examiner says “Reliance on CAATs will force the auditor to rely on programmed controls during an audit; in fact using CAATs may be the only way to test controls within a computer system.”
why is auditor is forced to rely on programmed controls? can we test control within a computer system without CAATs?
If a computer system is supposed to reject orders that would put a customer over the credit limit, how would you test that the order is indeed rejected? There might be no record of rejected orders. Therefore use test data: set up a fake customer with a credit limit and see if it rejects large orders.