AUD Cheat Sheet & Quick Reference
Every framework, formula, and decision matrix in one place. The AUD exam tests judgment — but judgment is easier when you have the frameworks memorized cold.
1. Audit Risk Model (AU-C 315/320/330)
AR = IR × CR × DR
Rearranged: DR = AR / (IR × CR) — this is how you determine acceptable detection risk
- IR and CR are assessed by the auditor (can’t be changed). DR is controlled through the nature, timing, and extent of substantive procedures.
- If CR increases → DR must decrease → MORE substantive testing needed
- Inverse relationship: Detection risk moves inversely to assessed IR and CR
- Acceptable audit risk is typically set at 5% (sometimes given as 0.05)
2. Materiality Framework (AU-C 320)
Overall Materiality: 5% of pre-tax income (common benchmark) — or 0.5–1% of revenue, 1–2% of total assets depending on entity
Performance Materiality: 50–75% of overall materiality (used to set scope of testing)
Trivially Small Threshold: ~5% of overall materiality (below this, don’t accumulate)
Materiality is based on the users’ needs, not management’s.
3. Opinion Decision Matrix (AU-C 700/705)
| Material, NOT Pervasive | Material AND Pervasive | |
|---|---|---|
| Misstatement (GAAP departure) | Qualified (“except for”) | Adverse (“not fairly presented”) |
| Scope Limitation (insufficient evidence) | Qualified (“except for”) | Disclaimer (“do not express an opinion”) |
- Emphasis-of-Matter: Added for properly disclosed matters (e.g., going concern). Does NOT modify opinion.
- Other-Matter: For matters NOT in the financial statements (e.g., report restriction). Does NOT modify opinion.
4. Engagement Types & Assurance Levels (AU-C 200, SSARS 21)
| Engagement | Assurance | Report Language | Independence? | Standard |
|---|---|---|---|---|
| Audit | Reasonable (high) | “Present fairly in all material respects” | Required | SAS / PCAOB |
| Review | Limited (moderate) | “Not aware of material modifications” | Required | SSARS |
| Compilation | None | “Did not audit or review” | Not required (disclose if not) | SSARS |
| Preparation | None | No report (legend on each page) | Not required | SSARS |
| AUP | None (findings only) | Factual findings only | Required | SSAE |
5. COSO Internal Control Framework
5 Components:
Control Environment → Risk Assessment → Control Activities → Information & Communication → Monitoring
- Control Environment = “Tone at the top” — foundation of everything else
- 17 Principles map to the 5 components
- The auditor must UNDERSTAND all 5 components in every audit (AU-C 315)
6. Sampling Quick Reference (AU-C 530)
Attribute Sampling: Tests controls (Yes/No — did the control work?). Result = deviation rate.
Variables Sampling: Tests dollar amounts of balances. Result = estimated misstatement amount.
- Sample size increases when: confidence level increases, tolerable rate decreases, expected rate increases
Upper Deviation Rate > Tolerable Rate → Controls NOT effective → increase substantive testing
Key rule: Both statistical and nonstatistical sampling are acceptable under GAAS
7. Evidence Hierarchy (AU-C 500/505)
Most reliable → least reliable:
- External evidence from independent third parties (bank confirmations)
- External evidence routed through the entity (bank statements received by client)
- Internal evidence with strong controls (system-generated reports with IT controls)
- Internal evidence with weak controls (manually prepared schedules)
- Oral evidence (inquiry of management)
Confirmations (AU-C 505)
- Positive confirmation: asks respondent to reply whether they agree OR disagree. Use for large/unusual balances.
- Negative confirmation: asks respondent to reply ONLY if they disagree. Use for large volume of small balances with low expected misstatement.
8. Vouching vs. Tracing
Vouching: Records → Source Documents = tests EXISTENCE / OCCURRENCE (catches overstated/fictitious items)
Tracing: Source Documents → Records = tests COMPLETENESS (catches unrecorded/understated items)
9. Subsequent Events (AU-C 560)
Type 1 (Recognized): Condition EXISTED at balance sheet date → ADJUST the financial statements
Examples: Settlement of litigation for an amount different from recorded, customer bankruptcy confirming existing bad debt
Type 2 (Non-recognized): NEW condition AFTER balance sheet date → DISCLOSE only (do not adjust)
Examples: Fire destroying a plant after year-end, new litigation arising after year-end
10. Going Concern (AU-C 570)
- Substantial doubt about going concern + adequate disclosure = Unmodified opinion + Emphasis-of-Matter paragraph
- Substantial doubt + INADEQUATE disclosure = Qualified or Adverse opinion (depending on pervasiveness)
- Management’s plans that can mitigate: sell assets, borrow, restructure, reduce costs, increase equity
11. Key Report Dates
Report date: Date auditor obtained sufficient appropriate evidence (AU-C 700)
Representation letter date: Same as report date (AU-C 580)
Subsequent events responsibility: Through the report date
Assembly deadline: Documentation must be assembled within 60 days after the report release date (AU-C 230)
Retention: Audit documentation retained for minimum 5 years from report release date
12. Government & Single Audit Quick Reference
- Yellow Book (Government Auditing Standards): GAAS + additional reporting on internal control and compliance
- Single Audit required when entity expends ≥$750,000 in federal awards
- Type A programs: Larger programs (>$750,000 or 3% of total federal expenditures, whichever is less)
- Type B programs: Smaller programs
Reports required in a Single Audit:
- Financial statements
- Schedule of Expenditures of Federal Awards (SEFA)
- IC over financial reporting
- IC over compliance
- Compliance with major programs
Keep Studying
This cheat sheet pairs best with active practice. Jump into the study guides and strategy pages below.