A distinction that can be made between compliance testing
and substantive testing is that compliance testing tests:
A. details, while substantive testing tests procedures.
B. controls, while substantive testing tests details.
C. plans, while substantive testing tests procedures.
D. for regulatory requirements, while substantive testing
tests validations.
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
Compliance testing involves determining whether controls
exist as designed whereas substantive testing relates to
detailed testing of transactions/procedures. Compliance
testing does not involve testing of plans. Regulatory
requirements are not by themselves tested directly in
compliance testing, but controls in place to ensure
regulatory compliance are checked.
Is This Answer Correct ? | 27 Yes | 2 No |
Answer / harshil shah
Compliance testing checks whether controls exist to satisfy
the control objectives.
While Substantive testing checks the effectivenesss of
these controls by testing integrity of individual
transactions and information
Is This Answer Correct ? | 5 Yes | 2 No |
Answer / sivakumar tv
Compliance test is used to check the presence of a process
or control to address a specific risk ( authorization
required for allowing access to the building ) while
Substantive test will give an idea as to how far the
process has been adhered from a sample of transactions from
that process ( how many were provided access without the
required authorization )
Is This Answer Correct ? | 2 Yes | 1 No |
In a risk-based audit approach, an IS auditor should FIRST complete :
The PRIMARY reason for replacing checks (cheques) with EFT systems in the accounts payable area is to: A. make the payment process more efficient. B. comply with international EFT banking standards. C. decrease the number of paper-based payment forms. D. reduce the risk of unauthorized changes to payment transactions.
An advantage of using sanitized live transactions in test data is that: A. all transaction types will be included. B. every error condition is likely to be tested. C. no special routines are required to assess the results. D. test transactions are representative of live processing.
For which of the following applications would rapid recovery be MOST crucial? A. Point-of-sale system B. Corporate planning C. Regulatory reporting D. Departmental chargeback
Which of the following exposures associated with the spooling of sensitive reports for offline printing would an IS auditor consider to be the MOST serious? A. Sensitive data can be read by operators. B. Data can be amended without authorization. C. Unauthorized report copies can be printed. D. Output can be lost in the event of system failure.
In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide separation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
Which of the following is MOST likely to occur when a system development project is in the middle of the programming/coding phase? A. Unit tests B. Stress tests C. Regression tests D. Acceptance tests
When auditing security for a data center, an IS auditor should look for the presence of a voltage regulator to ensure that the: A. hardware is protected against power surges. B. integrity is maintained if the main power is interrupted. C. immediate power will be available if the main power is lost. D. hardware is protected against long-term power fluctuations.
In planning a software development project, which of the following is the MOST difficult to determine? A. Project slack times B. The project's critical path C. Time and resource requirements for individual tasks D. Relationships that preclude the start of an activity before others are complete
Following the development of an application system, it is determined that several design objectives have not been achieved. This is MOST likely to have been caused by: A. insufficient user involvement. B. early dismissal of the project manager. C. inadequate quality assurance (QA) tools. D. noncompliance with defined approval points.
During the review of an organization's disaster recovery and business continuity plan, the IS auditor found that a paper test was performed to verify the existence of all necessary procedures and actions within the recovery plan. This is a: A. preparedness test. B. module test. C. full test. D. walk-through test.
To review access to ceratin data base to determine whether the "new user" forms were correctly authorized. This is an example of: