CPA Exam Lab
Section 3: 30–40%A13

Information Technology and CAATs

Exam insight

Section 3 is 30-40% of the AUD exam, the heaviest section, and IT questions appear on every exam form because almost all modern financial reporting runs through IT systems. The #1 AICPA trap is testing application controls before confirming that IT general controls work, if ITGCs are weak, every application control built on that infrastructure may be unreliable, no matter how well it is designed. Candidates also flip test data (the auditor's fictitious data through the client's system) and parallel simulation (the client's real data through the auditor's software), the data flows in opposite directions. And many miss the line between IT general controls (environment-wide: access, change management, operations) and application controls (transaction-specific: input validation, edit checks, batch totals).

CPA Exam Lab is an independent study resource and is not affiliated with, endorsed by, or sponsored by the AICPA® or NASBA. Practice questions are original content created for study purposes. “CPA” is a registered trademark of the AICPA.

What AICPA wants you to know

  • 1Distinguish between IT general controls and application controls
  • 2Identify common IT risks and their impact on the audit
  • 3Understand computer-assisted audit techniques (CAATs)
  • 4Explain the impact of IT on internal control and audit strategy
  • 5Recognize IT governance and security concepts relevant to auditing