Skip to main content

Auditor testing

Compliance audits rely on structured testing to evaluate whether an organization’s controls are appropriately designed and operating effectively over a defined period. Auditors identify relevant controls, plan and perform audit procedures—such as inquiry, inspection, observation, sampling, and re-performance—to obtain sufficient appropriate evidence. They document procedures performed, the evidence examined, and the results, including any identified exceptions or deficiencies. This work must be methodical, repeatable, and supported by clear audit trails that show what was tested, how it was tested, the population and the sample (if applicable), and the outcomes reached.

The Controls tab on a Hyperproof audit enables auditors to track and share the status of their compliance testing directly within Hyperproof, while keeping the testing documentation separate, which can be exported for use in supplementing working papers or formal audit reports. By providing structured, auditor-only fields for test procedures and conclusions, alongside a client-visible testing status, Hyperproof supports efficient, end-to-end audit workflows. Testing details and conclusions are the auditor's work product and remain confidential, available only to auditors. When other users are logged in to Hyperproof, the Controls tab provides clear insight into progress without exposing sensitive testing details.

Auditor testing workflow

Note

You must be logged in to Hyperproof as an auditor to access all of the auditor testing options.

  1. To test controls during an audit, you must add the controls that need to be tested to the audit requests. When creating an audit, you can import requests with linked controls or manually link the controls. See Creating an audit and importing a request list and Linking controls.

  2. From the Controls tab in the audit, auditors will follow these steps. See Understanding the audit controls tab and Conducting and recording auditor tests on controls.

    1. Update the testing status for a control as you go through the testing process. Testing statuses are visible to all Hyperproof users who are not auditors.

    2. Add general notes about the tests you will conduct for the selected control.

    3. Add audit tests to a control and record the test procedures.

    4. Record the conclusion for each test.

  3. Review the testing status for the list of controls being tested (all audit members). See Understanding the audit controls tab.

  4. Export audit testing documentation. See Exporting auditor tests.

In this section: