Risk Assessments

Is it accurate to say ISO 27001 does not test the operating effectiveness of the controls in place. How factual is this and are there any resources that agree or disagree with this? 

From what I know, it does test the operating effectiveness. Check these links for more information – https://schneiderdowns.com/iso-27001-compliance-assessment/ and https://www.isms.online/iso-27001/whats-involved-in-an-audit/

In summary - While the initial audit (Stage 1) focuses on reviewing documentation, the subsequent Stage 2 audit includes tests to ensure controls are implemented and operating effectively to meet the ISMS requirements.

Think of ISO 27001 as a framework, similar to NIST. ISO 27001 provides information security management standards and controls and ISO 27002 provides detailed guidance on various ways to implement and meet the information security standards defined within ISO 27001. An organization can claim that it has controls in place to meet the requirements of ISO 27001. That is not the same as being certified against ISO 27001. An independent auditor can perform testing against ISO 27001, resulting in certification. The type of audit performed will determine whether the effectiveness of controls over time is tested, or whether the audit is only to validate that controls are appropriately designed to meet ISO 27001.