A flowchart can be incredibly helpful in auditing critical enterprise applications and techniques these kinds of as business source organizing programs (ERP) and provider oriented architecture (SOA) systems. As IT auditors we are involved with getting a distinct comprehension of the risks and controls in the engineering underneath review. Flowcharts aid an correct evaluation of an IT setting.
In accordance to Wikipedia, the simple definition of a flowchart is a sort of diagram that represents an algorithm or method that exhibits information and its motion generally with arrows. The use of flowcharts is widespread in many fields for analysis, layout, documentation and process administration.
Flowcharts are most valuable to visually show enterprise processes and the supporting technological innovation. Auditors can target on various aspects of info flows and infrastructure in these diagrams based on the assessment of pitfalls and controls.
Occasions that can be captured in a flowchart incorporate information inputs from a file or databases, selection details, sensible processing and output to a file or report. Risks and controls in a company approach can be documented visually and analyzed.
4 standard styles are generally employed to generate flowchart s. A sq. is utilized for a procedure (e.g. include, exchange, conserve). A square with a wavy base is used for a doc. A diamond is employed for a determination point (e.g. indeed/no, accurate/false). A sideways cylinder is employed for info storage (e.g. database). These classic designs ended up at first established by IBM and other pioneers of data engineering.
Extra designs consist of circles, ovals and rounded rectangles for the start off and stop of a company method. Arrows demonstrate ‘flow control’ amongst a supply symbol and a concentrate on symbol. A parallelogram represents enter and output e.g. information entry from a form, screen to person.
In producing flowcharts, there are some simple rules to comply with. Begin and finish factors should be evidently outlined. The level of element documented in the flowchart should be suitable to the matter make a difference lined. The creator of the flowchart should have a clear comprehending of the process and the meant audience should be capable to follow the flowchart very easily.
Our team of IT auditors, uses Microsoft Visio thoroughly to produce flowcharts and to analyze organization processes. A flowchart is usually made with vertical columns representing diverse departments or phases that are portion of an overall company approach. Interfaces among departments can be shown whether automatic or guide connections that aid the business process.
Flowcharts can clarify the controls on information inputs, processing and outputs. Enter controls may consist of edit and validation checks. Processing controls can be in the sort of control totals or milestones. Output controls may possibly consist of mistake examining and reconciliations. This kind of a illustration on a flowchart permits an auditor to discover areas inside a enterprise approach with weak or non-existent controls.
An example of technological innovation that can be understood via flowchart evaluation is enterprise useful resource arranging software such as Oracle e-Company Suite and SAP. Input controls are set by means of distinct ‘rules’ to ensure the validity of knowledge. Process controls are used to substantial-threat capabilities, transactions or kinds. Output controls consist of reviews and reconciliations.
Another example of complicated technology that can be understood via flowcharts is provider oriented architecture (SOA). This architecture is made up of a lot of world wide web and computer software elements that are integrated to hook up provider vendors with services customers. ‘Web services’ assistance particular enterprise procedures. Every of these web solutions will typically have controls on knowledge inputs, processing and output. The flowchart is important to recognize such web services and their integration in a broader environment generally by means of an Business Service Bus (ESB).
In summary, a flowchart can be utilised by IT auditors to evaluate a company approach. Different factors of the process can be emphasised this sort of as dangers, controls, interfaces, choice points, technological innovation infrastructure and factors. The well-known expression of a photo is equivalent to a thousand terms is exact. A flowchart can seize vital details that verbiage and text can’t very easily match. We stimulate the IT audit, danger and management communities to use this powerful instrument in executing their respective capabilities.