Conducting Audit Evidence Testing
As stated earlier, the basic test methods used will be either compliance testing or substantive testing. It’s important that audit samples appropriate for the test method selected by the auditor have been collected.
Compliance testing tests for the presence or absence of something. Compliance testing includes verifying that policies and procedures have been put in place, and checking that user access rights, program change control procedures, and system audit logs have been activated. An example of a compliance test is comparing the list of persons with physical access to the data center against the HR list of current employees.
Compliance testing is based on one of the following types of audit ...