Auditing is a structured way of earning the right to say a set of numbers can be trusted. It rests on frameworks, evidence standards, and a habit of professional skepticism, none of which come naturally at first. Read in order and the parts connect: you learn the process, then the control frameworks it relies on, then the specialties.
A note on scope: these books build knowledge, but auditing is a credentialed profession. Reading complements formal accounting education, professional standards, and licensure such as the CPA, it doesn't stand in for them.
The core discipline
Start with the standard textbooks. Auditing and assurance services by Alvin Arens and Principles of auditing and other assurance services by Ray Whittington cover the full arc of an engagement, from planning to opinion. Read one thoroughly before branching out.
Control and risk frameworks
Auditing depends on frameworks for internal control and enterprise risk, published by COSO, which define what 'control' and 'risk' formally mean in practice. Alongside them, Audit Risk Model by William Kinney explains the logic that drives how much testing an auditor does and where.
Evidence, fraud, and IT
Now the working craft. Audit sampling by Dan Guy and The Audit Evidence Standards by Wanda Wallace cover how auditors gather and justify evidence. For the darker side, Fraud examination by W. Steve Albrecht and Financial Shenanigans by Howard Schilit teach how numbers get manipulated and how to spot it. Modern practice adds technology: Auditing IT infrastructures for compliance by Martin Weiss and Data Analytics for Internal Auditors by Richard Cascarino bring the field up to date with systems and data.
Read in this order and the discipline stops feeling like arbitrary rules. If detecting manipulation grabs you, the related forensic accounting path is the natural continuation. Follow the full reading path to work through each stage.