Sampling and IT
The IT Control Gate
IT general controls gate everything: if they fail, application controls cannot be trusted.
How the exam words it
- -The stem finds an IT general control weakness (change management, access) and asks the effect.
- -It distinguishes IT general controls from application controls.
- -It picks a CAAT: test data, parallel simulation, or an integrated test facility.
- -Terminated users, unauthorized program changes, or a new system are described.
The playbook
- 1If IT general controls are ineffective, application controls are unreliable, so increase substantive testing.
- 2Test data runs the auditor's fake transactions through the client's system, parallel simulation runs real client data through the auditor's software.
- 3An integrated test facility posts test transactions in the live system alongside real ones.
The trap
Relying on application controls when IT general controls are weak, or confusing test data with parallel simulation. Weak general controls undermine every application control.
How the exam varies it
The same pattern, re-skinned along these axes:
IT general control versus application controlWhich CAAT techniqueThe control weakness and its downstream effect
Drill this pattern
8 questions of The IT Control Gate from across the AUD topics. Clear it by getting 5 right with a streak of 3.