CPA Exam · Cheat Sheet
---
| Component | Definition | |
| IaaS | Provider manages hardware/network; customer manages OS, runtime, apps (AWS EC2) | |
|---|---|---|
| PaaS | Provider manages hardware/OS/runtime; customer manages apps, data (Salesforce) | |
| SaaS | Provider manages everything; customer manages user data only (Microsoft 365) | |
| Phase | Key Activity | |
| Planning | Scope, feasibility, resources | |
| Requirements | Gather functional & non-functional needs | |
| Design | Architecture, database, security design | |
| Development | Code per specifications | |
| Testing | Unit → Integration → System → UAT | |
| Implementation | Go-live, data conversion, training | |
| Maintenance | Fixes, enhancements, monitoring | |
| Control Type | Examples | |
| Input | Edit checks, validity checks, range checks, check digits, completeness, duplicates | |
| Processing | Run-to-run totals, balancing, reasonableness checks | |
| Output | Report distribution, reconciliation to inputs | |
| Factor | Examples | |
| Something you know | Password, PIN | |
| Something you have | Token, smart card, OTP | |
| Something you are | Biometrics (fingerprint, face, retina) | |
| Type | Mechanism | Use Case |
| Symmetric | Same key encrypt/decrypt (AES) | Large data volumes; fast |
| Asymmetric | Public + private keys (PKI) | Key distribution, digital signatures |
| TLS/HTTPS | Asymmetric handshake → symmetric session | Secure web traffic |
| Control | Function | |
| Firewall | Filters traffic by IP/port/protocol | |
| IDS | Detects intrusions (passive alert) | |
| IPS | Prevents intrusions (active block) | |
| DMZ | Buffer zone between internet & internal network | |
| Segmentation | Isolates critical assets; limits blast radius |
Continuous Monitoring = Management monitors controls in real-time (automated)
Continuous Auditing = Auditors perform procedures in real-time or near-real-time
Key Analytical Techniques:
Data Sources for Testing: ERP transactions, journal entries (fraud), payroll, AP
---
✓ Field mapping (source → target) ✓ Parallel processing (both systems running) ✓ Reconcile before/after totals ✓ Retain pre-migration backups ✓ Full control total reconciliation
---
EXAM FOCUS:
Aligned to the AICPA CPA Exam Blueprints.
Personalize this sheet — focus it however you study, or build one from the exact questions you keep getting wrong.