CPA AUD (Auditing & Attestation) Glossary
30 essential terms and definitions for CPA AUD (Auditing & Attestation). Each definition is written for exam preparation, covering the concepts as they are tested on the 2026 syllabus.
A
- Adverse Opinion
- Adverse opinion is an audit report opinion issued when the auditor concludes that the financial statements are materially misstated and do not present fairly in conformity with the applicable financial reporting framework.
- Analytical Procedures
- Analytical procedures are audit procedures that evaluate financial information by studying plausible relationships among both financial and non-financial data, used in planning, as substantive evidence, and as a required procedure in the overall review stage.
- Assertions
- Assertions are representations by management embedded in the financial statements, categorized into classes of transactions (occurrence, completeness, accuracy, cutoff, classification), account balances (existence, rights, completeness, valuation), and presentation and disclosure.
- Attestation Engagement
- Attestation engagement is an engagement in which a CPA issues an examination, review, or agreed-upon procedures report on subject matter or an assertion about subject matter that is the responsibility of another party.
- Audit Evidence
- Audit evidence is all the information used by the auditor to arrive at the conclusions on which the audit opinion is based, evaluated in terms of sufficiency (quantity) and appropriateness (quality, including relevance and reliability).
- Audit Risk
- Audit risk is the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated, composed of inherent risk, control risk, and detection risk.
- Audit Sampling
- Audit sampling is the application of an audit procedure to less than 100% of items within a population for the purpose of drawing conclusions about the entire population, with results subject to sampling risk.
C
- Compilation Engagement
- Compilation engagement is a non-assurance service in which an accountant assists management in presenting financial information in the form of financial statements without providing any assurance on the statements.
- Confirmation
- Confirmation is audit evidence obtained as a direct written response from a third party (such as a bank, customer, or creditor), considered highly reliable because it originates from a source independent of the entity.
- Control Risk
- Control risk is the risk that a material misstatement could occur in a financial statement assertion and not be prevented or detected on a timely basis by the entity's internal controls.
- COSO Framework
- COSO Internal Control Framework is the widely adopted framework for designing and evaluating internal controls, consisting of five components: control environment, risk assessment, control activities, information and communication, and monitoring activities.
D
- Detection Risk
- Detection risk is the risk that the auditor's procedures will fail to detect a material misstatement that exists in a financial statement assertion, and is the only component of audit risk that the auditor can control.
- Disclaimer of Opinion
- Disclaimer of opinion is an audit report in which the auditor does not express an opinion on the financial statements, issued when the auditor is unable to obtain sufficient appropriate audit evidence to form an opinion.
E
- Emphasis-of-Matter Paragraph
- Emphasis-of-matter paragraph is an additional paragraph in the audit report that draws attention to a matter already presented or disclosed in the financial statements that is of such importance that it is fundamental to users' understanding.
F
- Fraud Risk Factors
- Fraud risk factors are conditions or events that indicate incentive, pressure, opportunity, or rationalization for committing fraud, which the auditor must consider when assessing the risk of material misstatement due to fraud.
G
- Going Concern
- Going concern is the assumption that an entity will continue to operate for the foreseeable future. The auditor is required to evaluate whether substantial doubt exists about the entity's ability to continue as a going concern for one year from the financial statement date.
I
- Inherent Risk
- Inherent risk is the susceptibility of a financial statement assertion to a material misstatement, assuming no related internal controls, influenced by the nature of the account, complexity of transactions, and the economic environment.
- Internal Control
- Internal control is a process designed and implemented by management and those charged with governance to provide reasonable assurance regarding the reliability of financial reporting, effectiveness of operations, and compliance with applicable laws.
M
- Material Weakness
- Material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected on a timely basis.
- Materiality
- Materiality is the magnitude of an omission or misstatement that, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users of the financial statements.
P
- PCAOB
- Public Company Accounting Oversight Board (PCAOB) is the nonprofit corporation established by the Sarbanes-Oxley Act of 2002 to oversee the audits of public companies and SEC-registered broker-dealers, setting auditing and quality control standards.
Q
- Qualified Opinion
- Qualified opinion is an audit opinion issued when the auditor concludes that the financial statements are fairly presented except for a specific matter, due to either a material but not pervasive misstatement or a scope limitation.
R
- Review Engagement
- Review engagement is a limited assurance engagement in which the accountant performs inquiry and analytical procedures to obtain a basis for expressing limited assurance that no material modifications are needed to the financial statements.
- Risk of Material Misstatement
- Risk of material misstatement is the combined assessment of inherent risk and control risk that a financial statement assertion contains a material misstatement before considering audit procedures.
S
- Sampling Risk
- Sampling risk is the risk that the auditor's conclusion based on a sample may differ from the conclusion reached if the entire population were tested, comprising the risk of incorrect acceptance and the risk of incorrect rejection.
- Significant Deficiency
- Significant deficiency is a deficiency, or combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness yet important enough to merit the attention of those charged with governance.
- SOC Report
- SOC (System and Organization Controls) report is an independent auditor's report on the controls at a service organization, with SOC 1 covering controls relevant to financial reporting and SOC 2 covering security, availability, processing integrity, confidentiality, and privacy.
- Substantive Procedures
- Substantive procedures are audit procedures designed to detect material misstatements at the assertion level, consisting of tests of details (of transactions, balances, or disclosures) and substantive analytical procedures.
T
- Test of Controls
- Test of controls is an audit procedure performed to evaluate the operating effectiveness of internal controls in preventing or detecting material misstatements, conducted when the auditor plans to rely on those controls to reduce substantive testing.
U
- Unmodified Opinion
- Unmodified opinion (clean opinion) is the standard audit report issued when the auditor concludes that the financial statements are presented fairly, in all material respects, in accordance with the applicable financial reporting framework.