Browse Auditing and Attestation (AUD)

AUD Glossary of Audit Standards, Control Terms, and Abbreviations

Feb 7, 2025

Review recurring AUD abbreviations, standards labels, control frameworks, reporting terms, and audit-risk vocabulary.

On this page

This glossary is a quick reference for AUD terms that often appear in standards, evidence, reporting, internal-control, and attestation questions. Use it to decode a fact pattern, not as a substitute for applying the rule. The same term can matter differently depending on whether the engagement is a nonissuer audit, issuer audit, review, compilation, attestation engagement, or government audit.

Standards and Pronouncement Labels

    flowchart TD
	    A["AUD term in question"] --> B{"What does it identify?"}
	    B --> C["Accounting framework"]
	    B --> D["Audit standards"]
	    B --> E["Attestation or unaudited service"]
	    B --> F["Regulatory or governmental context"]
	    C --> G["GAAP, FASB ASC, ASU"]
	    D --> H["GAAS, AU-C, SAS, PCAOB AS"]
	    E --> I["SSAE / AT-C, SSARS / AR-C, SOC"]
	    F --> J["SEC, PCAOB, GAO, ERISA, NIST"]

The diagram shows the first question to ask: is the term about accounting, auditing, attestation, unaudited services, or regulatory context?

Term Meaning AUD use
GAAP Generally accepted accounting principles. The financial reporting framework management applies and the auditor evaluates.
FASB ASC FASB Accounting Standards Codification. Authoritative U.S. GAAP source for nongovernmental entities.
ASU Accounting Standards Update. FASB update that amends the ASC and may change audit risks, evidence, and disclosures.
GAAS Generally accepted auditing standards. Baseline audit standards for many nonissuer financial statement audits.
SAS Statement on Auditing Standards. AICPA pronouncement that creates or amends nonissuer audit requirements.
AU-C Codified AICPA clarified auditing standards. Main citation structure for nonissuer audit requirements.
PCAOB AS PCAOB auditing standards. Standards for issuer audits and certain PCAOB-covered engagements.
SSARS Statements on Standards for Accounting and Review Services. Standards for preparation, compilation, and review engagements.
SSAE Statements on Standards for Attestation Engagements. Standards for examinations, reviews, agreed-upon procedures, and many SOC engagements.
AT-C Codified AICPA attestation standards. Citation structure for many attestation engagement requirements.

Organizations and Regulators

Term Meaning AUD use
AICPA American Institute of Certified Public Accountants. Professional organization whose boards issue nonissuer audit, attestation, and accounting-and-review service standards.
ASB Auditing Standards Board. AICPA board that issues SASs and SSAEs.
ARSC Accounting and Review Services Committee. AICPA committee that issues SSARS guidance.
FASB Financial Accounting Standards Board. Issues accounting standards for nongovernmental U.S. GAAP.
PCAOB Public Company Accounting Oversight Board. Oversees registered firms that audit public companies, other issuers, and broker-dealers.
SEC Securities and Exchange Commission. Federal securities regulator; relevant to issuer filings, auditor independence, and PCAOB oversight context.
GAO Government Accountability Office. Issues Government Auditing Standards, commonly called the Yellow Book.
DOL Department of Labor. Important in employee benefit plan audit contexts, including ERISA plans.
NIST National Institute of Standards and Technology. Cybersecurity and technology framework source that may appear in IT-control context.

Engagement and Assurance Terms

Term Meaning AUD use
Audit Engagement that provides reasonable assurance and an opinion on financial statements. Requires sufficient appropriate audit evidence.
Review Engagement that provides limited assurance. Emphasizes inquiry and analytical procedures rather than audit-level evidence.
Compilation Engagement that assists with financial statement presentation and provides no assurance. Governed by SSARS, not audit standards.
Preparation Service to prepare financial statements and provide no assurance. Do not treat it as an audit or review.
Examination Attestation engagement that generally provides reasonable assurance on subject matter against criteria. Often tested under SSAE / AT-C logic.
Agreed-upon procedures Engagement where the practitioner performs specified procedures and reports findings. Does not provide an opinion or assurance conclusion.
SOC 1 Service organization control report relevant to user entities’ ICFR. May provide evidence to a user auditor when relevant to financial reporting assertions.
SOC 2 Service organization control report over trust services criteria. Useful for technology-control context but not automatically financial-statement evidence.
SOC 3 General-use SOC report with less detailed control information. Usually less useful to a user auditor than a detailed SOC 1 or SOC 2 report.

Internal Control and Risk Terms

Term Meaning AUD use
ICFR Internal control over financial reporting. Central to issuer integrated audits and to risk assessment in all financial statement audits.
COSO Common internal-control framework. Frequently used to evaluate control design and ICFR components.
Control environment The tone, governance, ethics, and accountability foundation of internal control. Weaknesses can affect multiple audit areas.
Risk assessment Entity process for identifying and analyzing risks. Distinct from the auditor’s own audit risk assessment, though related.
Control activities Policies and procedures that help ensure management directives are carried out. Examples include approvals, reconciliations, segregation of duties, and system controls.
Information and communication Systems and processes that capture and communicate relevant information. Important for transaction processing and financial reporting.
Monitoring activities Ongoing or separate evaluations of control performance. Weak monitoring may increase control risk.
Material weakness Control deficiency, or combination of deficiencies, severe enough to create a reasonable possibility that a material misstatement will not be prevented or detected timely. In an integrated audit, it prevents ICFR from being considered effective.
Significant deficiency Less severe than a material weakness but important enough to merit governance attention. Must be communicated to appropriate parties.

Evidence, Materiality, and Fraud Terms

Term Meaning AUD use
Materiality Threshold for whether an omission or misstatement could influence users’ decisions. Drives audit planning, evaluation, and reporting decisions.
Performance materiality Amount set below overall materiality to reduce aggregation risk. Helps determine nature, timing, and extent of procedures.
Audit risk Risk that the auditor expresses an inappropriate opinion when financial statements are materially misstated. Involves inherent risk, control risk, and detection risk.
Inherent risk Susceptibility of an assertion to misstatement before controls. Higher for complex estimates, fraud-prone accounts, and unusual transactions.
Control risk Risk that controls will not prevent or detect and correct a misstatement timely. Higher when controls are poorly designed or not operating effectively.
Detection risk Risk that audit procedures will not detect an existing material misstatement. Reduced by changing nature, timing, and extent of substantive procedures.
Professional skepticism A questioning mind and critical assessment of audit evidence. Required throughout the audit, especially with management estimates and fraud risk.
Fraud triangle Pressure, opportunity, and rationalization. Useful for identifying fraud risk factors but not a substitute for required procedures.
Sufficient appropriate evidence Enough evidence of the right quality to support the opinion. Sufficiency is quantity; appropriateness is relevance and reliability.

Reporting and Regulatory Terms

Term Meaning AUD use
Issuer Public company or other entity subject to issuer audit requirements. Often signals PCAOB standards and SEC independence context.
Nonissuer Entity whose audit is not required to be performed under PCAOB issuer standards. Often signals AICPA AU-C standards.
Integrated audit Audit of financial statements and ICFR performed together. Associated with PCAOB AS 2201 for many public companies.
CAM Critical audit matter. PCAOB issuer-reporting concept for matters communicated to the audit committee that meet the standard’s criteria.
Emphasis-of-matter paragraph Paragraph drawing attention to a matter appropriately presented or disclosed in the financial statements. Does not modify the opinion by itself.
Other-matter paragraph Paragraph referring to matters other than those presented or disclosed in the financial statements. Used when relevant to users’ understanding of the audit, auditor responsibility, or report.
ERISA Employee Retirement Income Security Act. Relevant to employee benefit plan audit requirements.
Yellow Book GAO Government Auditing Standards. Applies to audits of government entities and entities receiving government awards when required.

Exam Use Notes

  • Start with the engagement type before applying a term.
  • Do not apply PCAOB issuer-reporting rules to a nonissuer unless the facts say PCAOB standards apply.
  • Do not treat a review, compilation, or preparation as an audit.
  • A material weakness affects the ICFR conclusion; the financial statement opinion depends on misstatement and evidence facts.
  • SOC reports differ by type and by whether they report on design only or design and operating effectiveness.
  • Accounting terms such as GAAP, ASC, and ASU affect what management reports; audit terms affect how the auditor obtains evidence and reports.

Review Questions

### Which term refers to the authoritative U.S. GAAP source for nongovernmental entities? - [ ] PCAOB AS. - [ ] GAO Yellow Book. - [x] FASB ASC. - [ ] SSARS. > **Explanation:** The FASB Accounting Standards Codification is the authoritative U.S. GAAP source for nongovernmental entities. ### Which engagement provides no assurance and is governed by SSARS? - [ ] Financial statement audit. - [ ] Examination engagement. - [x] Compilation engagement. - [ ] PCAOB integrated audit. > **Explanation:** A compilation helps present financial statements but does not provide assurance. ### Which SOC report type is most directly relevant to user entities' internal control over financial reporting? - [x] SOC 1. - [ ] SOC 2 only. - [ ] SOC 3 only. - [ ] ERISA report. > **Explanation:** SOC 1 reports address controls at a service organization that are relevant to user entities' ICFR. ### In an integrated audit, what is the effect of a material weakness in ICFR? - [ ] It always creates an adverse financial statement opinion. - [x] It prevents ICFR from being considered effective. - [ ] It eliminates the need for substantive procedures. - [ ] It is communicated only if management requests it. > **Explanation:** A material weakness requires an adverse ICFR conclusion, but the financial statement opinion depends on the financial statements and evidence obtained. ### Which phrase best describes professional skepticism? - [ ] Assuming management is dishonest in every engagement. - [ ] Accepting management explanations unless contradicted. - [x] Maintaining a questioning mind and critically assessing audit evidence. - [ ] Replacing audit evidence with intuition. > **Explanation:** Professional skepticism requires a questioning mind and critical evaluation of evidence without assuming either dishonesty or unquestioned honesty.
Revised on Monday, June 15, 2026