Place AICPA AU-C standards, PCAOB auditing standards, and related engagement standards in the right AUD exam context.
The AUD exam expects candidates to recognize which professional standards govern the engagement before choosing a procedure, report, or communication. A question may mention an audit, review, compilation, attestation engagement, issuer, nonissuer, broker-dealer, or service organization. Each label points to a different standards family.
This page is an orientation map. Use it to place the major standards families before studying the more detailed AICPA-versus-PCAOB comparison in the next appendix section.
flowchart TD
A["Engagement facts"] --> B{"Is it a financial statement audit?"}
B -->|Yes| C{"Issuer or PCAOB-covered entity?"}
C -->|Yes| D["PCAOB auditing standards"]
C -->|No| E["AICPA AU-C standards"]
B -->|No| F{"What service is being performed?"}
F --> G["Review, compilation, or preparation: SSARS / AR-C"]
F --> H["Attestation: SSAE / AT-C or PCAOB attestation standards"]
F --> I["Governmental or compliance context: identify added requirements"]
The exam workflow is not “memorize every standard number.” It is: identify the engagement, identify the standard setter, then apply the correct responsibility.
| Standards family | Common AUD role | What candidates should recognize |
|---|---|---|
| AICPA AU-C standards | Audits of nonissuers not required to follow PCAOB standards | Overall objectives, planning, risk assessment, evidence, documentation, communications, and auditor reporting under GAAS. |
| PCAOB auditing standards | Audits of issuers and certain PCAOB-covered entities | Public-market audit requirements, registered-firm obligations, integrated audit requirements, inspection exposure, and PCAOB reporting rules. |
| AICPA SSARS / AR-C standards | Preparation, compilation, and review engagements for nonpublic entities | These are not audits; they provide different service levels and reporting responsibilities. |
| AICPA SSAE / AT-C standards | Attestation engagements outside a traditional financial statement audit | Examinations, reviews, agreed-upon procedures, SOC work, and subject-matter criteria. |
| Governmental or compliance standards | Government audits, single audits, or specialized compliance work | Added requirements may supplement GAAS, especially for independence, reporting, and compliance testing. |
The AICPA Auditing Standards Board issues Statements on Auditing Standards for audits of nonissuers. In current practice, those requirements are organized in AU-C sections. The AU-C framework is the default standards home for many private-company, nonprofit, and other nonissuer financial statement audits.
For AUD, the most important point is how the AU-C framework organizes audit thinking:
The AU-C label is therefore more than a citation format. It tells you the engagement is being performed under generally accepted auditing standards for a nonissuer audit unless the facts point elsewhere.
PCAOB standards apply in the public-company audit environment and to certain other PCAOB-covered engagements, including broker-dealer contexts. The PCAOB framework includes auditing standards, attestation standards, ethics and independence rules, quality control standards, and a regulatory inspection and enforcement structure.
AUD questions commonly use PCAOB standards to test differences in public-company audits:
Do not treat PCAOB standards as merely “stricter AU-C.” Many concepts overlap, but the public-market setting changes the auditor’s responsibilities, report, and oversight environment.
Internal control is part of every financial statement audit because the auditor must understand it to assess risk. The standards framework question is whether the auditor also expresses an opinion on internal control effectiveness.
In many nonissuer audits, the auditor uses internal control understanding to plan the audit but does not issue an internal control opinion. In a PCAOB integrated audit under AS 2201, the auditor audits both the financial statements and internal control over financial reporting. The objectives are related but not identical. A material weakness can produce an adverse internal control opinion even when substantive procedures support an unmodified financial statement opinion.
AUD candidates often lose points by defaulting to audit logic when the engagement is not an audit. Preparation, compilation, review, examination, and agreed-upon procedures engagements are different services with different assurance levels and report language.
Use these distinctions:
| Engagement clue | Do not assume | Better exam response |
|---|---|---|
| Preparation or compilation | Reasonable assurance | Identify SSARS responsibilities and the absence of an audit opinion. |
| Review | Audit-level evidence | Recognize limited assurance and inquiry/analytical procedure emphasis. |
| Examination | Financial statement audit | Identify subject matter, criteria, and reasonable assurance in an attestation context. |
| Agreed-upon procedures | Opinion or conclusion | Recognize procedures and findings without assurance. |
| SOC report | One generic control report | Identify SOC type, report type, subject matter, and user-auditor relevance. |
Standard numbers are useful when they help you classify the topic. They are less useful when memorized without context.
| Reference | Broad topic |
|---|---|
| AU-C 200 | Overall objectives and conduct of a GAAS audit |
| AU-C 230 | Audit documentation |
| AU-C 315 | Understanding the entity and assessing risks of material misstatement |
| AU-C 500 series | Audit evidence topics |
| AU-C 700 series | Auditor reporting for nonissuer audits |
| PCAOB AS 2110 | Identifying and assessing risks of material misstatement |
| PCAOB AS 2201 | Integrated audit of internal control over financial reporting and financial statements |
| PCAOB AS 3101 | Unqualified report on an issuer financial statement audit |
The exam normally gives enough context to decide the answer without requiring a full standards library citation. Treat citations as clues about the engagement phase and standard setter.