MGT422 WEEK 7

The developers of the software are also the testers.

Self-review threat.
The developers and testers should be conducted by separate people.
Potential of error/fraud/unauthorized changes/the system does not work as intended.

All environments should be segregated. Production/testing environment should be separated.

Application controls are near the top in the diagram. The bottom is the IT infrastructure which is tested
through general controls.

Compliance= in line with your own business policies/company standards. Alicia Is not allowed to process
a transaction over $5000. So control will stop her from processing over $5000.

If we perform ITGC testing controls throughout the year. So if an application control change occurs and
our result from ITGC is positive we wont need test of application control.

Programmed controls= standardizes what youre doing and minimizes the probability of human error.

Control total is typical batch total=Transaction checked in A and then rechecked in B.

Hash total= has no significance.

Table lookup= e.g. when u go to the doctor.

Test data= test invalid number to check if it picks up.

In the last two you arent explicity testing if the system will reject over $5000 because Alicia might not
have entered info over $5000.

Test processing control using same testing used on input controls.

MCQ 1=D

MMQ2=

Random testing only occurs when a human. Computers can check everything.

s (Why does the company have it?) (What are you trying to
test?) ( How would you test it?)

Control Description Control Objective Test Objective Te

1. A new customer must be set up in To ensure only registered Ensure the new W
Dracknet by the Sales team prior to any customers are being customer is set up in tra
services being activated. offered services through Dracknet cu
Dracknet. Ensure no services are Se
rendered until new cu
customer is set up re
2. The Customer Delivery team captures To ensure the data is To ensure segregation Ob
new service orders. This activity is accurately and of duties exist: Ensure Re
segregated from the customer setup. completely processed into customers that W
the system. delivery cannot set up Le
Restricted access is customer, and persons De
granted to appropriate who set up customer se
persons can not capture new
To ensure the occurrence service order
of the service orders
Only Valid customers
obtain service

3. Certain input fields, such as Start Make sure system -Try proce
Date, End Date are mandatory before -To ensure the data is recognized will stop you from inputting s
a customer order may be completed is completely entering unreasonable
- data

4. There are reasonableness checks on To ensure that the Ensure the Re

data input to ensure that information inputted information is information is tra
required is accurate. accurate and inputting accurate and complete ha
process is free from Try to put valid data an
human error to test the system to th
see it is accurate or fre
not Tr
un
in

5. An account can only be billed once the To ensure only customers Re

service is active in Dragnet. who have access to the To ensure the system to
service are being billed not allowed to bill Sa
inaccurate customers to
M
ve
Te
cu

6. The system automatically identifies To ensure amount and All correct accounts Ba
accounts which are due to be billed that date are accurate and are identified and no -d
day and the amount to be billed. billed to right customer accounts were am
omitted. in
Accounts are not Us
 billed on an incorrect re
date Tr
sy
th
th
th

7. Every overdue customer (>60 days) is To ensure that youre not Pu

suspended in Dracknet if they fail to pay. continuing to provide cu
services to individuals an
who fail to pay past the su
60 day period To ensure the system W
suspend customers ov
who are overdue da
se
su
Activate s
who is ove

8. A suspension list of overdue A/R is To ensure the system identifies Make sure that suspension list Trace tran
produced from Dracknet, which is bad customers- accuracy of is completely and accurately ensure it e
delivered to the collections manager for suspension list delivered and received by list
appropriate follow-up action. To ensure accounts are manager in a timely manner
collectable. Run CAAT
suspension

Manageme
collections
necessary

Compariso
after trans

Compare n
names on

9. The Senior Account Officer is the only Ensuring that credit Detect credit entries Tr
person who has authorization to enter memos are only made in the system by m
credit memos in the system and therefore authorized by the unauthorized sy
authorizes all credit memos. appropriate level of individuals. th
management, and that not Only the senior Ac
everyone can enter account officer can
information in the process the credit
system. Prevent memos
inaccurate or fraudulent
information is entered.
10. A sales and accounts report exported The objective is to ensure Ensure that data Ch
from Dracknet is downloaded into Excel the completeness, transferred if Ve
as is a report exported from Dynamic, accuracy, and existence complete and tra
and the two sets of data are reconciled of the sales and account accurate. Re
automatically. Each month the reports between data Re
accounting manager reviews this report transfers from Dracknet Tr
to ensure that accurate and complete to Dynamic..
data has been transferred from Dracknet
to Dynamic