Compliance testing is the primary method employed to verify stated controls are operating effectively, while substantive testing is the primary method utilized to increase audit assurance. For instance, an IT auditor may reperform compliance testing, documented by an entity’s software quality assurance department, to verify controls are operating effectively. Whereas, an IT auditor may apply substantive testing procedures for recalculating cost allocations to assess if a discovered deficiency is material.
Auditing electronically encoded files can involve compliance testing and substantive testing. Specifically, files can be tested for evidence of compliance with designed controls or the integrity of the data contained therein. Techniques for auditing files are primarily oriented toward substantive testing of details in the selected repositories.
“View Part I of the IT Audit Verification Planning: Resolving Technique Selection series here“