A flowchart can be extremely beneficial in auditing critical enterprise purposes and methods these kinds of as organization resource arranging systems (ERP) and support oriented architecture (SOA) methods. As IT auditors we are worried with obtaining a very clear understanding of the dangers and controls in the technology beneath assessment. Flowcharts aid an correct evaluation of an IT surroundings.
According to Wikipedia, the fundamental definition of a flowchart is a kind of diagram that signifies an algorithm or procedure that exhibits information and its motion generally with arrows. The use of flowcharts is widespread in several fields for investigation, design, documentation and approach management.
Flowcharts are most beneficial to visually screen enterprise processes and the supporting engineering. Auditors can focus on various factors of information flows and infrastructure in these diagrams depending on the evaluation of hazards and controls.
Events that can be captured in a flowchart include data inputs from a file or database, determination factors, logical processing and output to a file or report. Pitfalls and controls in a enterprise procedure can be documented visually and analyzed.
Four simple styles are frequently utilised to develop flowcharts. A square is utilised for a procedure (e.g. add, substitute, conserve). A square with a wavy base is utilized for a document. A diamond is utilized for a selection point (e.g. sure/no, correct/untrue). A sideways cylinder is utilised for info storage (e.g. databases). These conventional designs have been originally recognized by IBM and other pioneers of info engineering.
Extra styles contain circles, ovals and rounded rectangles for the start off and stop of a organization procedure. Arrows demonstrate ‘flow control’ amongst a supply image and a target symbol. A parallelogram signifies enter and output e.g. knowledge entry from a kind, display to person.
In creating flowcharts, there are some basic principles to adhere to. Start off and stop details must be evidently defined. The stage of element documented in the flowchart need to be appropriate to the subject matter make a difference protected. The creator of the flowchart should have a obvious comprehending of the method and the meant viewers need to be able to adhere to the flowchart very easily.
Our group of IT auditors, utilizes Microsoft Visio thoroughly to develop flowchart s and to analyze company processes. A flowchart is usually created with vertical columns symbolizing different departments or phases that are portion of an overall business procedure. Interfaces amongst departments can be revealed whether or not automated or handbook connections that aid the organization method.
Flowcharts can make clear the controls on information inputs, processing and outputs. Enter controls may include edit and validation checks. Processing controls can be in the type of control totals or milestones. Output controls might consist of error examining and reconciliations. These kinds of a representation on a flowchart permits an auditor to discover regions inside of a company process with weak or non-existent controls.
An illustration of technology that can be recognized via flowchart evaluation is company source arranging software program this kind of as Oracle e-Organization Suite and SAP. Enter controls are established by way of certain ‘rules’ to make certain the validity of info. Process controls are applied to large-risk capabilities, transactions or types. Output controls consist of stories and reconciliations.
An additional instance of complex technological innovation that can be comprehended by way of flowcharts is services oriented architecture (SOA). This architecture is composed of numerous net and computer software elements that are integrated to hook up support vendors with support consumers. ‘Web services’ help specific enterprise processes. Each of these world wide web companies will generally have controls on info inputs, processing and output. The flowchart is crucial to understand this sort of web services and their integration in a broader setting generally through an Organization Provider Bus (ESB).
In summary, a flowchart can be utilised by IT auditors to assess a enterprise procedure. Diverse aspects of the process can be emphasized this sort of as dangers, controls, interfaces, determination details, technological innovation infrastructure and elements. The well-known expression of a image is equivalent to a thousand phrases is exact. A flowchart can capture vital points that verbiage and textual content can’t easily match. We stimulate the IT audit, danger and management communities to use this potent device in performing their respective features.