:: Home Page            
 Advertise your Business Here     
Browse  |   Placement Papers  |   Company  |   Code Snippets  |   Certifications  |   Visa Questions
Post Question  |   Post Answer  |   My Panel  |   Search  |   Articles  |   Topics  |   ERRORS new
   Refer this Site  Refer This Site to Your Friends  Site Map  Bookmark this Site  Set it as your HomePage  Contact Us     Login  |  Sign Up                      
Categories >> Certifications >> CISA Certification


 Cisco Certifications interview questions  Cisco Certifications Interview Questions (1977)
 Microsoft Certifications interview questions  Microsoft Certifications Interview Questions (167)
 Sun Certifications interview questions  Sun Certifications Interview Questions (41)
 CISA Certification interview questions  CISA Certification Interview Questions (722)
 Oracle Certifications interview questions  Oracle Certifications Interview Questions (57)
 ISTQB Certification interview questions  ISTQB Certification Interview Questions (106)
 Certifications AllOther interview questions  Certifications AllOther Interview Questions (262)
A distinction that can be made between compliance testing
and substantive testing is that compliance testing tests:

A. details, while substantive testing tests procedures.

B. controls, while substantive testing tests details.

C. plans, while substantive testing tests procedures.

D. for regulatory requirements, while substantive testing
tests validations.
 Question Submitted By :: CISA-Certification
I also faced this Question!!     Answer Posted By  
# 1
Answer: B

Compliance testing involves determining whether controls
exist as designed whereas substantive testing relates to
detailed testing of transactions/procedures. Compliance
testing does not involve testing of plans. Regulatory
requirements are not by themselves tested directly in
compliance testing, but controls in place to ensure
regulatory compliance are checked.
Is This Answer Correct ?    23 Yes 2 No
# 2
Compliance testing checks whether controls exist to satisfy
the control objectives.
While Substantive testing checks the effectivenesss of
these controls by testing integrity of individual
transactions and information
Is This Answer Correct ?    4 Yes 2 No
Harshil Shah
# 3
Compliance test is used to check the presence of a process
or control to address a specific risk ( authorization
required for allowing access to the building ) while
Substantive test will give an idea as to how far the
process has been adhered from a sample of transactions from
that process ( how many were provided access without the
required authorization )
Is This Answer Correct ?    2 Yes 1 No
Sivakumar Tv

Other CISA Certification Interview Questions
  Question Asked @ Answers
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.   2
The development of an IS security policy is ultimately the responsibility of the: A. IS department. B. security committee. C. security administrator. D. board of directors.   1
Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device? A. Router B. Bridge C. Repeater D. Gateway   1
The PRIMARY objective of a business continuity and disaster recovery plan should be to: A. safeguard critical IS assets. B. provide for continuity of operations. C. minimize the loss to an organization. D. protect human life.   1
A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.   1
IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that: A. a substantive test would be too costly. B. the control environment is poor. C. inherent risk is low. D. control risks are within the acceptable limits.   2
Which of the following would allow a company to extend it?s enterprise?s intranet across the Internet to it?s business partners? A. Virtual private network B. Client-Server C. Dial-Up access D. Network service provider   1
Which of the following physical access controls would provide the highest degree of security over unauthorized access? A. Bolting door lock B. Cipher lock C. Electronic door lock D. Fingerprint scanner   1
A control for a company that wants to prevent virus-infected programs (or other type of unauthorized modified programs) would be to: A. utilize integrity checkers. B. verify program's lengths. C. backup the source and object code. D. implement segregation of duties.   2
Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. Involve all technical staff. C. Rotate recovery managers. D. Install locally stored backup. Microsoft 4
A data administrator is responsible for: A. maintaining database system software. B. defining data elements, data names and their relationship. C. developing physical database structures. D. developing data dictionary system software.   3
The PRIMARY reason for replacing checks (cheques) with EFT systems in the accounts payable area is to: A. make the payment process more efficient. B. comply with international EFT banking standards. C. decrease the number of paper-based payment forms. D. reduce the risk of unauthorized changes to payment transactions.   1
For more CISA Certification Interview Questions Click Here 

Copyright Policy  |  Terms of Service  |  Articles  |  Site Map  |  RSS Site Map  |  Contact Us
Copyright 2013  All Rights Reserved.   ::