3a: Compliance & Substantive Testing - Quiz

Question 1

(1) IS auditor is reviewing the internal control of an application software. The sampling method that
will be MOST useful when testing for compliance is:

A. Attribute sampling
B. Variable sampling
C. Random sampling
D. Judgmental sampling

Answer 1

Answer: A. Attribute sampling

Explanation:
In any given scenario, attribute sampling method (either control is present or absent) will be useful
when testing for compliance. Attribute sampling is the primary sampling method used for
compliance testing. Attribute sampling is a sampling model that is used to estimate the rate of
occurrence of a specific quality (attribute) in a population and is used in compliance testing to
confirm whether the quality exists. The other choices are used in substantive testing, which involves
testing of details or quantity.

Question 2

(2) Test to determine whether last 50 new user requisitions were correctly processed is an example
of:

A. discovery sampling.
B. substantive testing.
C. compliance testing.
D. stop-or-go sampling.

Answer 2

Answer: C. compliance testing.

Question 3

(3) Which of the following is a substantive test?

A. Reviewing compliance with firewall policy.
B. Reviewing adherence to change management policy.
C. Using a statistical sample to inventory the tape library
D. Reviewing password history reports

Answer 3

Answer: C. Using a statistical sample to inventory the tape library

Explanation:
In any given scenario, substantive testing checks the integrity of contents. A substantive test
confirms the integrity of actual processing. A substantive test would determine if the tape library
records are stated correctly.

Question 4

(4) Major difference between compliance testing and substantive testing is that compliance testing
tests:
A. details, while substantive testing tests controls.
B. controls, while substantive testing tests details.
C. financial statements, while substantive testing tests items in trial balance.
D. internal requirements, while substantive testing tests internal controls.

Answer 4

Answer: B. controls, while substantive testing tests details

Explanation:
In any given scenario, compliance testing test controls, while substantive testing tests details.
Compliance testing involves determining whether controls exist as designed whereas substantive
testing relates to detailed testing of transactions/procedures.

Question 5

(5) When an IS auditor performs a test to ensure that only active users have access to a critical
system, the IS auditor is performing a:

A. compliance test.
B. substantive test.
C. statistical sample.
D. Judgment Sampling.

Answer 5

Answer: A. compliance test.

Explanation:
In any given scenario, compliance testing checks for the presence of controls whereas substantive
testing checks the integrity of contents. Compliance tests determine if controls are being applied in
accordance with management policies and procedures. In this case, verifying that only active
associates are present provides reasonable assurance that a control is in place and can be relied
upon.

Question 6

(6) IS auditors are MOST likely to reduce substantive test procedure if after compliance test they
conclude that:

A. a substantive test would be too costly.
B. the control environment is poor.
C. inherent risk is low.
D. control risks are within the acceptable limits.

Answer 6

Answer: D. control risks are within the acceptable limits.

Explanation:
In any given scenario, outcome/result of compliance testing will form the basis for planning of
substantive testing. For example, if compliance testing indicates strong internal control, substantive
testing may be waived off or reduced. In case compliance testing indicates weak internal controls
then substantive testing to be more rigorous. The development of substantive tests is often
dependent on the outcome of compliance tests.
In this case, if control risks are within acceptable limits and hence substantive test procedure can be
reduced.

Question 7

(7) Which of the following is a substantive audit test?

A. Verifying that a management check has been performed regularly
B. Observing that user IDs and passwords are required to sign on the computer
C. Reviewing reports listing short shipments of goods received
D. Reviewing an aged trial balance of accounts receivable

Answer 7

Answer: D. Reviewing an aged trial balance of accounts receivable

Explanation:
In compliance testing we gather evidence with the objective of testing an organization’s compliance
with control procedures. In substantive testing, we gather evidence to evaluate the integrity of data,
a transaction or other information. Compliance testing checks for the presence of controls whereas substantive testing checks the integrity of contents. A review of accounts receivable will provide
evidence of the validity and propriety of the financial statement balance. Choices A, B and C are
compliance tests to determine that policies and procedures are being followed

Question 8

(8) The objective of compliance tests is to ensure:

A. controls are implemented as prescribed.
B. documentation is complete.
C. access to users is provided as specified.
D. data validation procedures are provided.

Answer 8

Answer: A. controls are implemented as prescribed.

Explanation:
Compliance tests are performed primarily to verify whether controls are implemented and effective.

Question 9

(9) An IS auditor is using a statistical sample to inventory the tape library. What type of test would
this be considered?

A. Substantive
B. Compliance
C. Integrated
D. Continuous audit

Answer 9

Answer: A. Substantive

Explanation:
Using a statistical sample to inventory the tape library is an example of a substantive test.

Question 10

(10) Which of the following tests is an IS auditor performing when a sample of programs is selected
to determine if the source and object versions are the same?

A. A substantive test of program library controls
B. A compliance test of program library controls
C. A compliance test of the program compiler controls
D. A substantive test of the program compiler controls

Answer 10

Answer: B. A compliance test of program library controls

Explanation:
A compliance test determines if controls are operating as designed and are being applied in a
manner that complies with management policies and procedures. For example, if the IS auditor is
concerned whether program library controls are working properly, the IS auditor might select a
sample of programs to determine if the source and object versions are the same. In other words, the
broad objective of any compliance test is to provide auditors with reasonable assurance that a
particular control on which the auditor plans to rely is operating as the auditor perceived it in the
preliminary evaluation.

Question 11

(11) Evidence gathering to evaluate the integrity of individual transactions, data or other information is typical of which of the following?

A. Substantive testing
B. Compliance testing
C. Detection testing
D. Control testing

Answer 11

Answer: A. Substantive testing

Explanation:
Evidence gathering to evaluate the integrity of individual transactions, data or other information is
called substantive testing whereas evidence gathering for the purpose of testing an organization’s
compliance with control procedures is called compliance testing.