Anyone here work in internal audit that can provide a perspective on what substantive testing means?

like
Posting as :
works at
You are currently posting as works at

Substantive testing is were you test that the actual result is as expected rather than testing that the control which is designed to ensure the proper results work (controls testing). Substantive testing can still be done on a sample basis. (Using a non financial example) Let’s say that you want to test that all code changes are authorized. A controls based test would be to verify that the code librarian tool wont allow anyone to check code into production without an approval ticket entered by so one other than the developer that modified the code. A substantive test would be to compare code from Q3 to code in Q1, identify changes and then look for approvals for each of those changes.

like

Thanks. Makes sense. Perhaps it's the usage of the word substantive that's confusing everyone. Design assessment sounds more objective

A substantive test is basically testing a process and it’s population in it’s entirety, rather than sampling.

For example, let’s say you are testing the appropriateness of privileged accounts, you could do a substantive test and get evidence that each privileged account is appropriate. Rather than sampling privileged accounts.

like

This is incorrect.

like

Can you give some context? My understanding is that substantive testing would be a way of describing a test, as opposed to an actual type of testing.

like

Say you're reviewing/assessing a business process that is being implemented but isn't yet complete. Does substantive testing apply and/or does it make sense?

Testing accuracy of transactions?

Test attributes.

Making sure numbers match

Wow some pretty off-base answers here. Substantive testing is generally what external auditors do to gain “reasonable assurance” over the accuracy of a recorded account balance. Substantive testing of revenue is the classic example.

From your replies is sounds like you want to test a process that hasn’t been implemented yet? Substantive testing is not a good way to do that since nothing will have been recorded. While external auditors are still required to perform substantive test procedures, internal auditors are not and IA is largely moving away from performing tedious test work like that.

Well, probably because the post lacks some context. But I also like your explanation.

Related Posts

What’s your tax strategy to minimize self employment taxes?

like

Does anyone partner with any 401(k) robo-advisors like Guideline, Vestwell, Human Interest, Ubiquity, etc.? How are they compared to more established 401(k) providers? Pros/cons to any or all?

like

Book recommendations? I’ve been reading atomic habits, and have moved onto Traders guns and money.

like

Best Divorce lawyer in Delaware county. Need recommendations.

like
like

Interested in a manager position at Altman but want to stay in the DC area. Would that be possible?

No one talks about anomaly, how are they? Also interested in how the design team is there too.

like

How’s the John St design dept these days? Is there even one?

like

Been in the strat game for over a decade; I’ve realized that a strong department with clear process that is built on end to end problem solving (with time to think) is when I’m happiest vs this award show / case study grind. What are some agencies you all work or have worked at, that value strategy as a department and not a creative case study farm? Looking to figure out what’s next.

like

How are you all feeling about going into the holiday season while being remote? Missing the company holiday parties, or happy to be able to do your own thing?

When can we find out about individual outcomes from Round Table discussions?

like

So is it just me or do people who have been doing ID for decades generally fall into one of two groups? The first group are cynical people who have been divorced, their kids hate them, etc. then the second group are BS artists who are skilled at avoiding both work and responsibility for anything?

likefunnyhelpful

Just started at the firm a month and half ago and snapshots are already happening soon. How important are they? I’ve had pretty low utilization, so I’m kinda nervous as an experienced hire

like

No offense 🥲

Post Photo
likefunny

Get FUCKED, WestLaw. I only switched windows to draft a paragraph, not to end my session.

Post Photo
likefunny

any fresher opening in HR for my brother. He is post graduate in MBA HR

like

Hi fellow HR's,

I am looking for referral in Google, Can someone help me get referred for open position in new Pune center? I have 3 YOE in IT/Banking ops recruiting, recruitment operations and HR operations.

Thanks in advance!!

like

Hello Everyone,

I am looking for job in finance sector. I am a CA and took a break as appearing for UPSC. But recently I completed my internship from Sutherland Global Services as Credit Research Analyst Intern for 6 months where I was working in Project of Portfolio Management of fixed income asset exposure. Please share if you have any references.

Preferred Location - Mumbai

like

Hi guys! Please help me with 11 likes. I am working as a Product Manager in BFSI and looking for a change in a Fintech. Appreciate your help!!

like

Additional Posts in Risk Assurance

London, Dublin, Luxembourg, Munich. Choose a place to move to from NYC. Fuck H1B.

Hi! I used to work at PwC and currently work at Friedman. I’ve been at Friedman for about a year and a half and I love it! We are hiring at an experienced associate and senior associate level! Cont..

like

I'm a Tech Risk SC, but have an accounting/finance background. I'm doing the FRM now for broader cert experience, is it worth doing CA long term in my area?

I have an interview coming up for internal audit manager. Currently in external audit. When asked about my experience in ERM - what would you say Is transferable skills that I can leverage in my answer?

like

How do you apply design factors to IT Audits. Just overheard someone explain 'level of aggregation' for IT Security policies by describing how many people have access to it. Why is this a thing???

like

What’s it mean if your boss tells you to start looking for a new job? What would be your first step?

like

Any idea on what I industry senior risk analysts are making?

like

If anyone (non EY) wants some referral money, I am looking for a job. Have 1yo in EYs Technology Risk Advisory practice and Gold Standard reviews. Also speak 3 languages but I don't think it matters.

like
like

Is KPMG, EY and PWC considerate about one not wanting to travel and chosing local projects in the IT Assurance practice? Please share your experiences. Thanks!

Is anyone here in KPMG’s CRM Risk practice? If so do you know if they are still hiring??

like

If anyone is looking for a referral as an experienced hire to the PwC DAT (Digital Assurance & Transparency - formerly Risk Assurance) practice let me know and would be happy to refer you. We are actively looking to hire.

like

What makes more money IT Audit or IT GRC?

like

Are the exit opportunities better in Internal Audit/Business Process than IT Audit? All I hear is how awful IT Audit is but don’t hear as much complaining from the business side

like

Does Deloitte and PWC has a dedicated app sec pen-test team? What percent of the time do you travel? Do you guys work from home or need relocation to any place in US?

like

Is anyone here a HITRUST CCSFP? Was the exam hard?

like

Crowe is hiring for quite a few positions across the US (Internal Audit, IT controls and cyber/digital security, Compliance,etc)… I’m a manager and would think some of these niche areas have great opportunity for new folks to excel rather quickly. Great flexibility and mobility policies. I’d be happy to chat if interested and get you directly in touch with the right people internally.

likefunny

Identifying a common process, what does this even mean 😩 please help.

like

I lead our SOC practice for a US mid tier cpa/consulting firm. I've been losing a lot of deals due to lower cost / boutique vendors who are partnered with these SOC automation platforms (Vanta, Laika, etc.). Have any of you used these tools for the audit and what has your experience been like? Thanks

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal