CISA DOMAIN 1

224 views

Embed
Email

From

Username or Email (please add comma after each username or email)

Name	Email

Back

Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

Infosectrain

Uploaded on Feb 4, 2021

Category Education

This CISA Certification Training, CISA Exam Training, CISA Online Course is aligned to ISACA helps you to learn how to protect information systems & IS audit processes. Enroll now to become CISA Certified!"

Category Education

Comments

CISA DOMAIN 1
www.infosectrain.com
Understanding the concepts of
Compliance testing and substantive
testing
InfosecTrain
About Us
InfosecTrain is one of the finest Security and Technology Training and Consulting organization, focusing on a range of IT
Security Trainings and Information Security Services. InfosecTrain was established in the year 2016 by a team of
experienced and enthusiastic professionals, who have more than 15 years of industry experience. We provide professional
training, certification & consulting services related to all areas of Information Technology and Cyber Security.
Understanding the concepts of Compliance testing and
substantive testing
CISA DOMAIN 1
While performing the audit, the IS auditor initially
performs compliance testing and then proceed with
substantive testing. Now, let us understand the
concepts of compliance testing and substantive testing
in detail. After reading through this article, you will be
able to understand the differences and the correlation
between compliance testing and substantive testing.
3
4
1. What does compliance testing mean?
•It can also be called as conformity testing or assessment
•Compliance testing deals with the test of controls
•It refers to testing or other activities that determine whether a process, product, or
service complies with the requirements of a (Whether it is a complaint or not)
•A compliance test determines whether controls are being applied in a manner that
complies with
management policies and procedures
•It is a non-functional testing mechanism to validate whether the system developed
meets the organization’s prescribed standards or not.
2. When to perform Compliance testing?
•Compliance testing is performed to test the existence and effectiveness of a
defined process, which may include a trail of documentary and/or automated
evidence – for example, to provide assurance that only authorized modifications are
made to production programs.
5
3. What are the examples of compliance testing?
The examples of compliance testing include check/verification of the
following:
• User Access rights
• Program change control procedures
• Documentation procedures
• Program documentation
• Follow-up of exceptions
• Review of logs
• Software license audits
4. What does Substantive testing mean?
•Substantive testing is an audit procedure that examines the financial
statements and supporting documentation to see if they contain errors.
•Substantive testing deals with the test of details of the transactions
•It provides evidence of the validity and integrity of the balances in the financial
statements and the transactions that support these balances
•These tests are needed as evidence to support the assertion that the financial
records of an entity are complete, valid, and accurate.
6
5. When to perform Substantive testing?
•Substantive testing is performed where it is required to evaluate the controls to
determine the basis of reliance, the nature, scope, and timing of substantive tests.
•The balances are verified through validation of balances and transactions and
performing analytic review procedures.
•Substantive testing is always performed after compliance testing. In cases where
compliance testing indicates weaker controls, then substantive testing can be more
rigorous. On the other hand, if the results of compliance testing indicate stronger
internal control, then the substantive testing can be even waived off.
6. What are the examples of Substantive testing?
•The examples of substantive testing include check/verification of the following:
• Performance of a complex calculation (e.g., interest) on a sample of accounts or a
sample of transactions to vouch for supporting documentation, etc.
• Confirmation on the validity of inventory valuation calculations
• Confirmation of fixed asset balances with fixed asset records/register
• Review of Minutes of Board of Directions in approving the dividend.
• Obtaining Bank confirmation for confirming bank balances
• Test of cut-off procedures
7. Correlation between compliance testing and substantive testing
Now that we are clear on the concepts of compliance and substantive testing let us try
to understand the correlation between compliance testing and substantive testing with
an example.
7
At the initial stage, the IS auditor enquires with the organization on
the end-to-end process on the purchasing system, the key controls in
place. Based on the observations and conversation with the
organization on the Purchasing system, the IS auditor will conclude on
whether the internal control is strong or weak in the organization. This
indicates the test of control, which is compliance testing.
Based on the conclusion obtained on compliance testing, the IS
auditor obtains evidence on the correctness and accuracy of the
balances, like verification of purchase requisition, Purchase orders,
Payments made to the suppliers, carrying out analytical procedures,
etc. This indicates a test of individual transactions, which is
substantive testing.
InfosecTrain offers Certified Information Systems Auditor(CISA)
instructor-led training. To know more about this course Click Here
8
Drag and drop image OR click the icon to add background
A B O U T O U R C O M PA N Y
Why Infosec Train  Guaranteed to run Certified & Experienced courses  Instructors
Even with a single participant we will run
We employ certified & experienced instructors and
the batch as scheduled, unlike other
consultants who are on our payroll. No freelancers
organizations we do not postpone or
hence quality training guaranteed. We have world
cancel the training. We value the busy
largest Pool of in-house certified trainer under one
schedule of working professionals.
roof.
 Flexible modes of Training  Tailor made trainings
Here at InfosecTrain we understand that InfosecTrain offers customizable and
every client requirement is unique and comprehensive training packages
needs different approach when it comes to that address customers learning
comprehending and learning. Hence we needs.
have several methods of training to suit
your needs.
Global Learning Partners
PRICING & DETAILS
PRODUCT L IST
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec
odio.
Praesent libero. Sed cursus ante dapibus diam. Sed nisi.
Nulla quis sem at nibh elementum imperdiet.
11
A B O U T O U R C O M PA N Y
OUR CONTACT
InfosecTrain welcomes overseas customers to come and
attend training sessions in destination cities across the globe
and enjoy their learning experience at the same time.
https://www.facebook.com/Infosectr
+91-97736-67874
ain/
sales@infosectrain. https://www.linkedin.com/company/infos
ec-train/
com
www.infosectrain.c https://www.youtube.com/c/Infose
cTrain
om

CISA DOMAIN 1

Menu 3

Infosectrain

Comments

CISA DOMAIN 1

Recommended