Understanding the Entity and Its Environment
Section 2 is 25-35% of the AUD exam — expect 8-12 MCQs per sitting on risk assessment topics. The #1 AICPA trap is confusing the requirement to UNDERSTAND internal control (required in all audits per AU-C 315) with the requirement to TEST controls (only when relying on them). Candidates frequently miss that AU-C 315 requires the auditor to understand the entity's information system and related business processes — not just the five COSO components in isolation. When you see a question about 'obtaining an understanding,' think AU-C 315 risk assessment procedures: inquiry, observation, inspection, and analytical procedures.
CPA Exam Lab is an independent study resource and is not affiliated with, endorsed by, or sponsored by the AICPA® or NASBA. Practice questions are original content created for study purposes. “CPA” is a registered trademark of the AICPA.
What AICPA Wants You to Know
- 1Identify the components of the entity's environment the auditor must understand
- 2Explain the purpose of understanding internal control in risk assessment
- 3Describe risk assessment procedures: inquiry, observation, inspection, and analytical procedures
- 4Understand the five components of internal control (COSO framework)
- 5Recognize how industry and regulatory factors affect audit risk