Compliance Testing:
In compliance testing we gather evidence with the objective of testing
an organization's compliance with control procedures. Compliance
testing checks for the presence of controls.
Examples of compliance test include:
- To verify configuration of
router for controls
- To verify change management
steps to ensure controls are effective
- Review of system access
rights
- Review of firewall settings
- Review compliance with
password policy
Substantive Testing:
In substantive testing, we gather evidence to evaluate the integrity of data, a transaction or other information. Substantive testing checks the integrity of contents. Substantive procedures are tests designed to obtain evidence to ensure the completeness, accuracy and validity of the data.
Examples of substantive test
include:
- Conduct a bank confirmation
to test ending cash balances.
- Observe the period-end counting of inventory.
- Contact lenders to confirm that loan balances are
correct.
- Confirm the validity of inventory valuation
calculations.
- Physically match fixed assets to fixed asset records.
- Determining that all entries recorded in the cash
disbursements journal are valid by examining
supporting documents.
-Physical
inventory of the tapes at the offsite storage location and compare that
inventory to the
organizations inventory to verify that the
numbers match.
- Review of trial balance.
- Examining
material journal entries and other adjustments made during the preparation of
the financial
statements.
Points to remember for CISA exam:
(1) In any given scenario, compliance testing will be
performed first. Substantive testing will be the next step.
(2)In any given scenario, compliance testing test
controls, while substantive testing tests details.
(3) In any given scenario, compliance testing checks for
the presence of controls whereas substantive testing checks the integrity of
contents i.e. test of individual transactions.
(4)In any given scenario, outcome/result of compliance
testing will form the basis for planning of substantive testing. For example,
if compliance testing indicates strong internal control, substantive testing
may be waived off or reduced. In case compliance testing indicates weak
internal controls then substantive testing to be more rigorous. The development of substantive tests is often dependent on the outcome
of compliance tests.
(5)In any given scenario, attribute sampling method
(either control is present or absent) will be useful when testing for
compliance.
Question, Answer and Explanation:
These questions were collected
from different resources and reflect the kind of the questions at the CISA
exam. Every question has a detailed answer explanation.
Full version of e-book is available at
No comments:
Post a Comment