An IS auditor is reviewing access to an application to determine whether the 10 most recent “new
user” forms were correctly authorized. This is an example of:
A.
variable sampling.
B.
substantive testing.
C.
compliance testing.
D.
stop-or-go sampling.
Explanation:
Compliance testing determines whether controls are being applied in compliance with policy. This
includes tests to determine whether new accounts were appropriately authorized. Variable sampling
is used to estimate numerical values, such as dollar values. Substantive testing substantiates the
integrity of actual processing, such as balances on financial statements. The development of
substantive tests is often dependent on the outcome of compliance tests. If compliance tests
indicate that there are adequate internal controls, then substantive tests can be minimized. Stop-orgo sampling allows a test to be stopped as early as possible and is not appropriate for checking
whether procedures have been followed.