Content and Skill Specifications for the CPA Exam:

  1. (Effective January 2011)
  2. (Effective January 2014)


Here's where you do some work:

Review the CSOs/SSOs relevant to when you plan on taking the exam and copy/paste relevant entries that are related to Accounting Information System (see the example for the CSOs/SSOs for 2014). Then describe the relevant material from either ACG 4401 or ACG 6415 that you feel is relevant to the entry. This is a wiki so everyone can and should participate. We will discuss in class.

CSOs/SSOs 2011:

Exam Section Auditing and Attestation:


Exam Section Financial Accounting and Reporting:
  1. XBRL

Exam Section Regulation:


Exam Section Business Environment and Concepts:


CSOs/SSOs 2014:

Exam Section Auditing and Attestation:
  1. Consider Internal Control
    1. Perform procedures to assess the control environment, including consideration of the COSO framework and identifying entity-level controls
    2. Determine the effect of information technology on the effectiveness of an entity's internal control
    3. Identify key risks associated with general controls in a financial IT environment, including change management, backup/recovery, and network access (e.g. administrative rights).
  2. Effect of information technology on evidence gathering
    1. How to use an IT professional to help perform an audit
    2. Auditing around the system
      1. Re-perform a process by hand to see if you get the same results as the computer
    3. Auditing through the system (Computer Assisted Audit Techniques)
      1. May be the only way to do an audit when the accounting system is highly automated
      2. Auditor inserts a test input into the clients system to see what happens
    4. Generalized Audit Software Packages
      1. performs tests of controls and substantive tests on the clients system

Exam Section Financial Accounting and Reporting:


Exam Section Regulation:

  1. CPAs will be tested on their Legal Duties and Responsibilities
    A. Privileged communications, confidentiality, and privacy acts - This might include the laws like HIPPA or PCI-DSS standards that mandate organizations to protect consumer information that they store on their servers.

Exam Section Business Environment and Regulations:

  1. Identify the information systems within a business that are used to process and accumulate transactional data, as well as provide monitoring and financial reporting information.

  2. Distinguish between appropriate and inappropriate internal control systems, including system design, controls over data, transaction flow, wireless technology, and internet transmissions.

  3. Evaluate whether there is appropriate segregation of duties, levels of authorization, and data security in an organization to maintain an appropriate internal control structure.