Fast review mode: answers are shown by default so you can skim quickly. Hide them if you want to self-test.
The AICPA Audit (AUD) section of the CPA exam focuses heavily on ethical standards, professional responsibilities, and internal control frameworks, specifically linking the COSO Internal Control—Integrated Framework with Sarbanes-Oxley Act (SOX) compliance requirements.
I. CPA AUD Ethics & Professional Responsibilities The AUD section covers the ethical framework and professional standards that auditors must follow, primarily guided by the AICPA Code of Professional Conduct and international ethics standards.
Independence: Auditors must maintain independence in appearance and fact when performing audits. Ethical Principles: Key principles include integrity, objectivity, competence, and due care. Internal Control Relevance: The control environment, a key part of COSO, reflects the attitude and ethical actions of management toward internal controls, which influences employee behavior.
II. Sarbanes-Oxley Act (SOX) - 2002 Enacted to restore investor confidence following major corporate accounting scandals (e.g., Enron, WorldCom), SOX applies to publicly held companies and their auditors.
SOX Section 404: Requires management and external auditors to report on the adequacy of the company's internal control over financial reporting (ICFR). Management Certification: CEO and CFO must certify the financial statements and the effectiveness of internal controls. Audit Committee: Requires audit committees to be directly responsible for the appointment, compensation, and oversight of the external auditor. Penalties: Imposes severe penalties for fraudulent financial reporting and destruction of documents.
III. The COSO Framework The Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed a comprehensive framework for designing, implementing, and evaluating internal controls. The 2013 framework is the widely accepted standard used to comply with SOX 404.
The 5 Components of COSO (C.R.I.M.E): Control Environment: Sets the tone of an organization, influencing the control consciousness of its people. Includes commitment to integrity and ethical values. Risk Assessment: Identification and analysis of relevant risks to achieving objectives. Control Activities: Policies and procedures that ensure management directives are carried out (e.g., segregation of duties, approvals, verifications). Information and Communication: Systems that support the identification, capture, and exchange of information in a timely manner. Monitoring Activities: A process that assesses the quality of internal control performance over time.
Key Aspects for the CPA Exam: Principles-Based: The five components are supported by 17 principles. SOX Integration: COSO is the preferred framework for meeting SOX Section 404 requirements regarding internal control assessments. Internal Audit: The COSO framework often requires robust internal audit departments for ongoing monitoring.
Difference Between COSO and SOX: COSO is the framework (the guidelines for building good internal control). SOX is the law (the mandate to have working internal controls for public companies). Analogy: SOX is the law requiring a seatbelt (control), and COSO is the engineering standard for how to build a safe seatbelt.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.