over financial reporting	Separate reporting only in certain contexts	Integrated audit concepts are important

Common trap: Do not mix report elements from one standard-setter into the other unless the question facts support it.

Integrated Audit and ICFR Concepts

For audits involving internal control over financial reporting:

Concept	Key point
ICFR objective	Reasonable assurance about reliable financial reporting
Material weakness	Results in adverse opinion on ICFR
Significant deficiency	Communicated, but not necessarily adverse ICFR opinion
FS opinion vs ICFR opinion	Can differ
Control testing	Focuses on design and operating effectiveness
Entity-level controls	May have broad impact on audit approach

Common trap: An adverse ICFR opinion does not automatically mean the financial statement opinion is adverse. The auditor may still obtain enough substantive evidence for an unmodified financial statement opinion.

Service Organizations and SOC Reports

Report	Covers	Auditor use
SOC 1 Type 1	Design of controls at a point in time	Helps understand controls; does not support operating effectiveness over a period
SOC 1 Type 2	Design and operating effectiveness over a period	May support control reliance
Complementary user entity controls	Controls the user entity must have in place	Auditor evaluates whether user controls are designed/operating

Common trap: A SOC report does not eliminate the user auditor’s responsibility to understand the user entity’s controls and assess risk.

Use of Specialists, Internal Auditors, and Component Auditors

Specialist

The auditor may use a specialist for valuation, actuarial estimates, environmental obligations, complex instruments, or other specialized areas.

Evaluate:

Competence.
Capability.
Objectivity.
Work performed and assumptions used.
Relevance and reasonableness of findings.

Internal Auditors

The external auditor may use internal audit work when appropriate, but evaluates:

Objectivity.
Competence.
Systematic and disciplined approach.
Nature and risk of the area.

More judgmental or high-risk areas require more direct external auditor work.

Group Audits

For group audits, the group auditor considers:

Component significance.
Component auditor competence and independence.
Group-wide controls.
Consolidation process.
Communication with component auditors.

Common trap: The group auditor cannot simply outsource responsibility without evaluating the work and determining the effect on the group audit.

Communications

With Management and Those Charged With Governance

Communication	Usually to
Planned scope and timing	Those charged with governance
Significant findings	Those charged with governance
Significant accounting policies and estimates	Those charged with governance
Significant difficulties or disagreements	Those charged with governance
Uncorrected misstatements	Management and governance
Significant deficiencies and material weaknesses	Management and governance, usually in writing
Illegal acts or fraud involving senior management	Those charged with governance

Predecessor and Successor Auditor

Before accepting an engagement, the successor auditor asks management for permission to communicate with the predecessor. Topics include:

Management integrity.
Disagreements with management.
Reasons for auditor change.
Communications about fraud, noncompliance, or internal control matters.

Common trap: If management refuses permission, that is a major red flag for acceptance.

SSARS: Preparation, Compilation, Review

Service	Independence required?	Assurance	Report?	Main procedures
Preparation	No	None	No report required	Prepare financial statements
Compilation	No, but impairment disclosed	None	Yes	Read financial statements for obvious issues
Review	Yes	Limited	Yes	Inquiry and analytical procedures

SSARS Traps

Compilation does not provide assurance.
Review does not provide an opinion.
Preparation is not an attest service.
Lack of independence can be disclosed in a compilation, but not in a review.
Review evidence is much less extensive than audit evidence.

SSAE Attestation Engagements

Engagement	Assurance	Report output
Examination	Reasonable	Opinion
Review	Limited	Conclusion
Agreed-upon procedures	None	Findings

Attestation Essentials

Subject matter must be capable of evaluation.
Suitable criteria are required.
Practitioner independence is generally required.
Management or responsible party is responsible for the subject matter.
AUP reports present procedures and findings, not assurance.

Common trap: In an agreed-upon procedures engagement, the practitioner does not decide whether the subject matter is fairly stated. Users evaluate the findings.

Prospective Financial Information

Type	Meaning
Forecast	Expected financial results based on expected conditions/actions
Projection	Hypothetical assumptions, often for a limited purpose

High-yield points:

Prospective information is not historical fact.
Assumptions are central to the engagement.
Reports avoid guaranteeing future results.
Projections often require careful attention to purpose and user limitations.

Government Auditing and Compliance Concepts

For government and compliance-oriented audits, AUD candidates should recognize:

Concept	Review point
Government auditing standards	Add requirements beyond a standard financial statement audit
Compliance audit	Tests compliance with laws, regulations, grants, or contracts
Internal control over compliance	Controls designed to prevent/detect noncompliance
Findings	Often include criteria, condition, cause, effect, and recommendation
Material noncompliance	May affect report conclusions and required communications

Common trap: Compliance reporting is not the same as a standard financial statement opinion, even when performed alongside a financial statement audit.

IT and Data Concepts

Modern AUD questions may include automated systems, IT general controls, and audit data analytics.

IT area	What to know
General IT controls	Access, change management, operations, backup/recovery
Application controls	Input, processing, output controls within an application
Automated controls	Consistent if programmed correctly, but depend on ITGCs
Access controls	Prevent unauthorized transactions or changes
Change management	Prevent unauthorized program changes
Audit data analytics	Can identify anomalies, trends, duplicates, gaps, or unusual relationships

Common trap: A strong automated application control may still be unreliable if relevant general IT controls are weak.

Common AUD Candidate Mistakes

Mistake	Better approach
Memorizing reports without understanding engagement type	First identify audit, review, compilation, examination, or AUP
Choosing inquiry as sufficient evidence	Inquiry usually needs corroboration
Confusing completeness and existence	Completeness traces from source to records; existence vouches from records to source
Treating materiality as only numerical	Consider qualitative factors
Assuming all control deficiencies are material weaknesses	Evaluate likelihood and magnitude
Forgetting pervasiveness	Material/pervasive drives adverse vs qualified or disclaimer vs qualified
Mixing SSARS and SSAE	SSARS is for certain financial statement services; SSAE is attestation
Overlooking independence	Independence impairment often cannot be fixed by disclosure
Ignoring management responsibilities	Management owns FS, internal control, and representations
Thinking high risk means fewer procedures	High RMM means stronger evidence and lower detection risk

Fast Opinion Modification Drill

Use this decision table when practicing report questions.

Step	Ask	Result
1	Is the auditor independent?	If no, disclaimer or do not accept/continue depending on facts
2	Is there sufficient appropriate evidence?	If no, scope limitation
3	Are financial statements materially misstated?	If yes, GAAP departure/misstatement
4	Is the effect material?	If no, unmodified may still be appropriate
5	Is the effect pervasive?	Drives adverse/disclaimer vs qualified
6	Is disclosure adequate?	Inadequate disclosure can cause qualified/adverse opinion
7	Is emphasis needed without modifying opinion?	Consider emphasis-of-matter or other-matter

Final Review Checklist Before Practice

Before starting mixed AUD mock exams, confirm you can answer these quickly:

Which standards apply: GAAS, PCAOB, SSARS, SSAE, government/compliance?
What assurance level is provided?
What assertion is being tested?
Is the procedure a risk assessment, test of control, substantive test, or analytical procedure?
Is the evidence sufficient and appropriate?
Does the issue affect independence?
Is the misstatement material? Pervasive?
Is the issue a GAAP departure or a scope limitation?
Does the report need modification, emphasis, or other-matter language?
Are management representations required but not sufficient by themselves?
Is the event Type I or Type II?
Is the service organization report Type 1 or Type 2?
Is the sampling question about controls or dollar misstatement?

How to Use This Quick Review With Practice Questions

For CPA AUD, quick review only helps if you immediately apply it. After reading a section:

Do focused topic drills on that area.
Review detailed explanations for both correct and incorrect answers.
Track whether mistakes are due to standards knowledge, assertion matching, report selection, or wording traps.
Rework missed questions after a delay.
Move to mixed sets only after individual weak areas improve.

A practical next step is to use an independent companion practice question bank with original practice questions, topic drills, mock exams, and detailed explanations focused on AICPA U.S. CPA AUD - Auditing and Attestation (CPA AUD).

Study Plan