Auditing and Attestation (AUD)

The AUD section tests whether you can connect a fact pattern to the right engagement responsibility, risk response, evidence decision, documentation requirement, and reporting outcome. This guide is meant to be read as a process flow rather than as a random collection of audit topics.

Chapter Map

• Part I: Introduction and Foundations for ethics, independence, engagement acceptance, and the professional framework that drives later audit judgments.
• Part II: Assessing Risk and Developing a Plan for internal control concepts, entity understanding, risk assessment, materiality, and planned responses.
• Part III: Performing Further Procedures and Obtaining Evidence for tests of controls, substantive work, sampling, estimates, and evidence evaluation.
• Part IV: Reporting, Attestation, and Related Engagements for audit conclusions, modifications, special reporting situations, and non-audit engagements that still appear in AUD scope.
• Part V: IT, Forensics, and ESG Assurance for IT, data, and newer cross-cutting issues that build on the core audit workflow.
• Part VI: Appendices for quick-reference material after the main reading path is in place.

How to Use This Guide

• Read Parts I through IV in order if audit workflow, evidence selection, or report consequences feel fragmented.
• Use Part V after the core sequence is stable so advanced topics reinforce, rather than replace, the main audit process.
• Return to Part VI only after the main chapters, when you want compressed review support before practice.

In this section

• AUD Introduction, Ethics, and Engagement Foundations
  AUD orientation to the profession, ethics, independence, engagement setup, and core audit foundations.
  • The Auditing Profession, Standard Setters, and AUD Exam Orientation
    Introduction to the external auditor's role, standard setters, AUD structure, and early study strategy.
    • Understanding the External Auditor's Role and Responsibilities
      How AUD frames the external auditor's objective, responsibilities, independence, and limits.
    • How AICPA, PCAOB, and GAO Standards Shaped Modern Auditing
      How major U.S. audit standard setters shaped modern audit responsibilities and methods.
    • Understanding AUD Exam Content, Format, and Tested Skills
      How the AUD section is structured and what skills it expects you to apply.
    • Study Strategies and Exam Techniques for AUD Preparation
      How to plan AUD study time, handle testlets, and improve preparation efficiency.
  • Ethics, Professional Responsibilities, and Auditor Independence
    AUD ethics coverage for professional conduct, independence, skepticism, liability, and applied ethical judgment.
    • Applying the AICPA Code of Professional Conduct in Audit Work
      How the AICPA Code frames ethical duties, enforceable rules, and auditor conduct.
    • Comparing Auditor Independence Requirements Across AICPA, PCAOB, SEC, GAO, and DOL
      How major independence regimes align, differ, and affect AUD conclusions.
    • Using Professional Skepticism and Judgment Throughout the Audit
      How auditors apply skepticism, avoid bias, and document judgment through the engagement.
    • Understanding Auditor Legal Liability and Malpractice Exposure
      How common-law and statutory liability shape auditor risk and professional care.
    • Working Through Audit Ethics Dilemmas and Practice Cases
      How ethics frameworks apply to real audit dilemmas, pressure, and professional consequences.
  • Engagement Acceptance, Terms, and Foundational Audit Requirements
    AUD engagement-setup coverage for prerequisites, predecessor communication, letters, documentation, quality control, and planning logistics.
    • Evaluating Audit Engagement Prerequisites Before Acceptance
      How auditors assess client integrity, competence, independence, and engagement risk before acceptance.
    • Communicating with Predecessor Auditors and Management Before Acceptance
      How successor auditors use management and predecessor communication in acceptance decisions.
    • Defining Audit Scope, Objectives, and Responsibilities in the Engagement Letter
      How engagement letters define scope, objectives, responsibilities, and audit terms.
    • Meeting Audit Documentation Requirements and Retention Rules
      How audit workpapers should be documented, organized, retained, and protected.
    • Maintaining Quality Control at the Firm and Engagement Levels
      How firm-level and engagement-level quality systems support compliant audit work.
    • Managing Engagement Staffing, Budgets, and Scheduling
      How staffing, budgets, and scheduling affect audit quality, timing, and engagement execution.
• AUD Risk Assessment, Internal Control, and Audit Planning
  AUD risk-assessment coverage for entity understanding, internal control, risk identification, and audit planning.
  • Understanding the Entity, Industry Pressures, and Fraud-Risk Context
    AUD entity-understanding coverage for industry factors, economic conditions, governance, and fraud-risk context.
    • Assessing Industry and Regulatory Influences on Audit Risk
      How industry-specific conditions and regulation shape audit risk assessment.
    • Evaluating Economic and Market Conditions in Audit Planning
      How macroeconomic and market conditions affect audit risk, assertions, and planning.
    • Understanding Corporate Governance and Sarbanes-Oxley Considerations
      How governance structure and SOX requirements influence audit risk and oversight.
    • Recognizing Fraud Risk Factors in the Planning Stage
      How the fraud triangle and related red flags shape early audit planning.
  • Internal Control Frameworks, IT Controls, and Control Documentation
    AUD control-framework coverage for COSO, entity-level controls, IT controls, walkthroughs, and control limitations.
    • Applying the COSO Internal Control Framework in Audit Planning
      How the COSO framework supports internal-control understanding in AUD.
    • Evaluating Entity-Level Controls and the Control Environment
      How entity-level controls and control environment design influence audit planning.
    • Understanding IT General Controls and Application Controls
      How IT general controls and application controls affect data reliability and audit strategy.
    • Using Walkthroughs, Flowcharts, and Narratives to Document Controls
      How auditors document control understanding through walkthroughs, flowcharts, and narratives.
    • Recognizing the Limits of Internal Control and Management Override
      Why internal control has unavoidable limits and how management override affects risk.
  • Identifying Risks of Material Misstatement, Assertions, and Materiality
    AUD risk-identification coverage for assertions, inherent versus control risk, fraud risk, and materiality.
    • Linking Significant Accounts, Transactions, and Assertions
      How auditors connect significant balances and transactions to the right assertions.
    • Distinguishing Inherent Risk from Control Risk
      How auditors separate inherent risk from control risk and evaluate RMM.
    • Responding to Fraud Risks Through Detection, Response, and Documentation
      How fraud-risk brainstorming, response planning, and documentation affect the audit.
    • Setting Materiality and Performance Materiality in the Audit
      How auditors set, revise, and apply materiality and performance materiality.
  • Planning Audit Strategy, Procedures, and Use of Others
    AUD planning coverage for strategy, procedure selection, group audits, use of others, and technology in planning.
    • Building the Overall Audit Strategy from Assessed Risk
      How overall audit strategy reflects financial-statement and assertion-level risk.
    • Selecting Audit Procedures by Nature, Timing, and Extent
      How risk drives the nature, timing, and extent of audit procedures.
    • Planning Group Audits, Component Auditors, and Consolidations
      How group audits are planned and supervised across components and consolidations.
    • Deciding When to Rely on Internal Audit, Specialists, and Others
      How external auditors evaluate reliance on internal audit, specialists, and service organizations.
    • Using Data Analytics and Emerging Technologies in Audit Planning
      How analytics, automation, AI, and emerging tools influence audit planning.
• AUD Further Procedures, Testing, and Audit Evidence
  AUD evidence-stage coverage for procedures, control testing, substantive work, estimates, and evaluation of results.
  • Gathering Sufficient Appropriate Audit Evidence
    AUD evidence-framework coverage for procedure types, sampling, evidence sources, analytics, and documentation.
    • Choosing Between Tests of Controls and Substantive Procedures
      How auditors choose between tests of controls and substantive procedures when designing evidence.
    • Using Audit Sampling to Gather Evidence Efficiently
      How audit sampling supports sufficient evidence while controlling engagement efficiency and sampling risk.
    • Collecting Evidence Through Observation, Inquiry, Inspection, and Confirmation
      How observation, inquiry, inspection, and confirmation provide different strengths of audit evidence.
    • Applying Analytical Procedures and Data Analytics in Audit Testing
      How auditors use analytical procedures and data analytics to identify anomalies and support testing.
    • Preparing Working Papers and Documenting Audit Results
      How working papers document procedures, evidence, conclusions, review, and retention requirements.
  • Testing Internal Controls and Evaluating Deviations
    AUD control-testing coverage for walkthroughs, deviations, deficiency communication, and integrated audit work.
    • Performing Walkthroughs, Reperformance, and Inspection of Controls
      How walkthroughs, reperformance, and inspection are used to test whether controls operate effectively.
    • Assessing Control Deviations and Their Effect on Risk
      How control deviations affect reliance, risk assessment, and the need for further audit work.
    • Communicating Control Deficiencies to Management and Governance
      How auditors classify and communicate control deficiencies to management and governance.
    • Testing ICFR in Public-Company Integrated Audits
      How auditors test ICFR in integrated audits of public companies under SOX and PCAOB requirements.
  • Substantive Testing of Accounts, Transactions, and Audit Cycles
    AUD substantive-testing coverage for major transaction cycles, inventory, fixed assets, and investments.
    • Substantive Testing of Revenue and Cash Receipts
      How auditors perform substantive testing over revenue recognition and cash receipts.
    • Substantive Testing of Purchases, Expenditures, and Payroll
      How auditors test purchases, expenditures, payroll, and related liabilities.
    • Auditing Inventory Observation, Existence, and Costing
      How auditors test inventory existence, observation procedures, and costing assertions.
    • Auditing Fixed Assets, Depreciation, and Impairment
      How auditors audit fixed assets, depreciation, disposals, and impairment indicators.
    • Auditing Investments and Fair Value Measurements
      How auditors test investments, valuation inputs, hierarchy classifications, and fair value disclosures.
  • Auditing Estimates, Related Parties, and Other Special Matters
    AUD special-matter coverage for estimates, related parties, litigation, going concern, and use of specialists.
    • Auditing Accounting Estimates, Provisions, and Contingencies
      How auditors evaluate management estimates, provisions, and contingencies for reasonableness and bias.
    • Auditing Related Parties, Transactions, and Disclosure
      How auditors identify related parties, test related-party transactions, and evaluate disclosures.
    • Auditing Legal Claims and Litigation Contingencies
      How auditors assess legal claims, litigation contingencies, and supporting evidence from counsel.
    • Evaluating Going Concern and Substantial Doubt
      How auditors evaluate going concern, management plans, and substantial-doubt reporting.
    • Using the Work of an Auditor's Specialist
      How auditors evaluate and use the work of specialists in high-judgment audit areas.
  • Evaluating Misstatements and Concluding on Audit Results
    AUD conclusion coverage for misstatement aggregation, qualitative materiality, final review, and pre-report steps.
    • Aggregating Identified Misstatements Across the Audit
      How auditors accumulate factual, judgmental, and projected misstatements across the engagement.
    • Evaluating Qualitative Factors That Affect Materiality
      How qualitative factors can make a small misstatement material in the final audit conclusion.
    • Reviewing Engagement Quality and Performing Final Analytics
      How engagement quality review and final analytical procedures support the closing audit assessment.
    • Completing Final Steps Before Issuing the Auditor's Report
      How auditors complete management representations, subsequent-events work, and final pre-report steps.
• AUD Reporting, Attestation, and Related Engagements
  AUD reporting coverage for audit opinions, ICFR, SSARS services, attestation work, and specialized engagements.
  • Audit Reporting, Opinion Types, and Explanatory Language
    AUD reporting coverage for opinion types, explanatory paragraphs, comparative statements, supplementary information, and disclosure problems.
    • Choosing Among Unmodified, Qualified, Adverse, and Disclaimer Opinions
      How auditors choose among unmodified, qualified, adverse, and disclaimer opinions.
    • Using Emphasis-of-Matter and Other-Matter Paragraphs in Audit Reports
      How emphasis-of-matter and other-matter paragraphs change audit report wording without always changing the opinion.
    • Reporting on Comparative Financial Statements and Predecessor Auditors
      How auditors report on comparative financial statements and handle predecessor-auditor involvement.
    • Addressing Supplementary and Other Information in Audit Reporting
      How auditors address supplementary information and other information presented with audited statements.
    • Responding to Omitted or Inconsistent Required Disclosures
      How omitted or inconsistent required disclosures affect report modification and wording.
  • Reporting on Internal Control Over Financial Reporting
    AUD ICFR reporting coverage for issuer requirements, integrated audits, deficiency communication, and report structure.
    • Applying PCAOB ICFR Reporting Requirements for Issuers
      How PCAOB standards shape ICFR reporting for issuers in integrated audits.
    • Linking Financial Statement and ICFR Reporting in Integrated Audits
      How financial statement and ICFR reporting are linked in integrated audits.
    • Communicating Significant Deficiencies and Material Weaknesses
      How auditors distinguish and communicate significant deficiencies and material weaknesses.
    • Choosing Combined or Separate ICFR Reports
      How auditors decide whether to issue combined or separate reports in ICFR engagements.
  • Special Reporting Frameworks, Interim Work, and Summary Reporting
    AUD special-reporting coverage for special-purpose frameworks, interim reviews, consistency issues, and summarized statements.
    • Reporting on Special-Purpose Frameworks
      How auditors report on cash-basis, tax-basis, regulatory-basis, and other special-purpose frameworks.
    • Performing and Reporting Interim Reviews of Public Companies
      How auditors perform and report interim reviews of public companies under the relevant standards.
    • Addressing Consistency, Accounting Changes, and Error Corrections
      How consistency issues, accounting changes, and error corrections affect reporting.
    • Reporting on Summarized Financial Statements
      How auditors report on condensed or summarized financial statements.
  • Review, Compilation, and Preparation Engagements Under SSARS
    AUD SSARS coverage for reviews, compilations, preparation engagements, reports, and assurance limits.
    • Understanding the SSARS Framework for Non-Audit Financial Statement Services
      How SSARS governs review, compilation, and preparation services for nonpublic entities.
    • Form, Content, and Limits of a Review Report
      How review reports are structured and what limits apply to the assurance provided.
    • Using Compilation Reports and Disclaimer Language
      How compilation reports use disclaimer language and differ from higher-assurance engagements.
    • Preparing Financial Statements with No Assurance
      How preparation engagements work when no assurance is provided.
  • Attestation Services, Compliance Reporting, and SOC Reports
    AUD attestation coverage for examinations, reviews, agreed-upon procedures, prospective information, compliance, and SOC reports.
    • Comparing SSAE Examinations, Reviews, and Agreed-Upon Procedures
      How SSAE examinations, reviews, and agreed-upon procedures differ in objective, work, and reporting.
    • Reporting on Forecasts and Projections
      How auditors and practitioners report on forecasts, projections, and other prospective information.
    • Performing Compliance Attestation and Other Special Reports
      How compliance attestation engagements and other special reports are structured and reported.
    • Understanding SOC 1, SOC 2, and SOC 3 Reports
      How SOC 1, SOC 2, and SOC 3 reports differ in purpose, users, and reporting scope.
  • Governmental Audits, Single Audits, and Restricted-Use Reporting
    AUD specialized-engagement coverage for Yellow Book work, single audits, governmental engagements, and restricted-use reports.
    • Applying Government Auditing Standards Under the Yellow Book
      How Yellow Book standards add ethical, independence, and reporting requirements in governmental audits.
    • Performing Single Audits of Federal Awards
      How single audits of federal awards are structured and reported under the applicable rules.
    • Handling Other Governmental and Specialized Engagements
      How other governmental and specialized engagements differ from standard financial statement audits.
    • Using Restricted-Use Reports and Compliance Reporting
      How restricted-use reports and compliance reporting work in specialized engagements.
  • Auditing Employee Benefit Plans and ERISA Reporting
    AUD specialized-audit coverage for employee benefit plans, ERISA requirements, plan procedures, and reporting.
    • Understanding Defined Contribution and Defined Benefit Plan Types
      How defined contribution and defined benefit plan structures affect the audit focus.
    • Applying DOL and ERISA Requirements in Plan Audits
      How DOL and ERISA requirements shape employee benefit plan audit obligations.
    • Performing Employee Benefit Plan Audit Procedures
      How audit procedures change in employee benefit plan engagements.
    • Reporting and Disclosure Issues in EBP Audits
      How reporting and disclosure issues are handled in employee benefit plan audits.
• AUD IT Audit, Forensic, and ESG Assurance Topics
  AUD advanced coverage for IT audit, cybersecurity, investigative work, and ESG-related assurance topics.
  • IT Auditing, Cybersecurity, and Technology-Enabled Audit Work
    AUD advanced coverage for IT audit fundamentals, modern environments, ITGC testing, analytics, cybersecurity, and cyber SOC.
    • Understanding IT Auditing Fundamentals
      How technology shapes modern auditing, control objectives, and audit reliance on information systems.
    • Auditing Cloud, Mobile, and IoT Environments
      How cloud, mobile, and IoT environments affect audit risk, controls, and cybersecurity concerns.
    • Testing and Documenting IT General Controls
      How auditors evaluate access, change management, operations, and other IT general controls.
    • Using Data Analytics and Automated Audit Tools
      How data analytics and automated tools support efficient, reliable audit testing.
    • Applying Cybersecurity Concepts in Audit Work
      How core cybersecurity concepts affect audit planning, controls, and evidence evaluation.
    • Understanding SOC for Cybersecurity Engagements
      How SOC for Cybersecurity engagements are scoped, supported, and reported.
  • Forensic Accounting, Fraud Investigation, and Litigation Support
    AUD advanced coverage for forensic work, fraud examination, data mining, litigation support, ethics, and investigative tools.
    • Understanding the Role of Forensic Accounting
      How forensic accounting differs from standard audit work and where it is used.
    • Using Fraud Examination Methods and Testing
      How fraud examination procedures are designed around suspected misconduct.
    • Applying Data Mining to Detect Irregularities
      How forensic practitioners use data mining to identify irregular patterns and exceptions.
    • Providing Litigation Support and Expert Witness Services
      How litigation support and expert witness work fit into forensic accounting engagements.
    • Maintaining Ethics and Independence in Forensic Engagements
      How ethics, objectivity, and independence issues shape forensic engagements.
    • Using Tools and Technologies in Forensic Audits
      How modern tools and technologies support forensic and investigative audit work.
    • Working Through Additional Forensic Audit Considerations
      How additional legal, cross-border, and confidentiality issues affect forensic audit work.
  • ESG Reporting, Metrics, and Assurance Engagements
    AUD advanced coverage for ESG frameworks, audit integration, reporting, metrics, standards, and future assurance demand.
    • Understanding Emerging ESG Reporting Frameworks
      How the main ESG reporting frameworks shape disclosure and assurance work.
    • Integrating ESG Risk into the Audit Process
      How ESG factors influence audit risk assessment, materiality, and planning.
    • Communicating ESG Results in External Reporting
      How ESG results are communicated in external reporting and assurance contexts.
    • Evaluating ESG Metrics and Verification Techniques
      How auditors and practitioners evaluate ESG metrics and verification approaches.
    • Managing ESG Standard-Setting and Reporting Challenges
      How changing standards, data quality, and greenwashing risk affect ESG assurance.
    • Applying AICPA Standards to ESG Assurance Engagements
      How AICPA assurance standards apply to ESG examination and review engagements.
    • Assessing the Future Outlook for ESG Assurance
      How investor demand, regulation, and market practice are shaping the future of ESG assurance.
• AUD Appendices and Reference Materials
  AUD quick-reference material for standards, pronouncements, report patterns, letters, and glossary review.
  • AICPA and PCAOB Standards Reference for AUD
    AUD appendix coverage for the main standards families and where they apply in exam-relevant audit work.
    • Overview of AICPA and PCAOB Audit Standards
      Understand the main AICPA and PCAOB standards families, where they apply, and how they shape AUD exam expectations.
    • Comparing the Structure and Scope of AICPA and PCAOB Standards
      Compare how AICPA and PCAOB standards differ in scope, independence, documentation, and integrated-audit requirements.
  • Pronouncements and Standard Updates Relevant to AUD
    AUD appendix coverage for pronouncement categories and update patterns that matter during review.
    • Overview of Pronouncement Types Used in AUD
      Review the main pronouncement categories behind AUD topics, including ASUs, SASs, and SSAEs.
    • Recent Pronouncements That Commonly Affect AUD Review
      Review the major accounting and auditing pronouncements that most often affect AUD study and practice context.
  • Illustrative Auditor Reports and Opinion Patterns
    AUD appendix coverage for model report structure, report wording, and opinion-pattern recognition.
    • Purpose and Structure of Illustrative Auditor Reports
      Review why illustrative auditor reports matter and how their standard sections help with faster opinion recognition.
    • Example Audit Opinion Scenarios for AUD Review
      Use example audit opinion scenarios to distinguish clean, qualified, adverse, and disclaimer outcomes.
  • Engagement Letters and Management Representation Letters
    AUD appendix coverage for engagement-document examples and the role of formal written representations.
    • How Engagement Letters Define Audit Scope and Responsibilities
      Review how engagement letters define scope, responsibilities, timing, fees, and key audit limitations.
    • How Management Representation Letters Support Audit Conclusions
      Review the purpose, required content, and audit implications of management representation letters.
  • AUD Glossary and Common Abbreviations
    AUD appendix reference for recurring terms, abbreviations, and standards vocabulary.
    • AUD Glossary of Audit Terms and Abbreviations
      Use this AUD glossary to review recurring audit terms, abbreviations, frameworks, and standards references.