The IS auditor performs initial compliance testing before moving on to substantive testing. Let’s now look at the concepts of substantive and compliance testing. This article will help you to understand the differences between substantive and compliance testing.
1. What does compliance testing refer to?
It can also be referred to as conformity testing, assessment.
Compliance testing is the testing of controls
It is the process of testing or other activities to determine if a product, process, or service meets the requirements of a (Whether it’s a complaint or otherwise).
A compliance test is used to determine if controls are being applied in accordance with management policies and procedures.
It is a nonfunctional testing method to verify that the system has been developed in accordance with the organization’s standards.
2. When should you conduct Compliance testing?
Compliance testing is used to verify the effectiveness and existence of a process. It may include a trail or automated evidence to show that authorized modifications have been made to production programs.
3. What are some examples of compliance testing?
Examples of compliance testing include checking/verifying the following:User access rights
Procedures for program change control
Follow-up on exceptions
Software license audits
4. What does Substantive testing refer to?
Substantive testing refers to an audit procedure that examines financial statements and supporting documentation to determine if there are any errors.
Substantive testing is the testing of details in transactions
It is evidence of the integrity and validity of the financial statements’ balances and of the transactions supporting them
These tests are required to prove that financial records of an entity have been properly verified as valid, complete, and accurate.
5. When should you perform Substantive testing
Substantive testing can be performed when it is necessary to evaluate the controls in order to determine the basis for reliance, the nature, scope and timing of substantive test.
The balances are validated by performing analytic review procedures and validating transactions.
Always, substantive testing is done after compliance testing. If compliance testing shows weaker controls, substantive testing can be more stringent. If compliance testing shows that there is more internal control, substantive testing can be waived.
6. What are some examples of Substantive Testing?
The examples of substantive testing include check/verification of the following:Performance of a complex calculation (e.g., interest) on a sample of accounts or a sample of transactions to vouch for supporting documentation, etc.
Confirmation of the validity and accuracy of inventory valuation calculations
Confirmation of fixed assets balances using fixed asset records/register
Approval of the dividend was approved by review of the Minutes of Board of Directions.
For bank balance confirmation, obtain bank confirmation
Test of cut-off procedures
7. Correlation between substantive and compliance testing
Now that you are familiar with the concepts of compliance testing and substantive test, let’s look at an example to show how they relate.
Example 1 – Verification Customer Balances in an Organization
The IS auditor will first check with the organization about the billing system. He will also discuss how customers are encouraged and urged to pay on time. Follow-ups on any outstanding balances will be done. The IS auditor will make a decision based on observations and conversations with the organization.