Test of controls on something like a takealot app Flashcards
By making use of test data, attempt to override/pass the firewalls for both the SmartCount
system and E-buy’s server and confirm that it does not succeed/pass. This can be done by
IT audit experts. (This is to ensure that people cannot access the system to initiate an
invalid sale)
Enquire from management what controls are in place to ensure there is no unauthorised
access to the E-buy server and SmartCount system and attempt to access the E-buy server
and the SmartCount System by means of test data. (This is to ensure that people cannot
access the system to initiate an invalid sale.)
Inspect the user access to the E-buy server and SmartCount System and confirm that only
authorised users have access on a least privilege basis. (This is to ensure that people cannot
access the system to initiate an invalid sale.)
The following are controls to be tested regarding the passwords of all employees of E-buy,
based specifically on to the scenario in the question (Stephan, Sophia Malala, warehouse
managers, dispatch clerks and dispatch controllers): o Obtain, and inspect, a copy of the
password policy of E-buy to ensure it is in place.
By making use of test data, attempt to test that the password criteria are being met in
accordance with the password policy of the company, for example:
o Use of upper case, lower case, numeric and alpha digits; and
o Passwords are changed after a certain period of time and after a specified time has
passed.
(This is to ensure that people cannot access the system to initiate an invalid sale)
By making use of test data, attempt to create a customer profile without completing the
required fields (first name, surname, email address, retype of email address, password,
retype of password and mobile number) (a mandatory field test) and confirm that it does
not succeed/pass. (This is to ensure a sale is made to a valid customer.)
By making use of test data, attempt to create a customer profile without accepting the
terms and conditions of E-buy and confirm that it does not succeed/pass. (This is to ensure
a sale is made to a valid customer.)
Perform the following mandatory/missing data check by making use of test data:
o Attempt to finalise a sale transaction by leaving the mandatory address field blank and
confirm that it does not succeed/pass; and
Attempt to finalise a sale transaction by not providing credit card details and confirm that
it does not succeed/fail.
By making use of test data, attempt to complete the payment details field by using an
invalid/fictitious/expired credit card and confirm that it does not succeed/pass; and a valid
card to confirm that it does pass.
The credit card details are administered by a third party
site, but this is checked in order to ensure the following:
o If it passes, verify that an invoice is emailed and a dispatch request sent to the
warehouse manager.
o If it does not pass, verify that the transaction is not processed, and that the customer is
notified.
For a sample of invoices agree these to payments received.
By making use of test data, attempt to issue an invoice without an existing dispatch request
(i.e. without completing the online order on the E-buy website/E-mobile).
o Verify that such items are reflected on the exception report.
For a sample of invoices inspect that the sales were placed by a valid customer.
Enquire from Stephan if he receives an exception report for matters where a customer
invoice is issued without a corresponding dispatch request and if he reviews it and how he
follows up on it.
Inspect a sample of mobile dispatch devices and confirm that ‒ o the
devices are in a good working condition;
Inspect where the mobile devices are kept and that this is a secured location
Review the transaction log for any approvals that are not done by Stephan.
Inspect a sample of exception reports where a customer invoice was issued without a
corresponding dispatch request and verify that the appropriate staff member followed up
the discrepancy and noted the reasons for it
Observe the dispatch controller checking the goods against the request, sealing the order if
it is correct and electronically marking it as being ready for collection only if the order is
complete.
Observe a collection the sealed boxes in respect of each dispatch order by a Fast Delivery
driver and that the driver electronically signs the dispatch request on the dispatch
controller’s mobile device as evidence of receipt
Inspect the exception reports for orders that remained unmatched for longer than 24 hours
and determine how the issues were resolved by inspecting the note relating to the
resolution. Confirm that these were unmatched for longer than 24 hours by checking the
time reflected on the report. Confirm that no completed orders are included on the
exception report.
Using test data, confirm the processing of entries in the sales ledger, including the
calculation of VAT and the accuracy of the prices from the master file. This should occur
once the dispatch invoice has been signed by the driver (inspect that the invoice is flagged
as executed).
Recalculate the invoice total by multiplying the number of goods by the sales price per the
masterfile.
By making use of test data, access the SmartCount system and attempt to make changes to
product prices by means of a password from a person who is not a staff member of the
marketing department.
By making use of test data, access the SmartCount system and attempt to approve the
product item price changes suggested by staff of the marketing department by making use
of a fictitious password (to test the access of Sophia Malala.
Inspect the log for product item price changes and confirm that these have been reviewed by
Sophia Malala (electronic signature).
Inspect the log for product item price changes and follow it through to the SmartCount
system and confirm that it agrees to the amount per the log.
Access E-buy’s server and attempt to open the log that deals with prices changes amended
in the SmartCount system and confirm that it does not succeed/pass (encryption test).
