Back to CPA Exam

CPA Exam · Cheat Sheet

AUD — Auditing & Attestation (Core)

Tip: Use your browser's print function (Ctrl+P / Cmd+P) to save as PDF for offline study.

AUD — Auditing & Attestation (Core) | CHEAT SHEET

---

INDEPENDENCE & PROFESSIONAL SKEPTICISM

Conceptual Framework (Threats & Safeguards)

  • Identify threat → 2. Evaluate significance → 3. Apply safeguard → 4. Accept/decline
  • |---|---|---|

    Two dimensions required: Independence *in fact* (actual) + Independence *in appearance* (third-party view)

    Professional Skepticism vs. Judgment

    |---|---|---|

    ---

    AUDIT RISK MODEL

    AR = IR × CR × DR

    |---|---|---|

    Key Relationships

    • ↑ RMM (IR × CR)↓ DR needed → More/better evidence
    • Strong controlsHigher tolerable DRLess substantive work
    • Low RMMHigher DR acceptableMinimal procedures needed

    Risk Assessment Levels

    • Financial statement level (pervasive): management override, going concern, industry downturn → Overall strategy adjustments
    • Assertion level (specific): individual accounts → Targeted further procedures

    ---

    FURTHER PROCEDURES & EVIDENCE QUALITY

    Tests of Controls vs. Substantive Procedures

    |---|---|

    Substantive Procedure Types (Reliability Rank)

  • Physical inspection (inventory count, securities) — most reliable
  • Direct confirmation (bank balances, receivables) — external, third-party
  • Document examination (invoices, contracts, general ledger) — review source docs
  • Analytical procedures — relationships, ratios, trends — least reliable alone
  • Higher risk = higher-quality evidence needed (e.g., third-party > internal docs)

    Timing Decisions

    • Interim testing (before year-end) — OK for low-risk, strong controls
    • Year-end testing — Required for high-risk, fraud risk, significant estimates

    ---

    MATERIALITY & JUDGMENTS

    Materiality threshold = Auditor sets acceptable RMM level

    |---|---|---|

    Qualitative factors also matter: related-party transactions, regulatory breaches, fraud, ratios.

    ---

    AUDIT PROCEDURES — QUICK DECISION TREE

    |---|---|

    ---

    EVIDENCE EVALUATION & DOCUMENTATION

    Sufficient, appropriate audit evidence required (AU-C 500)

    • Sufficiency = quantity (sample size, number of procedures)
    • Appropriateness = quality (relevance, reliability, source)

    Audit documentation must be:

    • Clear, organized, indexed
    • Show conclusion reached
    • Support the opinion issued
    • Retained ≥7 years (5 for non-public clients)

    ---

    HIGH-YIELD THRESHOLDS & FORMULAS

    |---|---|

    ---

    COMMONLY CONFUSED PAIRS

    |---|---|
    ThreatExampleSafeguard
    Self-interestOwns stock in audit clientDivest; restrictions on financial interests
    Self-reviewAuditing own prior work (tax return → audit)Separate engagement teams; QA review
    AdvocacyRepresenting client in legal disputeWithdraw from audit or litigation role
    FamiliarityLong-term engagement partner relationshipPartner rotation (every 5 years for public)
    IntimidationClient threatens to fire if opinion qualifiedEscalate to audit committee; consider withdrawal
    SkepticismJudgment
    WhatQuestioning attitudeDecision-making process
    WhenContinuously throughout auditAt specific decision points
    ExampleChallenge management assertionsDetermine materiality threshold
    ComponentControlled ByDirection
    Audit Risk (AR)Auditor sets goal (typically ≤5%)Target risk of wrong opinion
    Inherent Risk (IR)Client/environmentGiven; complexity, fraud exposure
    Control Risk (CR)Client controlsAssess via control testing
    Detection Risk (DR)Auditor proceduresTHE LEVER — adjust nature/timing/extent
    Test of ControlsSubstantive Procedure
    Tests if control operates effectivelyTests if assertion is materially correct
    Only performed if planning to rely on controlAlways needed for significant risks
    Attributes testing (sample size formulas)Variables testing or analytical
    TypeDefinitionUse
    Planning materialityQuantitative benchmark (~5% net income or 1% sales)Set scope; evaluate RMM
    Performance materiality~50–75% of planning materialityDrive sample sizes
    Trivial thresholdAggregate uncorrected misstatements below this → not adjusted~5% of planning materiality
    ScenarioProcedure Type
    Verify existence of physical assetInspection / observation
    Confirm customer owes $ amountDirect confirmation
    Check if all sales invoicedTests of completeness (analytical or data analytics)
    Verify accounts receivable agingRecalculation + inspection of supporting docs
    Test if control over cash receipts worksTest of control (attributes sampling)
    Detect overstatement of inventoryAnalytical procedures; cutoff testing
    ConceptThreshold/Rule
    Materiality~0.5–5% of benchmark (income, sales, equity)
    Performance materiality~50–75% of planning materiality
    Trivial/clearly trivial~5% of planning materiality
    Audit risk tolerance≤ 5% (typically 1–5%)
    Lead audit partner rotation (public)Every 5 years
    Audit documentation retention≥ 7 years
    Control reliance requiresTesting controls; cannot use untested controls
    PairDistinction
    Inherent risk vs. control riskInherent = raw risk; Control = can be reduced by controls
    Detection risk vs. audit riskDR = risk of failing to detect error; AR = risk of wrong opinion
    Interim vs. year-endInterim = before period end (allows control reliance); Year-end = more reliable for fraud

    Aligned to the AICPA CPA Exam Blueprints.

    Make this cheat sheet yours

    Personalize this sheet — focus it however you study, or build one from the exact questions you keep getting wrong.

    Sign up free to create a personalized cheat sheet.