1.3a: Compliance & Substantive Testing - Quiz (Doshi) Flashcards
IS auditor is reviewing the internal control of an application software. The sampling method that will be MOST useful when testing for compliance is:
A. Attribute sampling
B. Variable sampling
C. Random sampling
D. Judgmental sampling
A. Attribute sampling
In any given scenario, attribute sampling method (either control is present or absent) will be useful when testing for compliance. Attribute sampling is the primary sampling method used for compliance testing. Attribute sampling is a sampling model that is used to estimate the rate of occurrence of a specific quality (attribute) in a population and is used in compliance testing to confirm whether the quality exists. The other choices are used in substantive testing, which involves testing of details or quantity.
Test to determine whether last 50 new user requisitions were correctly processed is an example of:
A. discovery sampling.
B. substantive testing.
C. compliance testing.
D. stop-or-go sampling.
C. compliance testing.
Which of the following is a substantive test?
A. Reviewing compliance with firewall policy.
B. Reviewing adherence to change management policy.
C. Using a statistical sample to inventory the tape library
D. Reviewing password history reports
C. Using a statistical sample to inventory the tape library
In any given scenario, substantive testing checks the integrity of contents. A substantive test confirms the integrity of actual processing. A substantive test would determine if the tape library records are stated correctly.
Major difference between compliance testing and substantive testing is that compliance testing tests:
A. details, while substantive testing tests controls.
B. controls, while substantive testing tests details.
C. financial statements, while substantive testing tests items in trial balance.
D. internal requirements, while substantive testing tests internal controls.
B. controls, while substantive testing tests details
In any given scenario, compliance testing test controls, while substantive testing tests details. Compliance testing involves determining whether controls exist as designed whereas substantive testing relates to detailed testing of transactions/procedures.
When an IS auditor performs a test to ensure that only active users have access to a critical system, the IS auditor is performing a:
A. compliance test.
B. substantive test.
C. statistical sample.
D. Judgment Sampling.
A. compliance test.
In any given scenario, compliance testing checks for the presence of controls whereas substantive testing checks the integrity of contents. Compliance tests determine if controls are being applied in accordance with management policies and procedures. In this case, verifying that only active associates are present provides reasonable assurance that a control is in place and can be relied upon.
IS auditors are MOST likely to reduce substantive test procedure if after compliance test they conclude that:
A. a substantive test would be too costly.
B. the control environment is poor.
C. inherent risk is low.
D. control risks are within the acceptable limits.
D. control risks are within the acceptable limits.
In any given scenario, outcome/result of compliance testing will form the basis for planning of substantive testing. For example, if compliance testing indicates strong internal control, substantive testing may be waived off or reduced. In case compliance testing indicates weak internal controls then substantive testing to be more rigorous. The development of substantive tests is often dependent on the outcome of compliance tests. In this case, if control risks are within acceptable limits and hence substantive test procedure can be reduced.
Which of the following is a substantive audit test?
A. Verifying that a management check has been performed regularly
B. Observing that user IDs and passwords are required to sign on the computer
C. Reviewing reports listing short shipments of goods received
D. Reviewing an aged trial balance of accounts receivable
D. Reviewing an aged trial balance of accounts receivable
In compliance testing we gather evidence with the objective of testing an organization’s compliance with control procedures. In substantive testing, we gather evidence to evaluate the integrity of data, a transaction or other information. Compliance testing checks for the presence of controls whereas substantive testing checks the integrity of contents. A review of accounts receivable will provide evidence of the validity and propriety of the financial statement balance. Choices A, B and C are compliance tests to determine that policies and procedures are being followed
The objective of compliance tests is to ensure:
A. controls are implemented as prescribed.
B. documentation is complete.
C. access to users is provided as specified.
D. data validation procedures are provided.
A. controls are implemented as prescribed.
Compliance tests are performed primarily to verify whether controls are implemented and effective.
An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered?
A. Substantive
B. Compliance
C. Integrated
D. Continuous audit
A. Substantive
Using a statistical sample to inventory the tape library is an example of a substantive test.
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?
A. A substantive test of program library controls
B. A compliance test of program library controls
C. A compliance test of the program compiler controls
D. A substantive test of the program compiler controls
B. A compliance test of program library controls
A compliance test determines if controls are operating as designed and are being applied in a manner that complies with management policies and procedures. For example, if the IS auditor is concerned whether program library controls are working properly, the IS auditor might select a sample of programs to determine if the source and object versions are the same. In other words, the broad objective of any compliance test is to provide auditors with reasonable assurance that a particular control on which the auditor plans to rely is operating as the auditor perceived it in the preliminary evaluation.
Evidence gathering to evaluate the integrity of individual transactions, data or other information is typical of which of the following?
A. Substantive testing
B. Compliance testing
C. Detection testing
D. Control testing
A. Substantive testing
Evidence gathering to evaluate the integrity of individual transactions, data or other information is called substantive testing whereas evidence gathering for the purpose of testing an organization’s compliance with control procedures is called compliance testing.