Final answer:
Substantive testing in information systems audit involves examining the integrity and reliability of actual data to ensure accurate record-keeping and effective protection against issues such as data breaches. Auditors may verify whether financial transactions are authorized and recorded correctly, and whether incidents like data breaches are managed in compliance with relevant legislation.
Step-by-step explanation:
Substantive testing in information systems (IS) audit refers to a process where auditors examine the integrity and reliability of actual data in a system. Through this process, auditors can confirm whether financial statements and other records accurately represent an entity's transactions and whether the IS effectively protects against data breaches. To conduct substantive tests, auditors often select specific transactions for detailed examination. For instance, they might test a sample of financial transactions to ensure they have been authorized, completed, and recorded correctly within the system.
An example of substantive testing in an IS audit could relate to verifying the accuracy of the system's record-keeping related to data breach incidents. Consistent with the Personal Data Notification & Protection Act of 2017, a data breach is defined as "a compromise of the security, confidentiality, or integrity of, or the loss of, computerized data that results in... (i) the unauthorized acquisition of sensitive personally identifiable information; or (ii) access to sensitive personally identifiable information that is for an unauthorized purpose or in excess of authorization." Here, an auditor might select incidents of potential data breaches from the incident log and verify that they have been recorded accurately, investigated properly, and that the necessary remedial actions have been implemented.