CPA Exam Lab
All patterns
Risk and materiality

The Risk Assessment

Understand the entity and its controls first, and identify what rises to a significant risk.

How the exam words it

The playbook

  1. 1Understanding internal control is required in every audit, testing controls is not.
  2. 2Risk assessment procedures (inquiry, analytics, observation and inspection) are all required, and alone they do not support the opinion.
  3. 3Map the item to its COSO component (control environment is the foundation, monitoring watches the others), and flag inherent risks near the top of the range as significant.

The trap

Thinking testing controls is required in every audit. Only understanding controls is required, testing is a choice.

How the exam varies it

The same pattern, re-skinned along these axes:

Understanding the entity, a COSO component, or a significant riskManagement's own risk assessment versus the auditor's proceduresWhich risk assessment procedure is at issue

Drill this pattern

8 questions of The Risk Assessment from across the AUD topics. Clear it by getting 5 right with a streak of 3.

Shows up in 1 AUD topic