Where is xidax located

Introduction

As accountants, auditors, and other finance professionals with an interest in protecting a business from fraud and error, it’s important to review the general computer and application controls for software development used through a company’s business operations. These systems are built by humans and are therefore susceptible to the same fallacies as manual processes, resulting in the same controls needs. An in-house programmer, contracted 3rd party, accounting employee, or any other person affecting the software development process and/or providing input has an opportunity to incorrectly enter or intentionally mishandle information or commit fraud. With opportunity, motive, and rationalization they are likely to do so if controls surrounding these processes aren’t properly established.

Analysis of GCC and Application Controls of Xidax, LLC

Xidax, LLC, an online gaming computer retailer located at http://www.xidax.com is at high risk to lose thousands of dollars per transaction if their general computer and application controls are corrupted by any of the aforementioned errors, or deliberate fraud, within their online marketplace. Walking through a typical transaction yields insight into this process and results in recommendations for improvement that one might suggest to management. Comment by Vieve Gillette: INSTRUCTION NOTE: Analyze the general computer controls (GCC) and application controls of an E-commerce website that you use frequently or are otherwise familiar with.

To start a transaction for a Xidax desktop, the item for ‘desktops’ is selected from the product menu (Exhibit 1), the ability to customize expensive personal desktop machines are then presented on-screen with the starting price, up to $3,353 (Exhibit 2). Comment by Vieve Gillette: INSTRUCTIONS NOTE: Attempt to complete a transaction, or transactions, through the website, taking screenshots of the transaction progress. Proceed with the transaction(s) as far as you would like through the purchase process using either real information (black out personal information on the screenshot when turning in the assignment) or fictitious information.

During the customization process of the gaming system, the customer is brought through a series of inventory items that are available for purchase. In this process, numerous controls are executed that impact the validity of the information recorded to the general ledger and sub ledgers from this transaction. The first ledger that is directly impacted by this customization process is inventory. During this transaction process, the customer is brought through a series of steps selecting the parts to build their dream gaming device. The parts information is drawn from a database of inventory files containing the prices, SKUs, descriptions, and quantity - which, when quantity is one or higher, displays to the customer as an available product for the customized build. When no part is available, the customization steps shows ‘none’ available (Exhibit 3). It’s likely that this part was sold out and retired due to the reality that the technology of computers is changing on a regular basis. Newer, better computer hardware components are sought out by avid gamers and the company would want to announce any new parts through this customization process. In the case of a pre-released item, the inventory is not yet available, but the customer has the option to purchase if they want their machine built with this part as soon as it arrives in stock (Exhibit 4). The notification of the preordered item on the front-end is to set expectations for customers.This is an example of the quality testing that was done during the SLDC to ensure that the database is accurately reflecting and presenting items only in stock. The assumption by an outsider is also that the receiving and warehouse managers are keeping inventory counts accurate and up to date, since inventory displays, and therefore sales, depend upon that accuracy.

On the other hand, a flaw was discovered during this process within the pricing. When presented with the option of selecting the ‘Reservoir 1 - Strand 1’ color, the option ‘none’ is free and any color is an upgrade of $150. After selecting none and proceeding to the next step to select ‘Reservoir 2 - Strand 2’ the ‘none’ option is free and all colored options state ‘same price’ (Exhibit 5a & 5b).

During this second step, if the customer selects a color after selecting ‘none’ in step one, they receive their second color choice for free. A savvy computer shopper would understand that Xidax was trying to set their pricing to state that if you choose a color option for the Strand 1 of the Reservoir at $150, you would get the choice of the second color included in that $150. It is a two for one deal, considering you are required to have the two strands, they are just giving you the option of coloring them differently.This is supposed to be available only if you pay for colored strands as a packaged deal. If you made no color selection, then you shouldn’t get the option to pay the same cost as the first strand, ‘free’, unless it is also of no color. This is a broken mathematical control on the pricing for the e-commerce site. This is likely an error on part of an employee, but results in the opportunity for fraud by the customer. Therefore the recommendation here would be to implement controls surrounding the development, programming, production and validation of pricing inputs. Any one of these areas could have resulted in this flaw costing the company $75 for each computer built to these specification.