SAINT PAUL SCHOOL OF PROFESSIONAL STUDIES

Campetic, Palo, Leyte, Philippines

An Application Control Review

Application Controls of

In par tial fulfilment of the r equir ements in the course

Auditing in Computer -Based Infor mation S ystem Envir onment
(AUDCIS E)

By :

Obregon, Joan N.
Cotoner, Harry A.
Caldoza, Maribeth L.
Avila, Sheila R.
Abas, Harold C.

8:30AM – 10:00AM
Tuesday, Thursday

October 8, 2018
 GOODS.PH is one of

the fast-growing Online Shopping

website in the Philippines. Its main
objective is to build an effective online
brand and grow their customers base by adapting to the fast growing needs of valuable consumers. Goods.Ph
also makes sure all orders made through the website are secured and safe. It sells groceries, clothing, mobiles,
tablets, computer, appliances, health and beauty, home and living, consumer electronics, books, toys.

⚠ First thing noticed that the company website is not secured and the connection is not private!
Application Control Review

INPUT/EDIT TESTING
REMARKS/EVIDENCES
TECHNIQUES PROCEDURES
 Vali dity T es t The field requires
 N umeric - fo r email address
al phabetic Test in o rder to
register as a new
merchant and a
num ber co de was
entered to it then
it was rejected
with a no te ,
“P lease ensure all
values are in
pr oper format ”

 Compl etenes s The passwo rd

T est entered was a 7 -
 R ange T est charactered
passwo rd o nly
which is no t in
between 8-16
characters, the
range o f length o f
passwo rd
required . That’s
why it was
rejected and the
field give a note.

Also a note abov e

po p-up requiring
to fill in all the
required fields
with a v alid v alue.
 Duplic ate T es t The sim ulated
 Compl etenes s sho p nam e
T est “ Yakisoba” was
already input
prev io usly. When
it was entered Yakisoba
again, it was
rejected and with
a note that, “ The
Sho p Nam e
already exist .”
This is to ensure
that there is no
duplicatio n of
transactio ns.

 Reasonabl eness Entered a

T est negativ e two
 Range T est quantity o f bags
in the field but no
note o r warning
po p up. Instead
the quantity
autom atically set
to quantity o f one
bag, which is
actually
reaso nable least
num ber of
o rde rs. The
allo wed o rder
sho uld be from 1
to the num ber o f
sto cks av ailable

The erro r was no t

reco gnized by the
website instead
such o rder was
autom atically
added to the
sho pping cart o f
the acco unt user .
 T abl e l ookups The search field
fo r brands is
where to input
the brand nam e
but the com pany
has already the
lists of brand
names. The code
entered m ust
correspo nd with
the website
system lists o f
brands that
m atches the code
entered.

 Vali dity T es t The su bscribe

 N umeric - field never
al phabetic Test mentio n what
kind o f co de to
enter. Try ing to
put num ber 123 45
then click
subscribe, a note
po p up saying,
“ email format
err or” . Hence the
field is asking fo r
an em ail input.
 Sequenc e T est A test was
 Existenc e T es t co nducted to the
 N umeric - field – Track My
al phabetic Test Order. It is asking
fo r an Order ID
num ber instead,
the word “ abas”
was entered to
test if the field
wo uld reject o r
reco gnize the
erro r. Howev er it
nev er rejected the
co de entered and
no note po p up
giv ing a warning
fo r the erro r
fo rmat.

But it pro cessed

the input and giv e
a result that ther e
is no or der
associated to your
email address and
the or der ID
number .

 Logic al - The yellow -

r el ati onshi p colo ured field is
T est fo r the tim e
 Range T est required fo r the
 Limi t Test wareho use o pen
fo r pick up o f
goo ds . A
sim ulated tim e 13
AM was entered
to test the field.
However, it never
detected the erro r
m ade because
there is no such
tim e as 13 AM
instead it
processed the
input and
proceeded to the
next step.