What is the purpose of conducting a compliance test as an IS auditor?

Conducting a compliance test as an IS auditor primarily aims to determine whether the controls that have been established are operating as designed. This involves evaluating whether the controls are functioning effectively and efficiently to mitigate risks and achieve the organization's objectives. By performing these tests, an auditor can gather evidence that demonstrates whether the controls are not only documented but also active and performing their intended purpose.

Establishing that the controls are operating as designed helps ensure that the organization is adhering to applicable regulations, policies, and industry standards, ultimately contributing to the integrity and security of information systems. Compliance testing also identifies any weaknesses or failures in the controls, enabling organizations to address these issues proactively. Through this process, organizations ensure accountability and reliability in their operations, which aligns with the overall goals of information systems auditing.