CISA Certified Information Systems Auditor – Question0026

Which of the following testing procedure is used by an auditor to check whether a firm is following the rules and regulations applicable to an activity or practice?

A.
Compliance testing
B. Sanity testing
C. Recovery testing
D. Substantive testing

Correct Answer: A

Explanation:

Explanation:
Audit undertaken to confirm whether a firm is following the rules and regulations (prescribed by its internal authority or control system) applicable to an activity or practice.
Compliance testing is basically an audit of a system carried out against a known criterion. A compliance test may come in many different forms dependent on the request received but basically can be broken down into several different types:
Operating Systems and Applications: A verification that an operating system and/or applications are configured appropriately to the companies needs and lockdown requirements, thus providing adequate and robust controls to ensure that the Confidentiality,
Integrity and Availability of the system will not be affected in its normal day to day operation. Systems in development: A verification that the intended system under development meets the configuration and lockdown standards requested by the customer. Management of IT and Enterprise Architecture: A verification that the in-place IT management infrastructure encompassing all aspects of system support has been put in place. This is to ensure effective change control, audit, business continuity and security procedures etc. have been formulated, documented and put in place. Interconnection Policy: A verification that adequate security and business continuity controls governing the connection to other systems, be they Telecommunications, Intranets, Extranets and Internet etc. have been put in place, have been fully documented and correspond to the stated customer requirements.
The following answers are incorrect:
Substantive testing – A procedure used during accounting audits to check for errors in balance sheets and other financial documentation. A substantive test might involve checking a random sample of transactions for errors, comparing account balances to find discrepancies, or analysis and review of procedures used to execute and record transactions.
Sanity testing – Testing to determine if a new software version is performing well enough to accept it for a major testing effort. If application is crashing for initial use, then system is not stable enough for further testing and build or application is assigned to fix.
Recovery testing – Testing how well a system recovers from crashes, hardware failures, or other catastrophic problems.
Reference:
CISA review manual 2014 page number 52 and 53 http://www.wikijob.co.uk/wiki/substantive-testing