A flowchart can be extremely useful in auditing crucial enterprise applications and systems this sort of as organization source preparing techniques (ERP) and support oriented architecture (SOA) programs. As IT auditors we are involved with receiving a obvious comprehending of the hazards and controls in the technology below review. Flowcharts facilitate an accurate assessment of an IT setting.
According to Wikipedia, the fundamental definition of a flowchart is a kind of diagram that signifies an algorithm or method that exhibits data and its motion normally with arrows. The use of flowchart s is frequent in numerous fields for analysis, style, documentation and process management.
Flowcharts are most helpful to visually show organization procedures and the supporting engineering. Auditors can concentrate on various elements of data flows and infrastructure in these diagrams depending on the assessment of dangers and controls.
Functions that can be captured in a flowchart contain info inputs from a file or database, choice points, sensible processing and output to a file or report. Dangers and controls in a company approach can be documented visually and analyzed.
Four basic designs are frequently utilized to generate flowcharts. A sq. is utilized for a approach (e.g. incorporate, replace, preserve). A sq. with a wavy foundation is utilized for a doc. A diamond is employed for a determination point (e.g. of course/no, true/bogus). A sideways cylinder is used for data storage (e.g. databases). These conventional shapes were originally set up by IBM and other pioneers of information technology.
Additional styles incorporate circles, ovals and rounded rectangles for the start and conclude of a enterprise approach. Arrows present ‘flow control’ between a source image and a concentrate on image. A parallelogram signifies enter and output e.g. knowledge entry from a form, exhibit to user.
In making flowcharts, there are some fundamental rules to comply with. Start off and stop details need to be clearly described. The level of detail documented in the flowchart should be suitable to the topic issue covered. The creator of the flowchart ought to have a clear understanding of the procedure and the meant audience should be able to adhere to the flowchart very easily.
Our staff of IT auditors, uses Microsoft Visio extensively to produce flowcharts and to assess business procedures. A flowchart is usually designed with vertical columns representing diverse departments or phases that are element of an total enterprise procedure. Interfaces amongst departments can be demonstrated whether automatic or guide connections that facilitate the organization method.
Flowcharts can explain the controls on info inputs, processing and outputs. Input controls could include edit and validation checks. Processing controls can be in the type of management totals or milestones. Output controls could consist of mistake examining and reconciliations. This sort of a representation on a flowchart permits an auditor to identify places in a organization method with weak or non-existent controls.
An illustration of technology that can be comprehended by means of flowchart evaluation is enterprise resource organizing software program such as Oracle e-Enterprise Suite and SAP. Input controls are established by means of certain ‘rules’ to make sure the validity of knowledge. Approach controls are used to large-threat capabilities, transactions or varieties. Output controls consist of studies and reconciliations.
Another case in point of complex technologies that can be comprehended by way of flowcharts is provider oriented architecture (SOA). This architecture is made up of a lot of net and computer software parts that are built-in to link support vendors with service customers. ‘Web services’ assistance particular enterprise processes. Each and every of these world wide web solutions will generally have controls on data inputs, processing and output. The flowchart is essential to realize this kind of world wide web solutions and their integration in a broader atmosphere normally via an Enterprise Service Bus (ESB).
In summary, a flowchart can be employed by IT auditors to assess a company process. Various elements of the method can be emphasized these kinds of as hazards, controls, interfaces, choice details, technological innovation infrastructure and parts. The popular expression of a photograph is equivalent to a thousand words is exact. A flowchart can seize vital points that verbiage and textual content can not very easily match. We motivate the IT audit, chance and control communities to use this potent instrument in doing their respective features.