CISA DOMAIN 1

1
www.infosectrain.com
Understanding the concepts of Compliance testing
and substantive testing
2
InfosecTrain
About Us
InfosecTrain is one of the finest Security and
Technology Training and Consulting organization,
focusing on a range of IT Security Trainings and
Information Security Services. InfosecTrain was
established in the year 2016 by a team of
experienced and enthusiastic professionals, who
have more than 15 years of industry experience.
We provide professional training, certification
consulting services related to all areas of
Information Technology and Cyber Security.
3
CISA DOMAIN 1

• Understanding the concepts of Compliance testing
  and substantive testing

• While performing the audit, the IS auditor
  initially performs compliance testing and then
  proceed with substantive testing. Now, let us
  understand the concepts of compliance testing and
  substantive testing in detail. After reading
  through this article, you will be able to
  understand the differences and the correlation
  between compliance testing and substantive
  testing.

4
(No Transcript)
5

• 1. What does compliance testing mean?
• It can also be called as conformity testing or
  assessment
• Compliance testing deals with the test of
  controls
• It refers to testing or other activities that
  determine whether a process, product, or service
  complies with the requirements of a  (Whether it
  is a complaint or not)
• A compliance test determines whether controls are
  being applied in a manner that complies
  withmanagement policies and procedures
• It is a non-functional testing mechanism to
  validate whether the system developed meets the
  organizations prescribed standards or not.
• 2. When to perform Compliance testing?
• Compliance testing is performed to test the
  existence and effectiveness of a defined process,
  which may include a trail of documentary and/or
  automated evidence for example, to provide
  assurance that only authorized modifications are
  made to production programs.

6

• 3. What are the examples of compliance testing?
• The examples of compliance testing include
  check/verification of the following
• User Access rights
• Program change control procedures
• Documentation procedures
• Program documentation
• Follow-up of exceptions
• Review of logs
• Software license audits
• 4. What does Substantive testing mean?
• Substantive testing is an audit procedure that
  examines the financial statements and supporting
  documentation to see if they contain errors.
• Substantive testing deals with the test of
  details of the transactions
• It provides evidence of the validity and
  integrity of the balances in the financial
  statements and the transactions that support
  these balances
• These tests are needed as evidence to support the
  assertion that the financial records of an entity
  are complete, valid, and accurate.

7

• 5. When to perform Substantive testing?
• Substantive testing is performed where it is
  required to evaluate the controls to determine
  the basis of reliance, the nature, scope, and
  timing of substantive tests.
• The balances are verified through validation of
  balances and transactions and performing analytic
  review procedures.
• Substantive testing is always performed after
  compliance testing. In cases where compliance
  testing indicates weaker controls, then
  substantive testing can be more rigorous. On the
  other hand, if the results of compliance testing
  indicate stronger internal control, then the
  substantive testing can be even waived off.
• 6. What are the examples of Substantive testing?
• The examples of substantive testing include
  check/verification of the following
• Performance of a complex calculation (e.g.,
  interest) on a sample of accounts or a sample of
  transactions to vouch for supporting
  documentation, etc.
• Confirmation on the validity of inventory
  valuation calculations
• Confirmation of fixed asset balances with fixed
  asset records/register
• Review of Minutes of Board of Directions in
  approving the dividend.
• Obtaining Bank confirmation for confirming bank
  balances
• Test of cut-off procedures
• 7. Correlation between compliance testing and
  substantive testing
• Now that we are clear on the concepts of
  compliance and substantive testing let us try to
  understand the correlation between compliance
  testing and substantive testing with an example.

8
At the initial stage, the IS auditor enquires
with the organization on the end-to-end process
on the purchasing system, the key controls in
place. Based on the observations and conversation
with the organization on the Purchasing system,
the IS auditor will conclude on whether the
internal control is strong or weak in the
organization. This indicates the test of control,
which is compliance testing. Based on the
conclusion obtained on compliance testing, the IS
auditor obtains evidence on the correctness and
accuracy of the balances, like verification of
purchase requisition, Purchase orders, Payments
made to the suppliers, carrying out analytical
procedures, etc. This indicates a test of
individual transactions, which is substantive
testing. InfosecTrain offers Certified
Information Systems Auditor(CISA) instructor-led
training. To know more about this course Click
Here
9
Why Infosec Train

• ABOUT OUR COMPANY

Global Learning Partners
10
PRICING DETAILS
PRODUCT LIST
Lorem ipsum dolor sit amet, consectetur
adipiscing elit. Integer nec odio. Praesent
libero. Sed cursus ante dapibus diam. Sed nisi.
Nulla quis sem at nibh elementum imperdiet.
11
(No Transcript)
12
ABOUT OUR COMPANY
OUR CONTACT
InfosecTrain welcomes overseas customers to come
and attend training sessions in destination
cities across the globe and enjoy their learning
experience at the same time.
91-97736-67874
https//www.facebook.com/Infosectrain/
sales_at_infosectrain.com
https//www.linkedin.com/company/infosec-train/
www.infosectrain.com
https//www.youtube.com/c/InfosecTrain