Choice "A" is correct. When an entity transmits, processes, maintains, or accesses significant information electronically, factors unique to electronic processing may make it impractical or impossible to reduce detection risk to an acceptable level through substantive testing alone. In such cases, tests of controls should be performed.
Choices "c", "b", and "d" are incorrect. Certain factors unique to electronic processing may make it impractical or impossible to reduce detection risk to an acceptable level through substantive testing alone. In such cases, tests of controls should be performed to address the increased potential for unauthorized access, the risks of insufficient paper-based audit evidence, and the fact that the appropriateness and sufficiency of evidence may be dependent to some extent on computerized controls. Simply expanding the sample size, adjusting materiality levels, or applying analytical procedures will not address these concerns.
