Interested to Buy Any Domain ? << Click Here >> for more details...
A distinction that can be made between compliance testing
and substantive testing is that compliance testing tests:
A. details, while substantive testing tests procedures.
B. controls, while substantive testing tests details.
C. plans, while substantive testing tests procedures.
D. for regulatory requirements, while substantive testing
tests validations.
- 3 Answers
- 16932 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
Compliance testing involves determining whether controls
exist as designed whereas substantive testing relates to
detailed testing of transactions/procedures. Compliance
testing does not involve testing of plans. Regulatory
requirements are not by themselves tested directly in
compliance testing, but controls in place to ensure
regulatory compliance are checked.
| Is This Answer Correct ? | 27 Yes | 2 No |
Answer / harshil shah
Compliance testing checks whether controls exist to satisfy
the control objectives.
While Substantive testing checks the effectivenesss of
these controls by testing integrity of individual
transactions and information
| Is This Answer Correct ? | 5 Yes | 2 No |
Answer / sivakumar tv
Compliance test is used to check the presence of a process
or control to address a specific risk ( authorization
required for allowing access to the building ) while
Substantive test will give an idea as to how far the
process has been adhered from a sample of transactions from
that process ( how many were provided access without the
required authorization )
| Is This Answer Correct ? | 2 Yes | 1 No |
IS management has recently informed the IS auditor of its decision to disable certain referential integrity controls in the payroll system to provide users with a faster report generator. This will MOST likely increase the risk of: A. data entry by unauthorized users. B. a nonexistent employee being paid. C. an employee receiving an unauthorized raise. D. duplicate data entry by authorized users.
An offsite information processing facility: A. should have the same amount of physical access restrictions as the primary processing site. B. should be easily identified from the outside so that in the event of an emergency it can be easily found. C. should be located in proximity to the originating site so that it can quickly be made operational. D. need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.
When using public key encryption to secure data being transmitted across a network: A. both the key used to encrypt and decrypt the data are public. B. the key used to encrypt is private, but the key used to decrypt the data is public. C. the key used to encrypt is public, but the key used to decrypt the data is private. D. both the key used to encrypt and decrypt the data are private.
An integrated test facility is considered a useful audit tool because it: A. is a cost-efficient approach to auditing application controls. B. enables the financial and IS auditors to integrate their audit tests. C. compares processing output with independently calculated data. D. provides the IS auditor with a tool to analyze a large range of information.
The MOST significant level of effort for business continuity planning (BCP) generally is required during the: A. testing stage. B. evaluation stage. C. maintenance stage. D. early stages of planning.
Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication
Which of the following findings would an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault? A. There are three individuals with a key to enter the area. B. Paper documents also are stored in the offsite vault. C. Data files, which are stored in the vault, are synchronized. D. The offsite vault is located in a separate facility.
Which of the following access control functions is LEAST likely to be performed by a database management system (DBMS) software package? A. User access to field data B. User sign-on at the network level C. User authentication at the program level D. User authentication at the transaction level
Which of the following is the MOST effective type of antivirus software to detect an infected application? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
During which phase of a system development process should an IS auditor first raise the issue of application controls? A. Construction B. System design C. Acceptance testing D. Functional specification
An IS auditor performing an application maintenance audit would review the log of program changes for the: A. authorization for program changes. B. creation date of a current object module. C. number of program changes actually made. D. creation date of a current source program.
An IS auditor is assigned to help design the data security aspects of an application under development. Which of the following provides the MOST reasonable assurance that corporate assets are protected when the application is certified for production? A. A review conducted by the internal auditor B. A review conducted by the assigned IS auditor C. Specifications by the user on the depth and content of the review D. An independent review conducted by another equally experienced IS auditor
Cisco Certifications 
