A flowchart can be really beneficial in auditing vital company programs and programs these kinds of as business resource arranging techniques (ERP) and services oriented architecture (SOA) programs. As IT auditors we are worried with acquiring a distinct understanding of the dangers and controls in the technology beneath overview. Flowcharts aid an correct evaluation of an IT environment.
In accordance to Wikipedia, the basic definition of a flowchart is a sort of diagram that represents an algorithm or process that demonstrates information and its motion normally with arrows. The use of flowcharts is frequent in numerous fields for analysis, design and style, documentation and approach management.
Flowcharts are most valuable to visually display company processes and the supporting technology. Auditors can concentrate on distinct elements of information flows and infrastructure in these diagrams based on the evaluation of pitfalls and controls.
Functions that can be captured in a flowchart contain data inputs from a file or databases, selection factors, reasonable processing and output to a file or report. Risks and controls in a business process can be documented visually and analyzed.
4 standard shapes are generally utilised to produce flowcharts. A square is utilized for a method (e.g. add, exchange, save). A square with a wavy base is employed for a document. A diamond is used for a determination stage (e.g. of course/no, accurate/false). A sideways cylinder is used for data storage (e.g. database). These traditional shapes had been at first established by IBM and other pioneers of info technological innovation.
Added designs include circles, ovals and rounded rectangles for the start off and stop of a company procedure. Arrows present ‘flow control’ amongst a resource symbol and a concentrate on image. A parallelogram represents enter and output e.g. information entry from a form, show to person.
In generating flowcharts, there are some simple guidelines to comply with. Commence and conclude details must be obviously outlined. The amount of detail documented in the flowchart should be appropriate to the subject matter subject protected. The creator of the flowchart must have a clear knowing of the process and the meant audience need to be able to follow the flowchart very easily.
Our crew of IT auditors, makes use of Microsoft Visio thoroughly to develop flowcharts and to assess organization processes. A flowchart is typically created with vertical columns representing various departments or phases that are component of an all round business process. Interfaces in between departments can be demonstrated regardless of whether automatic or guide connections that facilitate the enterprise procedure.
Flowcharts can explain the controls on info inputs, processing and outputs. Enter controls may possibly incorporate edit and validation checks. Processing controls can be in the form of control totals or milestones. Output controls may consist of mistake checking and reconciliations. Such a representation on a flowchart allows an auditor to recognize areas in a company approach with weak or non-existent controls.
An instance of technology that can be understood through flowchart investigation is company source planning application this kind of as Oracle e-Business Suite and SAP. zen flowchart are set via particular ‘rules’ to ensure the validity of data. Approach controls are applied to higher-danger functions, transactions or types. Output controls consist of studies and reconciliations.
Yet another example of sophisticated technology that can be comprehended by means of flowcharts is service oriented architecture (SOA). This architecture is made up of several web and computer software parts that are integrated to connect services providers with services buyers. ‘Web services’ help distinct enterprise procedures. Each of these internet services will usually have controls on information inputs, processing and output. The flowchart is crucial to recognize such internet providers and their integration in a broader environment normally through an Enterprise Service Bus (ESB).
In summary, a flowchart can be employed by IT auditors to examine a company process. Distinct facets of the procedure can be emphasised such as hazards, controls, interfaces, selection factors, technologies infrastructure and components. The well-known expression of a picture is equal to a thousand terms is precise. A flowchart can seize crucial factors that verbiage and textual content cannot very easily match. We encourage the IT audit, risk and control communities to use this potent resource in doing their respective capabilities.