Audit and Assurance

The Audit and Assurance module, part of the ICAG Professional Qualification Syllabus for 2024–2029 at the Application Level (module 2.3), develops candidates’ understanding of auditing principles, international standards, professional ethics, and assurance engagements. It equips learners with practical skills in risk assessment, internal control evaluation, audit evidence gathering, and forming audit opinions. The module also introduces public sector audit concepts, highlighting the auditor’s role in enhancing accountability and governance.

Module Aim

The aim of this module is to ensure candidates acquire knowledge and understanding of auditing and assurance concepts, the regulatory and ethical requirements governing auditors, and the practical application of International Standards on Auditing (ISAs). It prepares candidates to plan and conduct audit and assurance assignments, evaluate internal controls, assess risks, gather appropriate evidence, and communicate reliable conclusions for both private and public sector entities.

Core Content Areas

The curriculum is organized around key competencies, with indicative weightings that guide study priorities and reflect exam emphasis:

Audit Framework and Regulation (15%)

• Explains the nature, purpose, and scope of audit and assurance engagements.

• Outlines the regulatory environment, including ISAs, audit legislation, professional standards, and the role of oversight bodies.

• Identifies types of assurance engagements, levels of assurance, and reporting requirements.

• Considers auditor independence, professional skepticism, confidentiality, and other ethical obligations.

Ethics, Professional Conduct, and Quality Control (15%)

• Applies ethical principles based on the ICAG and IFAC Codes of Ethics.

• Identifies threats to independence and safeguards.

• Explains quality control procedures at firm and engagement levels.

• Discusses the importance of professional competence, due care, documentation, and compliance with ethical standards.

Planning and Risk Assessment (20%)

• Demonstrates the audit planning process, including understanding the entity and its environment.

• Assesses business risks and their impact on financial statements.

• Identifies and evaluates audit risks, materiality, inherent risk, control risk, and detection risk.

• Uses analytical procedures for planning, risk assessment, and identifying anomalies.

Internal Control Systems and Testing (20%)

• Evaluates components of internal control systems, including control environment, risk assessment, information systems, control activities, and monitoring.

• Identifies control weaknesses and their implications for audit strategy.

• Designs and applies tests of controls; interprets results to determine audit approach.

• Discusses internal control in both private and public sector entities.

Audit Evidence and Procedures (20%)

• Explains the nature, sufficiency, and appropriateness of audit evidence.

• Applies substantive procedures to verify income, expenses, assets, liabilities, and equity.

• Uses sampling techniques and selects suitable audit procedures.

• Documents audit work in accordance with ISA requirements.

• Highlights the use of technology and data analytics in gathering audit evidence.

Audit Reporting and Completion (10%)

• Reviews subsequent events, going concern assessments, and management representations.

• Prepares and interprets auditor’s reports (unmodified and modified opinions).

• Communicates audit findings, deficiencies, and recommendations to management and those charged with governance.

• Considers the auditor’s responsibilities relating to fraud and compliance with laws and regulations.

Ethical considerations are embedded throughout the module, requiring candidates to apply professional judgment, maintain objectivity, uphold independence, and demonstrate professional skepticism in planning, performing, and reporting on assurance and audit engagements across both private and public sector contexts.