| Determines controls are being applied that complies with management policies and procedures. | Determines the integrity of actual processing. |
| In compliance testing we gather evidence with the objective of testing an organization's compliance with control procedures | Substantive procedures are tests designed to obtain evidence to ensure the completeness, accuracy and validity of the data. |
| Compliance testing checks for the presence of controls | Substantive testing checks the integrity of contents. |
| Ex: Verification of Assess rights controls, Presence of procedures for Program Change control management, incident management, problem management, review of existing network controls | Review of transactions/numbers/values. Eg: Inventory validation, record matching, balance checks |
| Compliance testing will be performed first | Substantive testing is always performed after compliance testing |
| Compliance testing is independent of Substantive testing | However, the results of compliance testing are used to determine if Substantive testing is required |
| if compliance testing indicates strong internal control, substantive testing may be waived off or reduced | In case compliance testing indicates weak internal controls then substantive testing to be more rigorous |
