What's New on the CPA Audit Exam in 2026

The CPA Audit Exam will now be asking questions about Practice Monitoring and Peer Reviews.

CPAs engaged in the practice of public accounting are required to practice in firms enrolled in an AICPA-approved practice monitoring program to be admitted to, or retain, AICPA membership.

This practice monitoring program is subject to a peer review once every three years and covers audits and other public accounting engagements for non-issuer clients.

Firms that only provide tax and consulting services and do not perform audit, review, compilation, preparation, or other attest services are exempt from the AICPA Peer Review Program.

Peer review applies to firms that perform engagements under AICPA auditing or attestation standards.

It used to be sufficient just to know about peer review, but now you need to know what type of peer review is needed, either a system review or an engagement review.

Firms must use a risk-based approach when designing, implementing, and operating the elements of their quality management system.

The system of quality management is customized to the firm’s nature and circumstances, size, types of engagements performed, client industries, and geographic locations.

The firm concentrates on identifying and addressing quality risks that could prevent achievement of quality objectives. The emphasis is on what could go wrong, and higher-risk areas are prioritized.

Quality management is proactive and forward-looking, not reactive. It anticipates issues before they occur, adapts to changes in the firm or environment, and requires ongoing reassessment.

The AICPA has identified 8 components of a System of Quality Management (SQM). In addition to peer review, the CPA Audit Exam in 2026 will start testing these 8 components.

For the CPA Audit Exam and real-world firm operations, these 8 SQM components matter because they work together to provide reasonable assurance that a firm complies with professional standards and legal or regulatory requirements, and issues reports that are appropriate in the circumstances.

The AICPA has shifted from a checklist quality control model to a risk-based, proactive quality management model.

This sets the tone at the top. Without leadership commitment, quality initiatives fail.

It establishes a culture that prioritizes quality over profitability or growth, assigns ultimate responsibility and accountability for quality, and aligns incentives and evaluations with quality objectives.

This is the engine of the system. Because SQM is risk-based, this component identifies quality objectives, identifies and assesses quality risks, and designs and implements responses.

Instead of reacting to problems, firms anticipate and manage risks before deficiencies occur.

Ethics underpin audit credibility and public trust. This component ensures independence, integrity, and objectivity, requires independence confirmations, and monitors compliance with ethical rules.

This prevents the firm from taking on risky clients or engagements it cannot properly perform.

It evaluates management integrity, assesses firm competence and resources, and reduces legal and reputational risk.

Quality work requires capable resources: human resources (competence, training, staffing), technological resources (audit software and tools), and intellectual resources (methodologies and guidance).

This is where quality shows up in actual engagements through proper supervision and review, consultation on complex matters, engagement quality reviews (EQRs), and consistent application of standards.

A system fails if people do not understand or follow it. This component ensures personnel understand quality policies, promotes two-way communication, and ensures relevant information reaches the right people.

This is the feedback loop that keeps the system effective. It identifies deficiencies, performs root cause analysis, implements corrective actions, and drives continuous improvement.