ADVANCED AUDIT AND ASSURANCE
CPA Australia - Semester 2 2025
MODULE 1: THE AUDITING AND ASSURANCE FRAMEWORK
Part 1.1: The Assurance Environment (Study Guide pages 1-11)
1. International auditing standard setting bodies
a. International Federation of Accountants (IFAC): Global organisation for accountancy profession
comprising 175+ members. Serves the public interest by enhancing the value, relevance and
reputation of the profession.
b. International Auditing and Assurance Standards Board (IAASB): Independent standard setting
body under IFAC that sets international standards for auditing, QC, review and other assurance
related services. Produces standards like International Standards on Quality Management (ISQM
1), International Standards on Auditing (ISA), etc.
c. International Forum of Independent Audit Regulators (IFIAR): Forum of independent audit
regulatory authorities (including ASIC) that have oversight of the auditing profession.
d. International Ethics Standards Board for Accountants (IESBA): Independent standard setting
body focusing on setting ethical standards for professional accountants worldwide and its
members are appointed by IFAC.
2. Structure of pronouncements
The IESBA creates a Code of Ethics for Professional Accountants that covers all types of engagements, meaning
everything must be compliant to this Code of Ethics. IAASB creates standards that also cover all types of
engagements.
The house analogy:
■ Roof: IESBA Code of Ethics for Professional Accountants
■ Ceiling: International Framework for Assurance Engagements, covering these pillars:
○ Audit: provides reasonable assurance (level 2)
○ Reviews: provides limited assurance (level 3)
○ Assurance engagements other than audits or reviews: provides reasonable or limited assurance
(level 2-3)
○ Related services: provides no assurance (level 4) and not included under the ceiling of
international framework for assurance engagements.
■ Foundation: International Standards on Quality Management (ISQM 1) - all engagements are backed by
this foundation.
3. Regulation of Auditing in Australia
a. Financial Reporting Council (FRC): Statutory body and has oversight over accounting and auditing
standard setting process for public and private sector. Also appoints AUASB board.
b. Auditing and Assurance Standards Board (AUASB): Independent statutory agency responsible for
developing and maintaining auditing and assurance standards, which are legally enforceable for
audits/reviews of historical financial information. These standards are used by consultants (e.g.
KPMG, EY) to perform audits to companies.
c. Australian Securities & Investments Commission (ASIC): Australia’s corporate, markets and
financial services regulator and has oversight of the auditing profession including registration and
enforcement of rules regarding auditor independence and auditing standards.
, d. Accounting Professional & Ethical Standards Board: Independent body and initiative of CPA and
CAANZ, responsible for setting professional and ethical standards in Australia.
Part 1.2. International Framework for Assurance Engagements (Study Guide pages 11-31)
1. Ethical Principles (Study Guide pages 11-18)
a. Fundamental principles:
i. Integrity: having strength and courage to stand for what you think is right
ii. Objectivity: impartiality and unbiased, avoidance of conflict of interests
iii. Professional competence and due care: obtain and maintain professional knowledge and
skills and acting diligently (no negligence)
iv. Professional behavior: comply with relevant laws and not discrediting the profession
v. Confidentiality: not disclosing information to third parties, with the exception:
■ Law permits and client agrees,
■ Disclosure is required, or
■ Professional duty or right to disclose.
Auditors must be and must disclose/declare that they are independent.
b. Threats to the fundamental principles:
i. Self-interest – e.g. owning shares in the audit client
ii. Self-review – e.g. preparing and auditing the same financial statements
iii. Advocacy – e.g. acting as the audit client’s expert witness in a legal dispute
iv. Familiarity – e.g. the CEO of the audit client is married to the audit partner, familial
relationship.
v. Intimidation – e.g. clients threaten to fire the auditor if the opinion is not favourable,
especially when they contribute in a major way to the auditors’ revenue.
These threats are then evaluated on significance before implementing safeguards.
c. Safeguards:
i. Implement safeguards:
■ Profession/legislation – e.g. quality standards, CPD, ASIC act, professional
standards and regulatory monitoring.
■ Work-client – e.g. audit committee, competent staff and leadership, policies
and procedures
■ Audit firm – e.g. systems and processes, partner rotation policy, peer review
policy
Analysing case studies using the conceptual framework approach
1. Identify threats
2. Evaluate significance
3. Implement safeguards
2. Quality management (Study Guide pages 18-28)
Relevant standards: ISQM 1 (referring to quality management within a firm / organisation) and ISA 220
(relates to individual engagements performed by the firm).
a. Elements of quality management (ISQM 1):
Use this to analyse case studies asking to analyse e.g. what arguments can be put forward
against a firm's management practices?
i. Risk management process
, ■ After setting quality objectives, the firm continues to identify the risks
associated and how to mitigate them.
■ Risks are assessed on the levels - are they high risk, low risks etc.
■ These management processes are then implemented in the various
engagements of the firm.
■ Three components of assurance engagement risk:
a. Inherent risk: susceptibility of the subject matter information to a
material misstatement and is determined by the underlying subject
matter.
b. Control risk: risk that a material misstatement will not be prevented, or
detected and corrected, by the internal control system.
c. Detection risk: risk that the practitioner’s evidence-gathering
procedures will not detect a material misstatement, affected by the
quantity, reliability and relevance of evidence.
ii. Governance and leadership
■ Deals with both the managements’ and leaders’ words and actions.
iii. Relevant ethical requirements
■ Employees within the firms need to understand what are the do’s and don’t’s in
the particular firm. E.g. max amount of shares an employee are allowed to
have.
iv. Acceptance and continuance of client
■ It is important to do very robust checks of clients before starting as usually
clients will be engaged for longer periods of time.
v. Engagement performance - performing checks on the below:
■ Making sure the team is aware of their responsibilities.
■ There must be clear direction and supervision on the policies, processes, etc.
■ Apply professional judgement and scepticism, which are usually developed
over time.
■ There has to be a process of dealing with contentious matters.
■ Engagement documentation in audit is critically important.
vi. Resources
■ Need to know when to engage other departments / available resources as
necessary
vii. Information and communication
■ Arrangement for discussions to be in place
■ Being mindful of what information is shared due to confidentiality issues
viii. Monitoring and remediation process
■ Assessing how the process is working and tweaks that needs to be made
b. Audit quality - ensuring auditors produce quality and accurate audit opinion
i. Drivers of audit quality (IAASB) - Framework for audit quality
, ■ Part I:
a. Inputs:
i. Values and ethics - APES 110 - firms must ensure that all its
people adhere to these standards
ii. Knowledge, skill and experience - ISQM 1 - firms must employ
people who can properly service clients, preventing issuance
of wrong opinion
b. Process:
i. Complying with audit process and quality - ISA 220 and other
ISAs - ensuring standardised process within the firm
ii. Complying with laws and regulations - Corporations Act
c. Output:
i. Reports
1. Auditors’ report - presenting auditors’ opinion as a
result of the audit
2. Management report - highlights the weaknesses,
improvement opportunities identified by auditors
and is an internal document
3. Audit firm’s transparency report - published to show
that they comply with any relevant systems
■ Part II: Key interactions within the financial reporting supply chain
a. Management
i. Preparation of financials
ii. Implementation of internal controls
CPA Australia - Semester 2 2025
MODULE 1: THE AUDITING AND ASSURANCE FRAMEWORK
Part 1.1: The Assurance Environment (Study Guide pages 1-11)
1. International auditing standard setting bodies
a. International Federation of Accountants (IFAC): Global organisation for accountancy profession
comprising 175+ members. Serves the public interest by enhancing the value, relevance and
reputation of the profession.
b. International Auditing and Assurance Standards Board (IAASB): Independent standard setting
body under IFAC that sets international standards for auditing, QC, review and other assurance
related services. Produces standards like International Standards on Quality Management (ISQM
1), International Standards on Auditing (ISA), etc.
c. International Forum of Independent Audit Regulators (IFIAR): Forum of independent audit
regulatory authorities (including ASIC) that have oversight of the auditing profession.
d. International Ethics Standards Board for Accountants (IESBA): Independent standard setting
body focusing on setting ethical standards for professional accountants worldwide and its
members are appointed by IFAC.
2. Structure of pronouncements
The IESBA creates a Code of Ethics for Professional Accountants that covers all types of engagements, meaning
everything must be compliant to this Code of Ethics. IAASB creates standards that also cover all types of
engagements.
The house analogy:
■ Roof: IESBA Code of Ethics for Professional Accountants
■ Ceiling: International Framework for Assurance Engagements, covering these pillars:
○ Audit: provides reasonable assurance (level 2)
○ Reviews: provides limited assurance (level 3)
○ Assurance engagements other than audits or reviews: provides reasonable or limited assurance
(level 2-3)
○ Related services: provides no assurance (level 4) and not included under the ceiling of
international framework for assurance engagements.
■ Foundation: International Standards on Quality Management (ISQM 1) - all engagements are backed by
this foundation.
3. Regulation of Auditing in Australia
a. Financial Reporting Council (FRC): Statutory body and has oversight over accounting and auditing
standard setting process for public and private sector. Also appoints AUASB board.
b. Auditing and Assurance Standards Board (AUASB): Independent statutory agency responsible for
developing and maintaining auditing and assurance standards, which are legally enforceable for
audits/reviews of historical financial information. These standards are used by consultants (e.g.
KPMG, EY) to perform audits to companies.
c. Australian Securities & Investments Commission (ASIC): Australia’s corporate, markets and
financial services regulator and has oversight of the auditing profession including registration and
enforcement of rules regarding auditor independence and auditing standards.
, d. Accounting Professional & Ethical Standards Board: Independent body and initiative of CPA and
CAANZ, responsible for setting professional and ethical standards in Australia.
Part 1.2. International Framework for Assurance Engagements (Study Guide pages 11-31)
1. Ethical Principles (Study Guide pages 11-18)
a. Fundamental principles:
i. Integrity: having strength and courage to stand for what you think is right
ii. Objectivity: impartiality and unbiased, avoidance of conflict of interests
iii. Professional competence and due care: obtain and maintain professional knowledge and
skills and acting diligently (no negligence)
iv. Professional behavior: comply with relevant laws and not discrediting the profession
v. Confidentiality: not disclosing information to third parties, with the exception:
■ Law permits and client agrees,
■ Disclosure is required, or
■ Professional duty or right to disclose.
Auditors must be and must disclose/declare that they are independent.
b. Threats to the fundamental principles:
i. Self-interest – e.g. owning shares in the audit client
ii. Self-review – e.g. preparing and auditing the same financial statements
iii. Advocacy – e.g. acting as the audit client’s expert witness in a legal dispute
iv. Familiarity – e.g. the CEO of the audit client is married to the audit partner, familial
relationship.
v. Intimidation – e.g. clients threaten to fire the auditor if the opinion is not favourable,
especially when they contribute in a major way to the auditors’ revenue.
These threats are then evaluated on significance before implementing safeguards.
c. Safeguards:
i. Implement safeguards:
■ Profession/legislation – e.g. quality standards, CPD, ASIC act, professional
standards and regulatory monitoring.
■ Work-client – e.g. audit committee, competent staff and leadership, policies
and procedures
■ Audit firm – e.g. systems and processes, partner rotation policy, peer review
policy
Analysing case studies using the conceptual framework approach
1. Identify threats
2. Evaluate significance
3. Implement safeguards
2. Quality management (Study Guide pages 18-28)
Relevant standards: ISQM 1 (referring to quality management within a firm / organisation) and ISA 220
(relates to individual engagements performed by the firm).
a. Elements of quality management (ISQM 1):
Use this to analyse case studies asking to analyse e.g. what arguments can be put forward
against a firm's management practices?
i. Risk management process
, ■ After setting quality objectives, the firm continues to identify the risks
associated and how to mitigate them.
■ Risks are assessed on the levels - are they high risk, low risks etc.
■ These management processes are then implemented in the various
engagements of the firm.
■ Three components of assurance engagement risk:
a. Inherent risk: susceptibility of the subject matter information to a
material misstatement and is determined by the underlying subject
matter.
b. Control risk: risk that a material misstatement will not be prevented, or
detected and corrected, by the internal control system.
c. Detection risk: risk that the practitioner’s evidence-gathering
procedures will not detect a material misstatement, affected by the
quantity, reliability and relevance of evidence.
ii. Governance and leadership
■ Deals with both the managements’ and leaders’ words and actions.
iii. Relevant ethical requirements
■ Employees within the firms need to understand what are the do’s and don’t’s in
the particular firm. E.g. max amount of shares an employee are allowed to
have.
iv. Acceptance and continuance of client
■ It is important to do very robust checks of clients before starting as usually
clients will be engaged for longer periods of time.
v. Engagement performance - performing checks on the below:
■ Making sure the team is aware of their responsibilities.
■ There must be clear direction and supervision on the policies, processes, etc.
■ Apply professional judgement and scepticism, which are usually developed
over time.
■ There has to be a process of dealing with contentious matters.
■ Engagement documentation in audit is critically important.
vi. Resources
■ Need to know when to engage other departments / available resources as
necessary
vii. Information and communication
■ Arrangement for discussions to be in place
■ Being mindful of what information is shared due to confidentiality issues
viii. Monitoring and remediation process
■ Assessing how the process is working and tweaks that needs to be made
b. Audit quality - ensuring auditors produce quality and accurate audit opinion
i. Drivers of audit quality (IAASB) - Framework for audit quality
, ■ Part I:
a. Inputs:
i. Values and ethics - APES 110 - firms must ensure that all its
people adhere to these standards
ii. Knowledge, skill and experience - ISQM 1 - firms must employ
people who can properly service clients, preventing issuance
of wrong opinion
b. Process:
i. Complying with audit process and quality - ISA 220 and other
ISAs - ensuring standardised process within the firm
ii. Complying with laws and regulations - Corporations Act
c. Output:
i. Reports
1. Auditors’ report - presenting auditors’ opinion as a
result of the audit
2. Management report - highlights the weaknesses,
improvement opportunities identified by auditors
and is an internal document
3. Audit firm’s transparency report - published to show
that they comply with any relevant systems
■ Part II: Key interactions within the financial reporting supply chain
a. Management
i. Preparation of financials
ii. Implementation of internal controls
