1 / 12

CISA DOMAIN 1

This CISA Certification Training, CISA Exam Training, CISA Online Course is aligned to ISACA helps you to learn how to protect information systems & IS audit processes. Enroll now to become CISA Certified!" />

Download Presentation

CISA DOMAIN 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. www.infosectrain.com Understanding the concepts of Compliance testing and substantive testing

  2. InfosecTrain About Us • InfosecTrain is one of the finest Security and Technology Training and Consulting organization, focusing on a range of IT Security Trainings and Information Security Services. InfosecTrain was established in the year 2016 by a team of experienced and enthusiastic professionals, who have more than 15 years of industry experience. We provide professional training, certification & consulting services related to all areas of Information Technology and Cyber Security.

  3. Understanding the concepts of Compliance testing and substantive testing CISA DOMAIN 1 While performing the audit, the IS auditor initially performs compliance testing and then proceed with substantive testing. Now, let us understand the concepts of compliance testing and substantive testing in detail. After reading through this article, you will be able to understand the differences and the correlation between compliance testing and substantive testing.

  4. 1. What does compliance testing mean? • It can also be called as conformity testing or assessment • Compliance testing deals with the test of controls • It refers to testing or other activities that determine whether a process, product, or service complies with the requirements of a  (Whether it is a complaint or not) • A compliance test determines whether controls are being applied in a manner that complies withmanagement policies and procedures • It is a non-functional testing mechanism to validate whether the system developed meets the organization’s prescribed standards or not. • 2. When to perform Compliance testing? • Compliance testing is performed to test the existence and effectiveness of a defined process, which may include a trail of documentary and/or automated evidence – for example, to provide assurance that only authorized modifications are made to production programs.

  5. 3. What are the examples of compliance testing? • The examples of compliance testing include check/verification of the following: • User Access rights • Program change control procedures • Documentation procedures • Program documentation • Follow-up of exceptions • Review of logs • Software license audits • 4. What does Substantive testing mean? • Substantive testing is an audit procedure that examines the financial statements and supporting documentation to see if they contain errors. • Substantive testing deals with the test of details of the transactions • It provides evidence of the validity and integrity of the balances in the financial statements and the transactions that support these balances • These tests are needed as evidence to support the assertion that the financial records of an entity are complete, valid, and accurate.

  6. 5. When to perform Substantive testing? • Substantive testing is performed where it is required to evaluate the controls to determine the basis of reliance, the nature, scope, and timing of substantive tests. • The balances are verified through validation of balances and transactions and performing analytic review procedures. • Substantive testing is always performed after compliance testing. In cases where compliance testing indicates weaker controls, then substantive testing can be more rigorous. On the other hand, if the results of compliance testing indicate stronger internal control, then the substantive testing can be even waived off. • 6. What are the examples of Substantive testing? • The examples of substantive testing include check/verification of the following: • Performance of a complex calculation (e.g., interest) on a sample of accounts or a sample of transactions to vouch for supporting documentation, etc. • Confirmation on the validity of inventory valuation calculations • Confirmation of fixed asset balances with fixed asset records/register • Review of Minutes of Board of Directions in approving the dividend. • Obtaining Bank confirmation for confirming bank balances • Test of cut-off procedures • 7. Correlation between compliance testing and substantive testing • Now that we are clear on the concepts of compliance and substantive testing let us try to understand the correlation between compliance testing and substantive testing with an example.

  7. At the initial stage, the IS auditor enquires with the organization on the end-to-end process on the purchasing system, the key controls in place. Based on the observations and conversation with the organization on the Purchasing system, the IS auditor will conclude on whether the internal control is strong or weak in the organization. This indicates the test of control, which is compliance testing. Based on the conclusion obtained on compliance testing, the IS auditor obtains evidence on the correctness and accuracy of the balances, like verification of purchase requisition, Purchase orders, Payments made to the suppliers, carrying out analytical procedures, etc. This indicates a test of individual transactions, which is substantive testing. InfosecTrain offers Certified Information Systems Auditor(CISA) instructor-led training. To know more about this course Click Here

  8. ABOUT OUR COMPANY Why Infosec Train Global Learning Partners  Guaranteed to run courses  Certified & Experienced Instructors •  Tailor made trainings Even with a single participant we will run the batch as scheduled, unlike other organizations we do not postpone or cancel the training. We value the busy schedule of working professionals. Flexible modes of Training  We employ certified & experienced instructors and consultants who are on our payroll. No freelancers hence quality training guaranteed. We have world largest Pool of in-house certified trainer under one roof. InfosecTrain offers customizable and comprehensive training packages that address customers learning needs. Here at InfosecTrain we understand that every client requirement is unique and needs different approach when it comes to comprehending and learning. Hence we have several methods of training to suit your needs.

  9. PRICING & DETAILS PRODUCT LIST • Lorem ipsum dolor sit amet, consecteturadipiscingelit. Integer necodio. • Praesent libero. Sedcursus ante dapibus diam. Sed nisi. • Nullaquissem at nibhelementumimperdiet.

  10. ABOUT OUR COMPANY OUR CONTACT InfosecTrain welcomes overseas customers to come and attend training sessions in destination cities across the globe and enjoy their learning experience at the same time. +91-97736-67874 https://www.facebook.com/Infosectrain/ sales@infosectrain.com https://www.linkedin.com/company/infosec-train/ www.infosectrain.com https://www.youtube.com/c/InfosecTrain

More Related