CPA Exam AUD Complete Guide — PCAOB Standards, Procedures, and Opinion Types

Why Auditing Matters for the CPA Exam

Auditing (AUD) is one of the four core CPA exam sections and tests a skill set unique to the CPA credential: the independent verification of financial statements. Attest services — including audits, reviews, and compilations — are restricted to licensed CPAs under state accountancy laws.

An audit is the process by which an independent CPA examines a company’s financial statements and concludes whether they are presented fairly, in all material respects, in accordance with the applicable financial reporting framework (US GAAP or IFRS, as applicable).

The US Auditing Standards Framework

The US has a dual-standard system — candidates must know when each body’s standards apply.

Key Standard-Setters

Standard-Setter	Standards	Applies To
AICPA (Auditing Standards Board)	Statements on Auditing Standards (SAS) / AU-C	Non-public entities (private companies, nonprofits, governments)
PCAOB	Auditing Standards (AS)	SEC-registered issuers (public companies) and their auditors
GAO	Government Auditing Standards (Yellow Book)	Federal programs; required for Single Audit Act engagements
IAASB	International Standards on Auditing (ISA)	International context; increasingly tested on CPA exam

Selected PCAOB Auditing Standards

Standard	Content
AS 1001	Responsibilities and Functions of the Independent Auditor
AS 2101	Audit Planning
AS 2110	Identifying and Assessing Risks of Material Misstatement
AS 2201	An Audit of Internal Control Over Financial Reporting (ICFR)
AS 2301	The Auditor’s Responses to the Risks of Material Misstatement
AS 2401	Consideration of Fraud in a Financial Statement Audit
AS 3101	The Auditor’s Report on an Audit of Financial Statements
AS 3110	Dating of the Independent Auditor’s Report

The Three Phases of an Audit

Phase 1: Planning

Materiality: the threshold above which a misstatement would influence the decision of a reasonable financial statement user
- Common benchmarks: 3–5% of pretax income; 0.5–1% of revenues; 1% of total assets
Risk assessment: evaluate IR × CR to determine required DR → plan audit procedures
Audit approach: risk-based (test controls + targeted substantive) vs. purely substantive

Phase 2: Gathering Evidence

Audit evidence is obtained through two broad procedure types:

Tests of Controls:

Purpose: evaluate whether controls are designed and operating effectively
Examples: re-perform authorization procedures; inspect exception logs; observe segregation of duties
Required by PCAOB AS 2201 for integrated audits of public companies

Substantive Procedures:

Tests of details: directly verify account balances or transactions (confirmation, physical inspection, vouching, tracing)
Substantive analytical procedures: compare recorded amounts to independently developed expectations (trend analysis, ratio analysis, regression)

Audit Risk (AR) = Inherent Risk (IR) × Control Risk (CR) × Detection Risk (DR)

Inherent Risk (IR): the susceptibility of an assertion to a material misstatement, assuming no controls exist
Control Risk (CR): the risk that a misstatement will not be prevented or detected by the entity’s internal controls
Detection Risk (DR): the risk that auditor procedures will not detect a remaining misstatement

The auditor sets an acceptable level of AR, assesses IR and CR, then solves for the required DR:

DR = AR ÷ (IR × CR)

Lower required DR → more rigorous, extensive audit procedures needed.

High-Yield Exam Topics

Must-Know for AUD

Materiality calculation: basis amount selection rationale + calculation
Opinion decision logic: misstatement type (material vs. pervasive) + cause (misstatement vs. scope limitation) → opinion type
AS 2110 / AU-C 315 risk assessment procedures: understand the entity, industry, and control environment; perform preliminary analytical procedures
Communication hierarchy: management (day-to-day) vs. those charged with governance (board/audit committee) — different communications required
PCAOB integrated audit: AS 2201 ICFR audit runs simultaneously with financial statement audit; top-down, risk-based approach

Frequently Tested Concepts

Professional skepticism: a questioning mind and critical assessment of audit evidence; not mere suspicion — an objective mindset
Audit evidence: sufficiency vs. appropriateness: sufficiency = quantity; appropriateness = relevance and reliability. Higher reliability: external confirmations > auditor-generated evidence > client representations
Going concern (AU-C 570 / AS 2415): auditor evaluates whether substantial doubt exists about the entity’s ability to continue as a going concern for 12 months; may require explanatory paragraph or disclaimer
Analytical procedures: used in planning (preliminary), as substantive procedures (must be precise enough to detect material misstatements), and in the overall review at completion

Study Checklist

Know all four opinion types and the exact condition triggering each
Apply the Audit Risk Model to calculate Detection Risk and adjust procedure scope
Explain AS 2110 / AU-C 315 risk assessment procedures step by step
Define materiality and explain the three common quantitative bases
Describe professional skepticism with a concrete example
Distinguish AICPA GAAS from PCAOB Auditing Standards and know when each applies
Explain the PCAOB integrated audit (AS 2201) top-down approach
Identify what must be communicated to management vs. the audit committee

CPA Exam AUD Complete Guide — PCAOB Standards, Procedures, and Opinion Types

Why Auditing Matters for the CPA Exam

The US Auditing Standards Framework

Key Standard-Setters

Selected PCAOB Auditing Standards

The Three Phases of an Audit

Phase 1: Planning

Phase 2: Gathering Evidence

Phase 3: Reporting

The Four Audit Opinion Types

1. Unmodified Opinion (Clean Opinion)

2. Qualified Opinion

3. Adverse Opinion

4. Disclaimer of Opinion

The Audit Risk Model

High-Yield Exam Topics

Must-Know for AUD

Frequently Tested Concepts

Study Checklist

OIYO Editorial