Exam technique for Advanced Audit and Assurance

Part 1 – Ethics

Ethical standards and their application form a major part of the Advanced Audit and Assurance syllabus and are examined regularly. Often the marks for this area will be spread over more than one question and may be combined with planning, professional issues or as a standalone.

The basic ethical standards at this level are the same as those examined previously in Audit and Assurance; what sets apart the level of the questions is your ability to apply those standards to more complex situations and show that you understand both threats and safeguards. This is an area of the exam where candidates can use good exam technique to increase the marks attained without having to rote learn much additional information above that learnt for previous exams.

This article will demonstrate how to maximise marks on these areas using good technique. It is, however, specific to the context of auditing and assurance and will therefore have a different focus and application to the way ethics is examined in other areas of the ACCA Qualification.

What you need to know

The starting point for preparing for any exam is to know the underlying knowledge that is required for this part of the syllabus. At this level the content of the guidance is what you should focus on. Marks are not awarded for memorising or quoting standard numbers, it is the application of the content of those standards that is important. For the Advanced Audit and Assurance exam, refer to the examinable documents link to verify the correct versions for the year of examination. These include the IESBA International Code of Ethics for Professional Accountants (the Code) and the ACCA Code of Ethics and Conduct (refer to the examinable documents link in the Related Links box for full details).

In addition, for the UK exam candidates will be examined on the Financial Reporting Council’s Ethical Standard, for the IRL exam candidates will be tested on the IAASA’s Ethical Standard for Auditors (Ireland), and SGP candidates should also refer to the ISCA Code of Professional Conduct and Ethics.

You will be familiar with ACCA’s Code of Ethics from the Audit and Assurance exam. This mirrors the IESBA’s Code so you will be familiar with the five basic principles of integrity, objectivity, professional competence and due care, confidentiality, and professional behaviour. You will also be familiar with the general areas of threat to the fundamental principles of self review, self interest, advocacy, familiarity, and intimidation.

[Tutorial note for those studying the UK and Ireland variants of AAA: FRC Ethical Standard (UK) and the IAASA Ethical Standard for Auditors (Ireland) also has management as an additional threat to the overarching principles of integrity, objectivity and independence]

The situations you will be appraising at this level will usually involve an assessment of those same principles within scenarios given in the question. In addition, you may be expected to identify situations where the auditor is at risk of assuming a management responsibility with respect to providing additional services to audit clients or appreciate the differences between listed (or other public interest entities) and non-listed clients when it comes to applying these principles.

With regards to objectivity and independence, the general conceptual approach in the codes is as follows:

(a) Identify threats to independence

(b) Evaluate the significance of the threats identified, and

(c) Apply safeguards, when necessary, to eliminate the threats or reduce them to an acceptable level. When the professional accountant determines that appropriate safeguards are not available or cannot be applied to eliminate the threats or reduce them to an acceptable level, the professional accountant shall eliminate the circumstance or relationship creating the threats or decline or terminate the audit engagement.

How to apply the knowledge

When addressing ethical situations in the exam, you will usually have to demonstrate these skills:

  1. that you can identify an ethical threat
  2. that you understand how it arises and the implication of the threat, and
  3. that you can relate the guidance to the specific scenario to determine the safeguards or course of action required.

Each of these skills can be illustrated through the examples below (note that the answers provided here are focusing on the ethical issues arising and do not cover the professional or other issues you might also need to discuss arising from the scenarios). These answers are not fully comprehensive and give an example of the content which could be produced in an exam. There are further points in each case that could be developed and additional outcomes available within the ethical codes; however, they do represent a well-developed answer a candidate could use to attain the full marks available. 

Example 1

The audit committee of Mumbai Co has asked the partner to consider whether it would be possible for the audit team to perform a review of the company’s internal control system. A number of recent incidents have raised concerns amongst the management team that controls have deteriorated and that this has increased the risk of fraud, as well as inefficient commercial practices. The auditor’s report for the audit of the financial statements of Mumbai Co for the year ended 31 March 2016 was signed a few weeks ago. Mumbai Co is a listed company.

Comment on the ethical issues raised and the actions your firm should take in response to the client’s request.

(6 marks)

In this example, we are asked to provide an additional service to an audit client – a review of systems and controls. This is going to give rise to a self-review threat and may possibly lead to assuming a management responsibility. This identification is the first step to answering the question, but these points alone will not score credit in the exam until you have developed them. In order to do this you can use the steps described to build up marks as follows. The important phrases are in bold.

Demonstrating you understand the threats, how they arise and the implication

Providing a review of the company’s system and controls gives rise to a self-review threat as these controls will then be reviewed by the firm when determining our audit strategy. The firm may be reluctant to highlight errors or adopt a substantive approach during the audit as this may highlight deficiencies in the firm’s work on the additional service. (1 mark)

The design of systems and controls is a management responsibility so a review of such may give rise to a situation where the auditor is assuming a management responsibility by taking on the role of management. (1 mark)

Apply the guidance to the scenario – evaluate the significance and suggest safeguards

The code states that the threat to independence of undertaking management responsibilities for an audit client is so significant that there are no safeguards which could reduce the threat to an acceptable level. (1 mark)

However, this answer could score three marks, it is likely that more marks are available. From an exam technique point of view, you should be looking for additional points to make. At this stage, don’t start speculating about relative fee size; try to focus on the information the examiner has given you. Here, the company is flagged as listed, so there must be further development available on this area. Think about how you’ve seen management responsibility issues overcome during your studies and past question practice. It is these points that you can use to attract further marks.

Management responsibility can be avoided if the client takes responsibility for monitoring the reports made and taking the decisions on recommendations.
(1 mark)

However, as this client is listed, we are prohibited from undertaking internal audit services which relate to a significant part of the controls over financial reporting. (1 mark)


As such we must decline the additional work. (1 mark)

In other circumstances, the safeguard of using separate teams to overcome self-review threats or considering the competence of the firm to provide this service would attain credit; however, in this case, the client is listed so these points are irrelevant here.

Note that, in the exam, no marks are awarded for simply listing self-review or management responsibility as they will need to be described before marks are awarded. As such, ensure that you take the time to explain the threats rather than simply writing terms.

Example 2

Your firm’s advisory department has been carrying out a due diligence assignment on a potential acquisition target of an audit client, Blue Co. The management team of Blue Co has also approached White & Co to ask whether representatives of the firm would be available to attend a meeting with the company’s bankers, who they are hoping will finance the acquisition of Red Co, to support the management team in conveying the suitability of the acquisition of Red Co. For the meeting the bank requires the most up-to-date interim accounts of Red Co with the accompanying auditor’s independent interim review report. Your firm is due to complete the interim review shortly and the management team of Red Co has requested that the interim review is completed quickly so that it does not hold up negotiations with the bank, stating that if it does, it may affect the outcome of the next audit tender, which is due to take place after the completion of this year’s audit.

Comment on the ethical issues raised and recommend any actions your firm should take in response to the client’s requests.

(8 marks)

In this example we have additional services and pressure relating to existing services to an audit client. The issues we face are advocacy, self-review, management responsibility and intimidation.

Demonstrating you understand the threats, how they arise and the implication

Attending a meeting with the bank would give rise to an advocacy threat as we would be perceived as promoting the interests of our client and confirming the client’s assertions in negotiations. (1 mark)

In addition, this may give rise to legal proximity exposing the firm to potential litigation. (1 mark)

Attending the meeting may result in the firm being perceived to support the acquisition of Red Co. As these are decisions which should be taken by management we could be perceived as taking on a management role.
(1 mark)

Self-review threats may also arise when we later audit the finance and acquisition in the financial statements of the group as we may be reluctant to highlight errors or are less sceptical about the values in the subsidiary as we have provided the due diligence work. (1 mark)

Further, an intimidation threat exists as the client has threatened that if the interim report is delayed it would affect the outcome of the tender for audit in the future and there is a risk that quality is reduced in order to meet the client’s demands. (1 mark)

Apply the guidance to the scenario – evaluate the significance and suggest safeguards and conclude
Here, there are different directions that the answer could take – for example, discussing in depth the exact nature of the assignment and meeting attendance; however, it is possible to attract marks without such detail in your answer as follows:

Assuming a management responsibility can be avoided if the directors confirm in writing that they are responsible for any decision regarding the acquisition. (1 mark)

The firm should decline to attend the meeting with the bank. (1 mark)

The self-review threat can be reduced by having an independent partner review the audit work prior to signing the auditor’s report. (1 mark)

The intimidation threat should be reported to those charged with governance. (1 mark)

Note that, in this instance, a separate team for the due diligence and audit assignments was not suggested as the scenario already told us that a different department had been carrying out the due diligence work.


The above two examples aim to cover a range of issues and illustrate how candidates can attract strong marks when answering ethics questions. As with most areas of the Advanced Audit and Assurance exam, it is the application of knowledge to a scenario rather than the knowledge itself that will attract marks. This means that when preparing for this exam, a good grasp of the knowledge underpinning the syllabus is important but practising questions and developing the skills of applying that knowledge is key to passing. 

Written by a member of the AAA examining team