The Advanced Audit and Assurance subject provides a body of knowledge for you to understand the nature and diversity of audit and assurance engagements. The subject provides an insight on audit and assurance processes, the methodologies and procedures. It also examines the objectives of assurance engagements and current and future developments in assurance engagements. The environment within which the auditor or assurance practitioner operates, and the respective roles of the private and public sector auditors and internal audit, are also discussed.

In the CPA Program, the professional responsibilities of accountants are discussed in the Ethics and Governance subject. However, this subject emphasises the ethical and professional conduct of auditors. The strategic business analysis techniques in the Advanced Audit and Assurance subject are further discussed in the Strategic Management Accounting and Global Strategy and Leadership subject in their respective context.

This subject and the Contemporary Business Issues subject also cover sustainability reporting and assurance, with an emphasis on businesses. Advanced topics in financial reporting which complement the accounting knowledge of audit professionals are covered in the Financial Reporting subject.

This subject is compulsory for candidates who have not completed recognised studies in auditing.

Exam structure

The Advanced Audit and Assurance exam generally consists of 100 per cent multiple-choice questions. 

Subject aims

The aims of this subject are:

  • To provide candidates with the required knowledge to:
    • develop and apply audit procedures
    • understand the entity and environment in order to obtain and evaluate the audit evidence
    • develop professional judgment
    • develop awareness of ethics, values and attitudes expected of audit professionals performing audit and assurance engagements anywhere in the world
  • To develop an understanding of audit conclusions and reporting requirements in accordance with the relevant international pronouncements
  • To develop candidates’ awareness of current and future developments relating to assurance engagements.

General objectives

On completion of this subject, you should be able to:

  • understand and apply the framework for assurance engagements in audit and review engagements and assurance engagements (other than audits or reviews), and discuss the elements of an assurance engagement
  • discuss the quality control standards for audit and assurance engagements, and the fundamental ethical principles for the auditing profession
  • explain and apply the requirements of the audit, review and assurance standards that are applicable to audit and review engagements and assurance engagements (other than audits or reviews)
  • design the audit process to be undertaken by auditors in conducting audit and assurance engagements
  • apply the relevant auditing standards to the assessment for fraud and going concern in an audit of financial statements
  • explain the purpose and role of performance audits
  • identify and describe the various types of assurance engagements
  • discuss the nature of internal audit

Segment content

The ‘weighting’ column in the following table provides an indication of the emphasis placed on each module in the exam, while the ‘proportion of study time’ column is a guide for you to allocate your study time for each module.

Table 1: Module weightings and study time


proportion of
study time %

Weighting (%)

1. Assurance services framework


2. General audit principles and auditor responsibilities


3. Understanding the entity, assessing risk and responding to risks


4. The auditor’s response to assessed risks


5. Audit conclusions and reporting requirements


6. Performance engagements


7. Other assurance services 11 12
Case study


  100 100

The subject is divided into 7 modules and a Case Study. A brief outline of each module is provided below.

Module 1: Assurance services framework

Module 1 begins by describing the structure of the auditing pronouncements. Of particular importance is the International Framework for Assurance Engagements. Following the structure of the Framework, the module considers the ethical requirements for professional accountants laid out in the Code of Ethics for Professional Accountants and the quality control requirements for firms that perform audits and reviews under ISQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements. Other aspects of the Framework examined in Module 1 include the distinction between reasonable and limited assurance engagements, and between attestation and direct engagements.

The module also discusses the environment, role and relationships relevant to public sector assurance engagements.


  • The internationalisation of auditing: IFAC, IAASB and IFIAR
  • Regulation of auditing in Australia: FRC, ASIC, APESB and AUASB
  • Regulation of auditing in New Zealand
  • International Framework for Assurance Engagements
  • Code of Ethics for Professional Accountants
  • Quality control 
  • Drivers of audit quality 
  • Reasonable and limited assurance 
  • Attestation and direct engagements 
  • Elements of an assurance engagement 

Module 2: General audit principles and auditor responsibilities

This module starts by outlining that International Standards on Auditing (ISAs) are applicable to all members of the accounting profession and are applicable to both the public and private sector. This is followed by a discussion on assurance services in the public sector and addresses typical mandates of auditors-general. This is then followed by a discussion of the application of ISAs to all entities regardless of size and complexity.

Module 2 builds on the material in Module 1 and focuses on reasonable assurance engagements in the form of an audit of financial statements, specifically the ISA 200 General Principles and Responsibilities series of auditing standards. The ISA 200 series covers the objectives of an audit of a financial statement through to communicating audit matters to those charged with governance and management.

Many of the matters discussed in these and some of the intervening standards, ISA 210 Agreeing the Terms of Audit Engagements, ISA 220 Quality Control for an Audit of Financial Statements, ISA 230 Audit Documentation and ISA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements are elaborated upon in terms of ethical considerations in the Code of Ethics for Professional Accountants and the quality control requirements in ISQC 1 Quality Controls for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements.


  • Auditing standards
  • Application of ISAs
  • Public sector perspective
  • Overall objectives of the independent auditor and the conduct of an audit in accordance with international standards on auditing
  • Professional scepticism
  • Terms of audit engagements
  • Auditor independence for the audit of financial statements
  • Quality control for audits
  • Audit documentation
  • The auditor's responsibility to consider fraud in an audit
  • Going concern
  • Communication of audit matters with those charged with governance
  • Communicating deficiencies in internal control to those charged with governance and management

Module 3: Understanding the entity, assessing risk and responding to risks

Module 3 discusses auditing standards related to risk assessments. The module starts with a discussion of audit planning as per ISA 300 Planning an Audit of Financial Statements. Particular emphasis is placed on ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment including consideration of audit assertions. The module introduces the concept of business risk, its impact on the auditor's knowledge and understanding of a client and the risk of material misstatement in the financial statements.

There is also an overview of techniques for gaining an understanding of the entity and its environment, including a discussion of analytical procedures. Emphasis is placed on techniques used in strategic analysis to identify business risks. As internal control is a means of mitigating business risk, this module examines the components of internal control using the framework set out in ISA 315. The impact of an information technology environment on internal controls is also considered. Having assessed risks it is necessary for the auditor to respond to those risks and this is discussed as per ISA 330 The Auditor's Responses to Assessed Risks.


  • Overview of standards covering risk assessment and response to assessed risks
  • Planning an audit of financial statements
  • Audit materiality
  • Financial statement assertions
  • Identifying and assessing the risks of material misstatement through understanding the entity and its environment
  • Understanding the client's business model
  • Strategic analysis
  • Techniques used in strategic analysis
  • Analytical procedures
  • Responding to assessed risks
  • Evaluation of misstatements identified during the audit

Module 4: The auditor's response to assessed risks

Module 4 discusses the auditor's response to the assessed risks stage of the audit process (commonly referred to as the evidence-gathering stage of an audit, as gathering evidence is the way in which the auditor assesses risks). The module looks at the two major classes of audit procedures, namely the tests of control and substantive tests. It also examines the auditor's response to assessed risks in the specific environments of ecommerce and small business.

With the increased use of information technology (IT), the efficiency and effectiveness of audits has increased significantly as auditors have incorporated audit software and advanced audit data analytic techniques into their processes. The module also examines the general principles underlying evidence-gathering for tests of control and substantive procedures, and evidence-gathering techniques used in an IT environment.


  • Sufficient appropriate audit evidence
  • Tests of controls
  • Substantive audit procedures
  • Advanced evidence-gathering issues
  • Using the work of other auditors and experts
  • Evidence-gathering in an ecommerce environment
  • Subsequent events
  • Completion

Module 5: Audit conclusions and reporting requirements 

Module 5 discusses the various forms of reporting associated with different types of engagements and the levels of assurance obtained and communicated for each type of assurance engagement. Auditors' reports which provide a reasonable level of assurance to users are examined in detail, including their form and content and the different types of opinion that are issued under varying circumstances. The module also identifies the legal and professional requirements for audit and review reporting in Australia as specified by the Corporations Act 2001 (Cwlth).

The module further discusses other types of reporting and classifies engagements and their consequent reports by the level of assurance they purport to provide. These include review reports used for obtaining and communicating limited assurance, and reports on agreed-upon procedures where no assurance is explicitly communicated.


  • Reports associated with reasonable assurance engagements
  • Reports providing limited assurance
  • Reports providing no assurance

Module 6: Performance engagements

Module 6 explains the nature, purpose and practice of performance engagements. Performance engagements are concerned with the economy, efficiency and effectiveness of an entity, program or activity. Module 6 focuses on public sector performance auditing, where this type of assurance is most prevalent. The various stages of conducting a performance engagement are discussed; they represent generally accepted practice both within Australia and internationally.


  • Assurance standards and regulation
  • Structure of a performance audit 
  • Responsibilities in performance audits 
  • Project identification stage 
  • Planning stage 
  • Economy, efficiency and effectiveness 
  • Performance information and indicators 
  • Conducting the performance audit 
  • Reporting stage 
  • Follow-up audits

Module 7: Other assurance services

Module 7 considers assurance engagements other than those concerning historical financial information. These ‘other’ engagements are diverse and include, for example, assurance on: prospective financial information, non financial information, sustainability, systems and processes, and behaviours such as compliance with law and regulations, or with corporate governance principles. The module also discusses continuous auditing, and gives an overview of the new competencies required by assurance services practitioners. Finally, the module considers the role of internal auditors and the internal audit function.


  • The nature and characteristics of assurance services 
  • Recent trends in other assurance services
  • Assurance on prospective financial information 
  • Assurance on non-financial information
  • Assurance on systems and processes 
  • Assurance on behaviour 
  • Continuous auditing
  • Integrated reporting (IR) and assurance
  • New competencies for assurance practitioners
  • Internal audit

Case study

The case study illustrates the planning, evidence gathering and reporting activities performed by the auditor in a financial statement audit. You will be guided through the various stages of the audit process to consolidate your understanding of the audit principles and the ethical considerations introduced in Modules 1 through 5.

The case study emphasises the auditor’s responsibilities with respect to fraud in a financial statement audit. This is appropriate, not only because of the risks associated with fraud, but because the requirements of ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements need to be considered at all stages of the audit process.

Finally the case study illustrates the auditor’s responsibility to consider the going concern issue.