Conducting Audit Evidence Testing

As stated earlier, the basic test methods used will be either compliance testing or substantive testing. It’s important that audit samples appropriate for the test method selected by the auditor have been collected.

Compliance Testing

Compliance testing tests for the presence or absence of something. Compliance testing includes verifying that policies and procedures have been put in place, and checking that user access rights, program change control procedures, and system audit logs have been activated. An example of a compliance test is comparing the list of persons with physical access to the data center against the HR list of current employees.

Compliance testing is based on one of the following types of audit ...

Get CISA® Certified Information Systems Auditor®: Study Guide, Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.