Information Technology and CAATs
Section 3 is 30-40% of the AUD exam — the heaviest section — and IT questions appear on every exam form because virtually all modern financial reporting flows through IT systems. The #1 AICPA trap is testing application controls before verifying IT general controls are effective — under auditing standards, if ITGCs are weak, ALL application controls built on that infrastructure may be unreliable regardless of their design. Candidates frequently confuse test data (auditor's fictitious data through the client's system) with parallel simulation (client's real data through the auditor's software) — the direction of data flow is reversed. Many candidates also miss the distinction between IT general controls (environment-wide: access, change management, operations) and application controls (transaction-specific: input validation, edit checks, batch totals).
CPA Exam Lab is an independent study resource and is not affiliated with, endorsed by, or sponsored by the AICPA® or NASBA. Practice questions are original content created for study purposes. “CPA” is a registered trademark of the AICPA.
What AICPA Wants You to Know
- 1Distinguish between IT general controls and application controls
- 2Identify common IT risks and their impact on the audit
- 3Understand computer-assisted audit techniques (CAATs)
- 4Explain the impact of IT on internal control and audit strategy
- 5Recognize IT governance and security concepts relevant to auditing