CPA AUD — U.S. - Auditing and Attestation Scenario Practice Guide

How to Approach CPA AUD Scenario Questions

The AICPA CPA AUD exam tests whether you can apply auditing, attestation, review, compilation, ethics, independence, evidence, reporting, and professional responsibility concepts to practical fact patterns. Scenario questions often include familiar audit terms, but the best answer usually depends on the exact engagement, the auditor’s role, the timing, the evidence available, and the reporting consequence.

Your goal is not to recognize a buzzword and answer quickly. Your goal is to identify the professional decision being tested and select the response that is most defensible under the facts given.

A strong CPA AUD scenario-reading process should help you answer questions such as:

• What type of engagement is described?
• Who has responsibility for the item in question?
• What stage of the engagement are we in?
• What assertion, risk, control, procedure, or report issue is relevant?
• Is the question asking for the best next step, the likely effect, the required communication, or the proper report treatment?
• Which answer fits all the facts, not just one familiar phrase?

Start With the Engagement Type

Before analyzing details, identify the engagement. AUD scenarios can change dramatically based on whether the service is an audit, review, compilation, preparation, examination, agreed-upon procedures engagement, or another attestation service.

Ask:

• Is assurance being provided?
• What level of assurance is described, if any?
• Is the practitioner expressing an opinion, a conclusion, or no assurance?
• Is the subject matter historical financial statements, prospective information, controls, compliance, or another assertion?
• Is this for an issuer, nonissuer, governmental entity, or another context identified by the scenario?

This first step matters because the same fact can lead to different answers depending on the engagement.

For example:

• In an audit, the auditor obtains sufficient appropriate audit evidence to support an opinion.
• In a review, the accountant generally performs inquiry and analytical procedures and provides limited assurance.
• In a compilation, the accountant assists with presenting financial information and does not provide assurance.
• In an agreed-upon procedures engagement, procedures and findings are reported, but the practitioner does not provide an overall opinion or conclusion.

Do not let a scenario’s use of the word “financial statements” automatically make you think “audit.” Confirm the engagement first.

Identify the Role of Each Party

CPA AUD scenarios often test responsibility. Many wrong answer choices sound reasonable because they assign a task to the wrong party.

Separate the roles:

Management

Management is generally responsible for:

• Preparing and fairly presenting the financial statements
• Designing, implementing, and maintaining internal control
• Selecting and applying accounting policies
• Making accounting estimates
• Providing representations
• Adjusting the financial statements when necessary

Auditor or practitioner

The auditor or practitioner is generally responsible for:

• Planning and performing the engagement with professional skepticism
• Assessing risks when required by the engagement
• Designing procedures responsive to assessed risks
• Obtaining and evaluating evidence
• Forming the appropriate opinion, conclusion, or report
• Documenting work performed and conclusions reached

Those charged with governance

Those charged with governance may be relevant when the scenario involves:

• Required communications
• Significant audit findings
• Auditor independence
• Significant difficulties encountered
• Disagreements with management
• Material weaknesses or significant deficiencies
• Oversight of the financial reporting process

Specialists, component auditors, internal auditors, and service organizations

When another party appears in the scenario, ask how their work affects the auditor’s responsibilities. The auditor may be able to use certain work, but using another party’s work does not automatically remove the auditor’s responsibility for the overall conclusion.

Find the Actual Decision Point

Many CPA AUD questions include a long fact pattern, but the decision point is often narrow. Before reading the answer choices deeply, restate the question in your own words.

Look for the task word:

• “Which procedure would be most appropriate?”
• “What is the auditor’s best response?”
• “What is the effect on the report?”
• “Which communication is required?”
• “What should the auditor do next?”
• “Which evidence is most persuasive?”
• “Which condition indicates a risk?”
• “Which statement is correct?”

Then identify the tested category:

• Planning
• Risk assessment
• Internal control
• Substantive testing
• Audit evidence
• Sampling
• Written representations
• Subsequent events
• Going concern
• Related parties
• Accounting estimates
• Misstatements
• Reporting
• Ethics and independence
• Review, compilation, or attestation standards

A useful restatement might be:

• “The question is not asking whether revenue is risky. It is asking which procedure best addresses the occurrence assertion.”
• “The question is not asking whether the auditor may use a specialist. It is asking what the auditor must evaluate before relying on the specialist’s work.”
• “The question is not asking whether a control exists. It is asking whether the deficiency is significant enough to communicate.”

Build a Timeline

AUD scenarios are often time-sensitive. The correct response can depend on whether the event occurs before fieldwork, during fieldwork, after the report date, or after the report is released.

Track the timeline carefully:

• Engagement acceptance or continuance
• Planning
• Risk assessment
• Interim testing
• Year-end procedures
• Completion and evaluation
• Date of the auditor’s report
• Report release
• Discovery of later information

Timeline clues are especially important for:

• Subsequent events
• Subsequently discovered facts
• Going concern evaluation
• Written representations
• Legal letters
• Management refusal to provide information
• Changes in engagement scope
• Report dating
• Use of predecessor auditor information
• Communication with governance

If the answer choice recommends a procedure that would have been useful earlier but does not address the current stage, it may not be the best answer.

Separate Relevant Facts From Distractors

CPA AUD scenarios may include extra facts that are accurate but not decisive. Your job is to determine which facts affect the professional conclusion.

Facts that usually matter

Pay close attention to:

• Engagement type
• Reporting framework
• Issuer or nonissuer context, when identified
• Materiality
• Risk of material misstatement
• Assertion being tested
• Control design versus operating effectiveness
• Nature, timing, and extent of procedures
• Reliability of evidence
• Management’s response or refusal
• Whether the matter is isolated or pervasive
• Whether the issue is corrected or uncorrected
• Whether the auditor has sufficient appropriate evidence
• Whether required written representations or communications are missing

Facts that may be distractors

Be cautious with facts that sound important but do not answer the decision point, such as:

• A large dollar amount without materiality context
• A familiar account name when the question asks about reporting
• A control description when the question asks about substantive procedures
• A management explanation without supporting evidence
• A general statement about risk when the scenario asks for a specific assertion
• An impressive-sounding procedure that does not address the stated issue

A fact is relevant if it changes the correct professional response. If it does not change the response, do not let it drive your answer.

Use Assertions to Match Procedures to Risks

Many CPA AUD scenarios test whether you can connect a risk to the correct assertion and then choose an appropriate audit procedure.

Common assertion logic includes:

• Existence or occurrence: Did the asset or transaction actually exist or occur?
• Completeness: Are all items that should be recorded included?
• Accuracy, valuation, or allocation: Are amounts recorded properly?
• Rights and obligations: Does the entity have the rights or obligations?
• Cutoff: Are transactions recorded in the correct period?
• Presentation and disclosure: Is the item properly classified, described, and disclosed?

When the question asks for the best procedure, do not choose a procedure merely because it relates to the account. Choose the procedure that addresses the specific assertion.

Examples:

• If the risk is overstated inventory, observation and test counts may be more relevant than searching for unrecorded items.
• If the risk is unrecorded liabilities, searching subsequent disbursements or unmatched receiving documents may be more relevant than confirming recorded payables.
• If the risk is revenue recorded before it is earned, cutoff testing and inspection of shipping or delivery terms may be more relevant than recalculating the sales journal.

The procedure must fit the risk, the assertion, and the available evidence.

Evaluate Audit Evidence: Sufficiency and Appropriateness

AUD scenarios often ask which evidence is most persuasive or whether the auditor has enough evidence to support a conclusion.

Think in two dimensions:

Sufficiency

Sufficiency concerns the quantity of evidence. Higher risk usually requires more evidence or more persuasive evidence.

Ask:

• Is the sample size or extent of testing appropriate for the risk?
• Has the auditor tested enough items to support the conclusion?
• Is additional evidence needed because the result was unexpected?
• Does the issue affect only one account or multiple areas?

Appropriateness

Appropriateness concerns relevance and reliability.

Ask:

• Does the evidence directly address the assertion?
• Is it from an independent external source?
• Was it obtained directly by the auditor?
• Is it documentary or oral?
• Is it original, electronic, internally generated, or externally generated?
• Are internal records reliable enough given the control environment?

A management explanation may help the auditor understand an issue, but it usually does not replace corroborating evidence when audit evidence is required.

Read Internal Control Scenarios in Layers

Internal control questions often require you to distinguish among design, implementation, and operating effectiveness.

Use this sequence:

1. What is the control objective?
2. What could go wrong?
3. What control is intended to prevent, detect, or correct that problem?
4. Is the question asking whether the control is properly designed?
5. Is the question asking whether the control has been implemented?
6. Is the question asking whether the control operated effectively over time?
7. What evidence would support that conclusion?

For example, a control may be well designed on paper but not operating effectively. Or a control may operate, but not address the relevant risk.

Also identify the type of control:

• Authorization
• Reconciliation
• Segregation of duties
• Physical safeguards
• IT access control
• Review control
• Exception reporting
• Change management control

Then connect the control to the risk. A bank reconciliation may detect cash recording issues, but it does not necessarily address whether revenue was recognized in the correct period.

Distinguish Risk Assessment From Risk Response

CPA AUD scenarios often include both risk indicators and procedures. Identify whether the question is asking about assessing risk or responding to risk.

Risk assessment questions

These focus on identifying and evaluating risks. Clues include:

• Understanding the entity and its environment
• Understanding internal control
• Performing preliminary analytical procedures
• Considering fraud risk factors
• Identifying significant risks
• Determining where material misstatement could occur

Risk response questions

These focus on what the auditor does after identifying a risk. Clues include:

• Nature, timing, and extent of further audit procedures
• Tests of controls
• Substantive procedures
• More persuasive evidence
• Procedures closer to year-end
• Assigning more experienced personnel
• Increasing sample sizes or changing procedure types

If a scenario says the auditor has already identified a significant risk, the best answer is likely a response, not another general planning step.

Treat Fraud Scenarios With Professional Skepticism

When fraud risk appears, focus on the required audit reasoning rather than assuming every suspicious fact proves fraud.

Ask:

• What fraud risk factor is present?
• Which account or assertion is affected?
• Is management involved?
• Is there a risk of management override?
• What procedure would provide evidence?
• Is communication required?
• Does the issue affect the audit report?

Fraud scenarios often require escalation in evidence quality, unpredictability in procedures, or attention to management override. But the answer still must match the specific risk.

For instance, if the scenario involves unusual manual journal entries near period-end, a relevant response may involve testing journal entries and examining support. If the scenario involves incentives to overstate revenue, the best response may focus on revenue recognition, cutoff, or collectability, depending on the facts.

Check Independence and Ethics Before Technical Procedures

Some AUD scenarios test whether the CPA may perform the engagement at all or whether safeguards, disclosures, or role limitations are relevant.

Before selecting a technical audit procedure, check whether the scenario raises:

• Financial interests
• Employment relationships
• Family relationships
• Loans or business relationships
• Nonattest services
• Management responsibilities
• Advocacy or familiarity threats
• Fee or contingent fee concerns
• Confidential client information
• Integrity and objectivity issues

If independence is impaired for an attest engagement, performing more audit procedures does not fix the problem. If the scenario asks about a nonattest service, identify whether the CPA is assuming management responsibility or whether management accepts responsibility for the service.

Keep the analysis tied to the facts provided. Do not add relationships or safeguards that the scenario does not state.

Check Authority, Documentation, and Written Representations

Documentation and written evidence are recurring AUD decision points. When the scenario involves a missing signature, refusal, oral explanation, or disagreement, ask what evidence is required and who must provide it.

Important documentation-related clues include:

• Engagement letter or agreement on terms
• Management representation letter
• Attorney letter or legal inquiry
• Audit documentation of procedures and conclusions
• Communications with those charged with governance
• Documentation of significant findings
• Documentation of departures from planned procedures
• Documentation of consultation or disagreement resolution

If management refuses to provide necessary written representations, the issue may affect the auditor’s ability to obtain sufficient appropriate evidence. If documentation is incomplete, the question may focus on whether the work supports the conclusion rather than whether the conclusion is convenient.

Use Materiality and Pervasiveness to Analyze Reporting

Reporting questions often require a disciplined sequence. Do not jump directly to a report type.

Ask:

1. Is there a misstatement or a scope limitation?
2. Is the issue material?
3. Is the issue pervasive?
4. Has management corrected or disclosed the issue?
5. Has the auditor obtained sufficient appropriate evidence?
6. Does the matter require modification, emphasis, other-matter communication, or another report change?
7. Does the engagement type affect the report wording?

This sequence helps you distinguish between issues such as:

• A material misstatement versus an inability to obtain evidence
• A corrected misstatement versus an uncorrected misstatement
• A disclosure issue versus a recognition or measurement issue
• A matter that affects the opinion versus a matter highlighted in the report
• An audit report issue versus a review, compilation, or attestation report issue

Do not choose a report modification simply because the scenario describes a serious matter. First decide whether the financial statements are misstated, whether evidence is lacking, and whether the effect is material and pervasive.

Read Review, Compilation, and Preparation Scenarios Separately From Audits

A common CPA AUD challenge is shifting from audit logic to accounting and review service logic.

When the scenario is not an audit, reset your expectations:

Review engagement

Ask:

• Is limited assurance being provided?
• Are inquiry and analytical procedures central?
• Did the accountant become aware of information suggesting the financial statements may be materially misstated?
• Is additional inquiry or procedure needed?
• Is the report appropriately worded for a review?

Compilation engagement

Ask:

• Is any assurance being provided?
• Is the accountant assisting with presenting financial information?
• Are management responsibilities clear?
• Are independence disclosures relevant?
• Are the financial statements appropriate in form and free from obvious material misstatement?

Preparation engagement

Ask:

• Is the accountant preparing financial statements without issuing a compilation, review, or audit report?
• Are required legends or statements relevant?
• Is management responsible for the financial statements?

The correct answer often depends on recognizing that procedures appropriate in an audit may be excessive, irrelevant, or misstated in a non-audit service.

Interpret Attestation Scenarios by Subject Matter and Criteria

Attestation scenarios may involve subject matter other than historical financial statements. Focus on:

• Subject matter
• Criteria
• Responsible party
• Practitioner’s role
• Type of attestation engagement
• Level of assurance, if any
• Intended users
• Report language and restrictions, when relevant

Ask whether the criteria are suitable and available. Without suitable criteria, the practitioner may not be able to evaluate the subject matter in a meaningful way.

For agreed-upon procedures, remember that the practitioner performs specified procedures and reports findings. The users evaluate the findings themselves. Do not convert an agreed-upon procedures engagement into an examination opinion.

Slow Down on “Best Next Action” Questions

“Best next action” questions require sequencing. More than one answer may be professionally reasonable in general, but only one is the best next step under the facts.

Use this order:

1. Is there an independence, acceptance, or ethical issue that must be resolved first?
2. Is the auditor missing essential information?
3. Is more evidence needed before forming a conclusion?
4. Does management need to be asked to correct, disclose, or explain?
5. Does the auditor need to communicate with governance?
6. Does the matter affect the report?
7. Is withdrawal or disclaimer-type reasoning only relevant after less severe steps fail or when the facts support it?

For example, if the auditor identifies an unexpected fluctuation, the immediate response may be to investigate by inquiry and corroborating procedures, not to modify the report. If management refuses access to necessary evidence, reporting consequences may become relevant.

Compare Answer Choices by Professional Defensibility

When answer choices are close, compare them using defensibility rather than familiarity.

A defensible CPA AUD answer usually:

• Addresses the exact decision point
• Matches the engagement type
• Respects management and auditor responsibilities
• Uses appropriate evidence for the assertion
• Fits the timing of the engagement
• Responds proportionately to risk and materiality
• Does not overstate assurance
• Does not ignore required communication or documentation
• Avoids unnecessary extreme action unless the facts justify it

A weak answer often:

• Solves a different problem
• Uses an audit procedure in a review or compilation context
• Assigns management’s responsibility to the auditor
• Relies only on oral representations when corroboration is needed
• Treats a control as effective without testing operating effectiveness
• Modifies a report before evaluating materiality, pervasiveness, or evidence
• Provides a broad conclusion when the engagement reports only procedures and findings

A Practical CPA AUD Scenario Reading Routine

Use the same routine on practice questions until it becomes automatic.

First pass: classify

Before looking deeply at the answer choices, identify:

• Engagement type
• Parties involved
• Timing
• Account, assertion, or report issue
• Whether the question asks for a procedure, conclusion, communication, or report effect

Second pass: isolate the decision

Underline or mentally tag:

• The exact question stem
• The fact that changes the answer
• Any limitation, refusal, exception, or unusual condition
• Whether the matter is material, pervasive, significant, or merely informational

Third pass: predict

Before reading all answers, predict the type of response:

• More evidence
• A specific procedure
• Communication
• Documentation
• Management correction or representation
• Report modification or explanatory language
• No effect, if the facts do not require one

Fourth pass: eliminate

Remove answers that:

• Apply the wrong engagement standard
• Address the wrong assertion
• Occur at the wrong time
• Overstate or understate assurance
• Skip required evidence
• Assign responsibility to the wrong party
• Reach a reporting conclusion too soon

Final pass: choose the most complete answer

Select the answer that fits the full scenario, even if another answer contains a familiar audit term.

Short Examples of Scenario Reasoning

Example 1: Procedure matched to assertion

Scenario idea: The auditor is concerned that recorded sales near year-end may have been recognized before the earnings process was complete.

Reasoning:

• Engagement type: audit
• Area: revenue
• Likely assertion: cutoff or occurrence, depending on facts
• Best procedure type: inspect shipping, delivery, contract, or other support tied to the revenue recognition timing
• Less helpful answer: recalculate the sales journal if the issue is whether the sale belonged in the period

Example 2: Management representation is missing

Scenario idea: Management refuses to provide a written representation letter.

Reasoning:

• Role: management provides written representations
• Evidence issue: refusal may limit the auditor’s ability to obtain sufficient appropriate evidence
• Decision point: effect on completion and reporting
• Best answer: address the refusal as a serious evidence and scope issue, rather than simply substitute oral inquiry

Example 3: Review engagement issue

Scenario idea: During a review, the accountant becomes aware of information suggesting inventory may be materially misstated.

Reasoning:

• Engagement type: review, not audit
• Assurance level: limited assurance
• Decision point: response to information suggesting material misstatement
• Best answer: perform additional inquiry or procedures as needed, rather than automatically issue an audit-style opinion modification without further analysis

Example 4: Internal control deficiency

Scenario idea: A supervisor reviews exception reports, but there is no evidence the review was performed or exceptions were resolved.

Reasoning:

• Control design may sound appropriate
• Operating effectiveness is not supported without evidence of performance
• Documentation matters
• Best answer: recognize the lack of evidence supporting operation, not merely the existence of a control description

Final Review Checklist for CPA AUD Scenarios

Before you commit to an answer, ask:

• Did I identify the engagement type correctly?
• Did I identify the role of management, auditor, practitioner, or governance?
• Did I determine whether the question asks about planning, evidence, reporting, ethics, or communication?
• Did I match the procedure to the assertion or risk?
• Did I consider timing?
• Did I distinguish misstatement from scope limitation?
• Did I evaluate materiality and pervasiveness when reporting is involved?
• Did I avoid using audit logic for review, compilation, preparation, or agreed-upon procedures questions?
• Did I choose the answer that is most defensible from the facts actually provided?

How to Practice This Efficiently

For final review, do not only count how many CPA AUD practice questions you answer. Track how you read them.

After each scenario question, write one short note:

• “Engagement type was the key.”
• “Assertion was cutoff, not completeness.”
• “Question asked for next step, not final report.”
• “Evidence was insufficient because management only provided an oral explanation.”
• “This was a review engagement, not an audit.”

Then drill weak areas by topic and finish with mixed timed sets so you practice switching among audit evidence, internal control, reporting, ethics, and attestation scenarios. Use scenario practice to build a repeatable decision sequence, then test that sequence under mock-exam timing.