The following questions relate to the control risk assessment in computerized systems. Select the best response.

a. In obtaining an understanding of a client's EDP controls, the auditor will encounter general controls and application controls. Which of the following is an application control?

1. Dual read.

2. Hash total.

3. Systems flowchart.

4. Control over program changes.

b. To replace the human element of error detection associated with manual processing, a well-designed automated system will introduce 

1. Dual circuitry.

2. Programmed limits.

3. Echo checks.

4. Read after write.

c. After obtaining an understanding of a client's EDP control, an auditor may decide not to perform tests of controls within the EDP portion of the client's system. Which of the following would not be a valid reason for choosing to omit tests of controls?

1. The controls duplicate operative controls existing elsewhere in the system.

2. There appear to be major deficiencies that would preclude reliance on the stated procedure.

3. The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests show the controls to be operative.

4. The controls appear adequate enough to be relied upon in assessing the level of control risk.

d. If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll EDP application?

1. Gross pay.

2. Hours worked.

3. Department number.

4. Number of employees.