ACCA AAA 2025-26 MASTER STUDY NOTES (Textbook Style)
Preface
These master study notes are designed to be a self-contained textbook-style resource for the ACCA Audit
and Assurance (AAA) 2025-26 syllabus.
Each syllabus area (A to I) is explained in textbook style: definitions, relevant standards, practical examples,
exam application guidance, and suggested audit procedures. Use these notes together with active practice of
past-questions and kit questions for best results.
A. The Regulatory Environment
Overview: The regulatory environment sets the context within which auditors operate. Major international
standard setters include:
- IAASB: issues International Standards on Auditing (ISAs). ISAs set minimum requirements for audit
engagements and are the primary technical standards for auditors.
- IESBA: issues the International Code of Ethics for Professional Accountants. The Code sets fundamental
principles and guidance on threats and safeguards.
- IFAC: the International Federation of Accountants promotes adoption of standards and supports member
bodies.
- Local regulators: national bodies (for example PCAOB, FRC, SEBI) implement specific legal and regulatory
requirements. Local legislation may modify or supplement ISAs.
Money laundering and anti-money laundering duties: Auditors must be alert to money laundering risks.
Typical red flags include: unexplained cash flows, transactions with tax havens, unusually complex or opaque
structures, or client refusal to provide information. Auditors should perform client acceptance procedures
(including identity checks), remain alert during the engagement, and report suspicious activities to the
designated authority (MLRO or regulator). Confidentiality requirements are overridden for statutory reporting
of suspicions in most jurisdictions.
NOCLAR and laws and regulations (ISA 250): Auditors consider non-compliance with laws and regulations
that may have a material effect on the financial statements. Distinguish between direct laws (affect amounts
in the financial statements, e.g., tax law) and indirect laws (not directly affecting amounts, e.g., environmental
legislation). Where breaches are detected, the auditor discusses with management and TCWG, evaluates the
effect on the financial statements, and considers whether modification of the audit opinion or other reporting
is required.
Example: A company has failed to account for VAT for two years. This is a direct law breach. The auditor
should obtain evidence of the exposure, discuss with management and TCWG, and quantify the effect on the
financial statements. If management refuses to adjust, consider a qualified or adverse opinion depending on
materiality and pervasiveness.
Exam application: Questions often require candidates to apply regulatory requirements to a scenario, justify
audit actions, and explain reporting consequences. Always cite the relevant standard (ISA 250, IESBA Code)
and describe practical steps.
, B. Professional and Ethical Considerations
Fundamental ethical principles: The IESBA Code sets five fundamental principles: integrity, objectivity,
professional competence and due care, confidentiality, and professional behaviour. Auditors must evaluate
threats to these principles and apply safeguards.
Independence and threats: Common threats are self-interest (financial interests), self-review (auditor
assessing own work), advocacy (promoting client position), familiarity (long association), and intimidation
(pressure from client). Examples of safeguards include rotation of senior personnel, engagement quality
review, removal of conflicting duties, or declining the engagement.
Fraud and error (ISA 240): Management is primarily responsible for prevention and detection of fraud. The
auditor's responsibility is to obtain reasonable assurance that the financial statements are free of material
misstatement, whether caused by fraud or error. The auditor exercises professional scepticism, assesses
fraud risk factors, and designs procedures responsive to identified risks. Procedures include analytical
procedures targeted to fraud risk areas, testing journal entries, testing approvals, and enquiries of
management and TCWG.
If fraud is suspected, the auditor should obtain evidence, evaluate management's response, escalate to
TCWG, and determine whether external reporting is required by law. The auditor should consider the impact
on risk assessments and the audit opinion.
Professional liability: Auditors face legal liability to clients and, in some circumstances, to third parties who
rely on the audit report. Liability can arise from negligence or breach of duty. Firms commonly use
engagement letters that define the scope of work and disclaimers, and maintain professional indemnity
insurance.
Expectation gap: The public often expects auditors to provide absolute assurance. In contrast, auditors
provide reasonable assurance. In exam answers, explain the difference and why reasonable assurance is not
absolute: sampling, inherent limitations, and reliance on representations.
C. Practice Management and Quality Management
ISQM 1 and ISQM 2: ISQM 1 requires the firm to establish a system of quality management addressing
leadership, governance, ethical requirements, acceptance and continuance of client relationships, human
resources, engagement performance, and monitoring. ISQM 2 addresses engagement quality review for
certain audits where an independent experienced reviewer evaluates significant judgements. ISA 220 sets
requirements for the engagement partner's responsibilities regarding engagement performance and quality
control.
Client acceptance and continuance: Firms should perform acceptance procedures to confirm integrity of
client, evaluate independence and competence, and ensure sufficient resources. Red flags: management
integrity concerns, prior fraud, insufficient systems, or money laundering risk. Decline or withdraw if threats
cannot be mitigated.
Resource management and fees: Appropriate staffing, training, and supervision are essential for quality.
Low-balling fees may pressure teams to rush work, increasing risk. Firms should balance commercial
objectives with quality.
Exam application: Describe firm-level controls, how ISQM requirements influence engagement behaviour,
Preface
These master study notes are designed to be a self-contained textbook-style resource for the ACCA Audit
and Assurance (AAA) 2025-26 syllabus.
Each syllabus area (A to I) is explained in textbook style: definitions, relevant standards, practical examples,
exam application guidance, and suggested audit procedures. Use these notes together with active practice of
past-questions and kit questions for best results.
A. The Regulatory Environment
Overview: The regulatory environment sets the context within which auditors operate. Major international
standard setters include:
- IAASB: issues International Standards on Auditing (ISAs). ISAs set minimum requirements for audit
engagements and are the primary technical standards for auditors.
- IESBA: issues the International Code of Ethics for Professional Accountants. The Code sets fundamental
principles and guidance on threats and safeguards.
- IFAC: the International Federation of Accountants promotes adoption of standards and supports member
bodies.
- Local regulators: national bodies (for example PCAOB, FRC, SEBI) implement specific legal and regulatory
requirements. Local legislation may modify or supplement ISAs.
Money laundering and anti-money laundering duties: Auditors must be alert to money laundering risks.
Typical red flags include: unexplained cash flows, transactions with tax havens, unusually complex or opaque
structures, or client refusal to provide information. Auditors should perform client acceptance procedures
(including identity checks), remain alert during the engagement, and report suspicious activities to the
designated authority (MLRO or regulator). Confidentiality requirements are overridden for statutory reporting
of suspicions in most jurisdictions.
NOCLAR and laws and regulations (ISA 250): Auditors consider non-compliance with laws and regulations
that may have a material effect on the financial statements. Distinguish between direct laws (affect amounts
in the financial statements, e.g., tax law) and indirect laws (not directly affecting amounts, e.g., environmental
legislation). Where breaches are detected, the auditor discusses with management and TCWG, evaluates the
effect on the financial statements, and considers whether modification of the audit opinion or other reporting
is required.
Example: A company has failed to account for VAT for two years. This is a direct law breach. The auditor
should obtain evidence of the exposure, discuss with management and TCWG, and quantify the effect on the
financial statements. If management refuses to adjust, consider a qualified or adverse opinion depending on
materiality and pervasiveness.
Exam application: Questions often require candidates to apply regulatory requirements to a scenario, justify
audit actions, and explain reporting consequences. Always cite the relevant standard (ISA 250, IESBA Code)
and describe practical steps.
, B. Professional and Ethical Considerations
Fundamental ethical principles: The IESBA Code sets five fundamental principles: integrity, objectivity,
professional competence and due care, confidentiality, and professional behaviour. Auditors must evaluate
threats to these principles and apply safeguards.
Independence and threats: Common threats are self-interest (financial interests), self-review (auditor
assessing own work), advocacy (promoting client position), familiarity (long association), and intimidation
(pressure from client). Examples of safeguards include rotation of senior personnel, engagement quality
review, removal of conflicting duties, or declining the engagement.
Fraud and error (ISA 240): Management is primarily responsible for prevention and detection of fraud. The
auditor's responsibility is to obtain reasonable assurance that the financial statements are free of material
misstatement, whether caused by fraud or error. The auditor exercises professional scepticism, assesses
fraud risk factors, and designs procedures responsive to identified risks. Procedures include analytical
procedures targeted to fraud risk areas, testing journal entries, testing approvals, and enquiries of
management and TCWG.
If fraud is suspected, the auditor should obtain evidence, evaluate management's response, escalate to
TCWG, and determine whether external reporting is required by law. The auditor should consider the impact
on risk assessments and the audit opinion.
Professional liability: Auditors face legal liability to clients and, in some circumstances, to third parties who
rely on the audit report. Liability can arise from negligence or breach of duty. Firms commonly use
engagement letters that define the scope of work and disclaimers, and maintain professional indemnity
insurance.
Expectation gap: The public often expects auditors to provide absolute assurance. In contrast, auditors
provide reasonable assurance. In exam answers, explain the difference and why reasonable assurance is not
absolute: sampling, inherent limitations, and reliance on representations.
C. Practice Management and Quality Management
ISQM 1 and ISQM 2: ISQM 1 requires the firm to establish a system of quality management addressing
leadership, governance, ethical requirements, acceptance and continuance of client relationships, human
resources, engagement performance, and monitoring. ISQM 2 addresses engagement quality review for
certain audits where an independent experienced reviewer evaluates significant judgements. ISA 220 sets
requirements for the engagement partner's responsibilities regarding engagement performance and quality
control.
Client acceptance and continuance: Firms should perform acceptance procedures to confirm integrity of
client, evaluate independence and competence, and ensure sufficient resources. Red flags: management
integrity concerns, prior fraud, insufficient systems, or money laundering risk. Decline or withdraw if threats
cannot be mitigated.
Resource management and fees: Appropriate staffing, training, and supervision are essential for quality.
Low-balling fees may pressure teams to rush work, increasing risk. Firms should balance commercial
objectives with quality.
Exam application: Describe firm-level controls, how ISQM requirements influence engagement behaviour,
