The Auditing and Attestation (AUD) section is one of the three Core sections every candidate must pass to earn the US Certified Public Accountant (CPA) license, and it tests how a newly licensed CPA plans, assesses risk, gathers evidence, and reports across audit, attestation, and accounting-and-review engagements. The 2026 blueprint splits AUD into four weighted areas: Ethics and General Principles (15 to 25%), Assessing Risk and Developing a Planned Response (25 to 35%), Performing Further Procedures and Obtaining Evidence (30 to 40%), and Forming Conclusions and Reporting (10 to 20%). Roughly 70% of the section sits at the Application skill level and above, so AUD rewards candidates who apply professional skepticism and judgment to a scenario rather than just recall a rule. The single most important habit it tests is matching the right standard to the engagement: an issuer audit under PCAOB rules differs from a nonissuer audit under AICPA standards, a governmental audit under GAGAS, or a review under SSARS. Read every question for the entity type (issuer or nonissuer) and engagement type before you answer.
What This Cheat Sheet Covers
This topic spans 48 focused tables and 471 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.
Table 1: AICPA Code of Professional Conduct
Maps to CPA AUD Area I-A.1, the AICPA Code of Professional Conduct: the general ethics rules every member must follow (integrity, objectivity, compliance with standards, confidentiality, acts discreditable) and the conceptual framework of threats and safeguards used when no specific rule fits. (Independence and its dedicated framework are covered in the next table.)
| Concept | Example | Description |
|---|---|---|
Principles = aspirational idealsRules = enforceableInterpretations = how to apply a rule | The Code has three layers. Only the Rules and Interpretations are enforceable; the Principles (responsibilities, public interest, integrity, objectivity, due care) are aspirational. The AICPA Code is comparatively rules-based, unlike the principles-based IESBA international code. | |
Firm partner who also sits on a charity board applies Part 1 and Part 2 | Beyond the preface, the Code is split into • Part 1 members in public practice • Part 2 members in business • Part 3 other members (retired, unemployed). A member can be subject to more than one part, and all AICPA members are bound (even non-CPAs). | |
Applies to a tax return, a consulting job, and an audit alike | In any professional service a member must keep objectivity and integrity, be free of conflicts of interest, and not knowingly misrepresent facts or subordinate judgment. Not to be confused with independence: objectivity applies to all services; independence only to attest. | |
Boss says book an entry you think is materially wrong → escalate, do not just defer | A member who concludes a supervisor's treatment could materially misstate the records must raise it to higher management and document the concern, not defer. Deferring on a material misstatement is a prohibited subordination of judgment. | |
Tax, review, audit, consulting each follow their designated standards | A member performing professional services must follow the standards set by bodies designated by Council (such as the Auditing Standards Board and the Accounting and Review Services Committee). Covers all service lines, not just audits, and applies regardless of client size. | |
Disclose without consent only for a valid subpoena, peer review, or ethics inquiry | A member in public practice must not disclose confidential client information without specific client consent. Narrow exceptions: a valid subpoena or summons (or law), a peer/practice review, and an ethics investigation or disciplinary proceeding. |