Audit & Assurance
Master Lesson Plan
A syllabus-mapped, examiner-evidence-based course structure for AA — designed to minimise wasted study time while ensuring complete exam readiness across Section A and Section B.
0How This Plan Works
This plan is built from three sources: the AA Syllabus & Study Guide (Sep 2025–Jun 2026), the March/June 2025 Examiner’s Report, and the September/December 2025 Examiner’s Report. Every lesson is structured around what actually gets tested, how it gets tested, and — critically — what examiners say candidates get wrong.
The examiner is explicit: “Candidates who do not spend sufficient time practising questions are unlikely to be successful.” The most common failure mode is not lack of knowledge — it is lack of applied technique. This plan therefore integrates practice at the end of every lesson, not just at the end of the course.
The 80/20 principle applied to AA: Three topic areas — Audit Risk, Internal Controls/Substantive Procedures, and Audit Reporting — account for the large majority of Section B marks every sitting. These are treated as “Tier 1” topics and appear across multiple lessons. Topics that appear only in Section A OT questions are covered efficiently in single lessons and do not need deep written-answer practice.
1Understanding the Exam Format
| Section | Format | Marks | Syllabus Coverage | Time Allocation |
|---|---|---|---|---|
| Section A | 3 × OT Case (5 OT questions each @ 2 marks) | 30 marks | Broad — any syllabus area A–E | ~54 mins (1.8 min/mark) |
| Section B Q1 | Constructed Response — scenario-based | 30 marks | Usually Planning/Risk or Internal Control | ~54 mins |
| Section B Q2 | Constructed Response — scenario-based | 20 marks | Audit Evidence or Internal Control | ~36 mins |
| Section B Q3 | Constructed Response — scenario-based | 20 marks | Reporting, Ethics, or mixed | ~36 mins |
| Total | Computer-based, all compulsory | 100 marks | All of A–E | 180 mins + 10 mins reading |
Section B is where the exam is won or lost. 70 marks require written application to scenario. The marker awards 1 mark per well-explained, scenario-specific point. Generic, rote-learned answers earn a fraction of available marks. Every lesson in this plan includes a written technique exercise for that reason.
How Marks are Awarded in Section B
| Question Type | Mark Structure | What earns a full mark |
|---|---|---|
| Audit Risk | ½ identify + ½ explain + 1 response = 2 per risk | Named financial statement area + assertion/over/understatement + specific auditor action referencing a source document |
| Substantive Procedures | 1 per well-explained procedure | Names the source document AND states what it confirms AND is a substantive procedure (not a test of control) |
| Control Deficiencies | ½ deficiency + ½ implication + 1 recommendation = 2 per control | Specific operational consequence (not “fraud and error”) + specific recommendation naming who does what and how |
| Ethics | 1 per well-explained threat/safeguard | Names the specific threat type + explains why it arises in THIS scenario + names a specific safeguard |
| Auditor’s Report | 1 per correct point | Correct opinion type + correct reason + impact on report structure where relevant |
2The 8-Lesson Map
Lessons are sequenced to match exam weighting, not the syllabus order. High-frequency, high-mark topics come first and are revisited in later practice lessons. Each lesson ends with a mini Section A bank (5 OT questions) and a Section B practice task (written, with mark scheme).
Audit Framework, Assurance & Ethics
A1, A2, A4- Concept of audit vs assurance; five elements of assurance engagement; levels of assurance
- Regulatory environment; appointment, rights, removal, resignation of auditors
- Limitations of external audit; ISA development and status
- Quality management — engagement resources, performance, monitoring (ISQMs)
- Professional ethics: five fundamental principles; conceptual framework; five threat types; safeguards
- Auditor independence; conflicts of interest; confidentiality; breaches of the Code
Corporate Governance & Internal Audit
A3, C5, C6- Objectives of corporate governance; OECD principles most relevant to auditors
- Directors’ responsibilities for risk management and internal control
- Audit committees — structure, roles, benefits, limitations
- Internal audit: need for internal audit; scope; limitations; outsourcing
- Internal audit assignments: VFM, IT, financial, compliance, fraud, customer experience
- External audit vs internal audit — comparison and contrast
- Format and content of internal audit reports
Planning, Risk Assessment & Materiality
B1–B6- Engagement acceptance/continuance; preconditions; engagement letters
- Professional scepticism and professional judgement — what they mean in practice
- Audit risk components: inherent, control, detection risk — and the audit risk model
- Materiality: definition; performance materiality; calculation from financial information
- Understanding the entity — analytical procedures in planning; ratio computation and interpretation
- Fraud: auditor vs management responsibilities under ISA 240; effect on audit strategy
- Laws and regulations: auditor’s responsibility
- Overall audit strategy vs audit plan; interim vs final audit; documentation
Internal Controls — Systems, Evaluation & Communication
C1–C4- Five components of internal control (COSO framework): control environment, risk assessment, monitoring, information/communication, control activities
- Recording systems: narrative notes, flowcharts, ICQs/ICEQs
- Evaluating deficiencies; significant deficiencies
- Limitations of internal controls
- Tests of controls by cycle: Sales, Purchases, Payroll, Inventory, Bank & Cash, Non-current Assets
- Computer system controls: general IT controls, information processing controls
- Reporting deficiencies to management — format and content of management letters
Audit Evidence — Assertions, Procedures & Sampling
D1–D3- Assertions — classes of transactions vs account balances (know both sets in full)
- Seven types of audit procedure: inspection, observation, confirmation, recalculation, reperformance, analytical procedures, enquiry
- Quality and quantity of evidence; relevance and reliability hierarchy
- Substantive procedures: how to write them; difference from tests of controls
- Analytical procedures as substantive procedures — examples and application
- Accounting estimates — problems and audit approach
- Audit sampling: statistical vs non-statistical; application; evaluating results
- Smaller entity audit evidence considerations
Audit of Specific Items, Automated Tools & Work of Others
D4–D7- Receivables: direct confirmation; other evidence; revenue completeness/occurrence
- Inventory: year-end count procedures; continuous inventory; cut-off; attendance; third-party; valuation
- Payables & accruals: supplier statement reconciliations; direct confirmation; purchases and payroll expenses
- Bank & cash: bank confirmation reports; other evidence
- Non-current assets: existence; depreciation; disposal
- Non-current liabilities, provisions, contingencies
- Share capital, reserves, directors’ remuneration
- Automated tools: audit software, test data, data analytics — benefits and challenges
- Work of others: experts; internal audit; service organisations; reference in report
- Not-for-profit organisations
Review, Completion & Reporting
E1–E5- Subsequent events: adjusting vs non-adjusting; auditor’s responsibilities; procedures
- Going concern: indicators; auditor vs management responsibilities; procedures; disclosure; reporting implications
- Written representations: purpose; procedure; quality as evidence; when required
- Audit finalisation: overall review; financial statement review procedures; uncorrected misstatements
- Evaluating uncorrected misstatements; schedule of misstatements; written representation
- Independent Auditor’s Report: basic elements; unmodified opinion; modified opinions (qualified, adverse, disclaimer); KAM; emphasis of matter; other matter paragraphs
Integration, Mock Exam & Technique Drilling
All A–E- Full mock exam under timed conditions (3 hrs) — Section A + Section B
- Debrief: mark against model answers; identify technique errors (vague procedures, wrong assertion use, generic implications)
- Targeted re-drilling: weakest topic areas only — no blanket re-revision
- Examiner report review: work through MJ25 and SD25 model answers for any question type still causing issues
- Section B writing speed: aim for 1 mark per 1.5 minutes in written sections
- CBE functionality: word processor, copy/paste, highlight tool for risk identification
3Topic Frequency & Exam Weight Table
Based on MJ23, D23, MJ24, SD24, MJ25, and SD25 examiner reports. High = tested every sitting in Section B. Medium = tested most sittings in Section A. Low = tested occasionally, primarily Section A only.
| Topic | Syllabus Ref | Lesson | Sec A Freq | Sec B Freq | Typical Marks (Sec B) | Examiners’ Note |
|---|---|---|---|---|---|---|
| Audit Risk & Responses | B3, B4 | L3 | High | High | 16–20 | Most heavily weighted single topic. 8 risks at 2 marks each is standard. |
| Substantive Procedures (specific items) | D2, D4 | L5, L6 | High | High | 10–16 | SD25: main source of mark loss — vague, rote-learned tests without source documents. |
| Control Deficiencies & Recommendations | C2, C3, C4 | L4 | High | High | 10–16 | Generic implications (“fraud/error”) earn zero. Must be cycle-specific. |
| Auditor’s Report & Opinion Types | E5 | L7 | High | Medium | 6–10 | MJ25: modified vs unmodified; emphasis of matter vs KAM distinction frequently confused. |
| Going Concern | E2 | L7 | High | Medium | 6–10 | Indicators + reporting implications tested together. Auditor vs management responsibility confusion common. |
| Professional Ethics | A4 | L1 | High | Medium | 4–8 | MJ25: threat identification and safeguards. Candidates misread requirements and focus on management not auditors. |
| Fraud — ISA 240 Responsibilities | B5 | L3 | High | Medium | 4–6 | MJ25: auditor’s responsibilities only. Half marks lost by confusing with management responsibilities. |
| Subsequent Events | E1 | L7 | High | Medium | 4–6 | Adjusting vs non-adjusting classification; procedures; MJ25 full Section A case. |
| Corporate Governance Deficiencies | A3 | L2 | Medium | Medium | 4–8 | SD25: Quirky Quadbikes. Candidates struggle to link deficiency to specific CG principles. |
| Materiality Calculation | B3 | L3 | High | Low | 2–4 | Benchmarks (PBT 5–10%, Revenue 1–2%, Total Assets 1–2%) must be memorised with justifications. |
| Analytical Procedures — Ratios | B4, D2 | L3 | Medium | Medium | 4–6 | SD25 Survival Solutions: compute and interpret ratios in planning context. Link to specific audit risks. |
| Assertions | D1 | L5 | High | Low | 2–4 | Two assertion sets (transactions vs balances) must both be known. Used in risk explanations for Section B. |
| Sampling | D3 | L5 | Medium | Low | 2–4 | Statistical vs non-statistical; evaluating sample results. Mainly Section A. |
| Automated Tools & Data Analytics | D5 | L6 | Medium | Low | 2–4 | Benefits and challenges; audit software vs test data distinction. Growing in frequency. |
| Written Representations | E3 | L7 | Medium | Low | 2–4 | Purpose, reliability, and when required. MJ25: ISA 450 written rep re uncorrected misstatements. |
| Work of Others (Experts, IA, Service Orgs) | D6 | L6 | Medium | Low | 2–4 | Factors affecting reliance; cannot simply rely without evaluation. |
| Engagement Acceptance / Engagement Letters | B1 | L3 | Medium | Low | 2–4 | Preconditions; contents of letter; ethical considerations at acceptance stage. |
| Not-for-Profit Organisations | D7 | L6 | Low | Low | 2–4 | Apply standard audit techniques — income recognition and restricted funds are the key differences. |
4What to Skip (and What You Cannot Skip)
The goal is exam readiness, not encyclopaedic knowledge. Section F (Employability and Technology Skills) is not directly examined as a standalone syllabus area — it is embedded in the exam format itself. The time saved by efficient coverage of lower-weight areas should be redirected to written practice on Tier 1 topics.
| Topic | Guidance | Why |
|---|---|---|
| Section F: Employability & Technology Skills | No dedicated study needed — practise on the ACCA CBE platform | Not examined as a knowledge topic. Demonstrated through CBE functionality use during the exam itself. |
| Specific OECD governance codes | Understand the purpose; skip memorising article numbers | Examined as application to scenario, not recitation of code content. |
| History and development of ISAs | 1–2 lines: IAASB issues ISAs; ACCA members follow them; national standard-setters adopt or converge. Done. | Tested at Level 1 only. Section A question at most — 2 marks. |
| LAN/WAN network types | Not in the AA syllabus at all | This is a PM topic, not an AA topic. |
| Statistical sampling formulae | Understand concepts and application; no formula memorisation required | AA does not require calculation of sample sizes. Application and evaluation questions only. |
| Detailed flowchart drawing technique | Know what flowcharts are used for; know their pros/cons vs narrative notes vs ICQs. Skip drawing them. | The exam asks you to evaluate systems in prose, not draw flowcharts. |
| UK-specific statutory details | Refer to the examinable documents list. Use general principles unless a specific ISA reference is tested. | AA is a global variant. UK-specific provisions are rarely tested. |
Do NOT skip any of the following — they are tested in every sitting and cost significant marks when candidates underprepare them: Audit risk explanation formula (area + assertion + over/under), the five fundamental principles of ethics (with threat types), the going concern indicators list, the auditor’s report structure (unmodified, qualified, adverse, disclaimer), the assertions for transactions and balances, and the ISA 240 auditor fraud responsibilities.
5Section A — Comprehensive OT Question Bank by Lesson
Each lesson ends with 5 OT questions drawn from the topics covered. These are designed to replicate the OT case format (scenario + 5 questions, 2 marks each). The bank below shows the topic coverage map — each topic area must have at least 3 OT questions in rotation across the course.
| Lesson | OT Topics Covered in Practice Bank | Question Formats Used | Min Questions |
|---|---|---|---|
| L1 | Five elements of assurance; assurance vs non-assurance; threat types; safeguards; independence; quality management | True/False sets; single best answer; scenario identification | 5 per lesson |
| L2 | Audit committee roles; internal vs external audit differences; internal audit assignment types; governance deficiencies | Multiple match (drag to table); single best answer | 5 |
| L3 | Audit risk model; materiality benchmarks and calculation; professional scepticism; engagement letter contents; fraud responsibilities; planning procedures | Calculation + interpretation; True/False; single best answer | 8 (high weight topic) |
| L4 | Five components of internal control; deficiency identification; tests of controls by cycle; IT general controls; management letter content | Scenario matching; True/False; single best answer | 8 |
| L5 | Assertions (both sets); procedure type identification (substantive vs ToC); reliability hierarchy; sampling concepts | Classification; True/False; single best answer | 6 |
| L6 | Specific procedures for each balance area; inventory count procedures; bank confirmation; data analytics; work of experts | Scenario-based single best answer; True/False; matching | 8 |
| L7 | Subsequent events classification; going concern indicators; modified opinion types; KAM vs emphasis of matter; misstatement evaluation; written representations | Scenario-based with financial data; True/False; matching to report section | 8 |
| L8 | Full 15-question mock Section A (3 cases × 5 questions) covering all syllabus areas | Full exam simulation | 15 |
6Section B — Comprehensive Practice Question Structure
Each lesson includes one Section B practice task. The task is dynamic — the scenario varies but the underlying requirements replicate the actual exam question types. Below is the master structure for each question type, used as a template across all lessons.
The Section B practice for each lesson includes a Word document (.docx) answer template — exactly replicating the CBE word processor environment — so candidates practise typing structured responses under time pressure, not just planning bullet points on paper.
Section B Question 1 — Planning & Risk (Standard Format — used in Lessons 3, 4, 6, 8)
Scenario: 400–600 word description of a company being audited. Includes: industry background, financial data for current and prior year, 4–6 specific operational facts giving rise to audit risks, one ethical issue, one internal control or fraud-related issue.
Knowledge requirement: Explain [ISA-based responsibility or concept] in the context of the engagement. Examples: ISA 240 auditor fraud responsibilities; ISA 315 understanding the entity; going concern indicators; professional scepticism. Format: 4 well-explained points × 1 mark each. Common error: only getting ½ mark per point by writing incomplete explanations.
Describe EIGHT audit risks and explain the auditor’s response to each. Mark scheme: ½ identification + ½ explanation (area + assertion/over/under) + 1 auditor response = 2 marks per risk. Total 16 marks. Write risks in structured paragraphs; use the highlight tool in CBE to identify risk factors in the scenario first. Common errors: copying scenario facts without identifying the risk; generic responses; confusing management responses with auditor responses.
Substantive procedures OR tests of controls for a specific account balance identified in the scenario (e.g., revenue recognition, payroll, inventory valuation). 1 mark per well-explained procedure naming source documents. Common errors: vague procedures; tests of control when substantive required; procedures not addressing the specific risk in the scenario.
Ethical threats and safeguards OR reporting considerations based on a fact introduced in the scenario. Format: identify threat type + explain why it arises + propose safeguard. 1 mark per well-explained point. Common error: naming a threat without explaining why it arises in this specific scenario.
Section B Questions 2 & 3 — Internal Control / Audit Evidence / Completion (used across all lessons)
Scenario: 200–400 word description focused on a specific audit area. Two or three sub-requirements totalling 20 marks. The dominant format types are:
(a) Identify and explain [4–5] deficiencies in [cycle] system and for each: state the implication to the business AND recommend an improvement. Mark scheme: ½ deficiency + ½ implication + 1 recommendation = 2 per control. (b) Describe substantive procedures for the same or related balance. Common error: implication stated as “fraud and error” (generic, earns nothing); recommendation phrased as an objective not an action.
(a) Discuss going concern indicators OR evaluate uncorrected misstatements. (b) Determine the appropriate audit opinion and explain the impact on the auditor’s report structure. (c) Subsequent events — classify as adjusting/non-adjusting AND state auditor action. Common error: selecting qualified when adverse is required; failing to distinguish emphasis of matter from KAM.
(a) Describe substantive procedures for [specific balance area]. (b) Describe audit procedures for [related area — often inventory count attendance or bank confirmation]. Common error: providing tests of controls; writing procedures without naming source documents; testing the wrong balance (e.g., payables procedures for a purchases question).
(a) Compute [4–6] financial ratios from provided data. (b) Interpret ratios and identify audit risks arising. Must link each ratio movement to a specific financial statement risk with an assertion. Common error: identifying the ratio movement without explaining the audit risk it indicates.
Word document answer template for Section B: Each lesson’s Section B practice includes a pre-formatted .docx file with the scenario, requirements, and a lined answer space — mirroring the CBE constructed response format. Candidates type their answer (do not handwrite), then self-mark against the provided mark scheme. This trains both technical content AND CBE word processor speed simultaneously.
7The Five Exam Technique Rules (Examiner-Evidence Based)
These rules are drawn directly from the MJ25 and SD25 examiner reports. Every Section B practice task should be self-assessed against these rules before checking the mark scheme.
❌ Rule 1 — Never Copy the Scenario
Copying a fact from the scenario is not identifying an audit risk. “Pimento Co uses a new inventory methodology” = 0 marks. “Inventory may be misstated (overstated) if the new methodology is not a close approximation to cost as required by IAS 2” = 1 mark.
❌ Rule 2 — No Source Document = Half Mark
Every substantive procedure must name a specific document. “Agree payroll to bank statements” = ½. “Agree the net pay per payroll records to the total bank payment per bank statement for [month]” = 1 mark. The document AND what it confirms are both required.
❌ Rule 3 — “Fraud and Error” is Always Wrong
As an implication for a control deficiency, “this could lead to fraud and error” earns zero marks in every sitting. The implication must be operational and specific: “the company may pay for goods not received, resulting in financial loss and inflated payables balances.”
✓ Rule 4 — Assertion = Mandatory in Risk Explanation
Every audit risk explanation needs: the specific financial statement line affected + either (a) an assertion (valuation, completeness, cut-off, existence, rights, presentation) OR (b) a clear statement of over or understatement. “Assets could be misstated” = 0. “PPE could be overstated” = minimum for ½ mark.
✓ Rule 5 — Responses Must Be Auditor Actions
Audit risk responses must be what an auditor does, not what management should do. “Management should implement stronger controls” = 0. “Obtain and review board minutes authorising the capital expenditure and agree to the asset register and invoices received” = 1 mark.
✓ Rule 6 — Substantive ≠ Test of Control
When asked for substantive procedures: any procedure that tests whether a control is operating earns nothing. Reviewing authorisation of transactions = ToC. Recalculating gross-to-net pay agreed to payroll records = substantive. Read the requirement, then check every answer before moving on.
Master Plan — Quick Reference Summary
- 8 lessons sequenced by exam weight: Lessons 3–7 cover Tier 1 topics (Audit Risk, Controls, Evidence, Reporting). Lesson 8 is mock + targeted drilling only.
- Every lesson ends with 5 Section A OT questions (exam format) + 1 Section B written task (with Word document answer template).
- Tier 1 topics (do not underprepare): Audit Risk, Substantive Procedures, Control Deficiencies, Auditor’s Report, Going Concern, Ethics. These dominate every Section B.
- Skip Section F (use CBE platform instead), ISA history, statistical sampling formulae, flowchart drawing technique, OECD code memorisation.
- Examiner’s core message (MJ25 + SD25): Failures are technique failures, not knowledge failures. Generic answers, rote procedures, and scenario-ignoring responses are the primary cause of under-50% scores.
- Section B mark formula — Audit Risk: ½ identify + ½ explain (area + assertion) + 1 response. Controls: ½ deficiency + ½ implication (specific) + 1 recommendation (action). Procedures: 1 per named-document, scenario-specific, substantive procedure.
- Before sitting: Read the MJ25 and SD25 examiner reports in full. Attempt the named questions (Pimento Co, Quirky Quadbikes, Survival Solutions, Flatiron Co) before reading the model answers.