Utilizing Flowcharts In IT Audits Of Vital Purposes

A flowchart can be extremely helpful in auditing vital enterprise applications and programs this sort of as organization source preparing systems (ERP) and provider oriented architecture (SOA) methods. As IT auditors we are anxious with acquiring a obvious understanding of the hazards and controls in the engineering below evaluation. Flowcharts aid an precise evaluation of an IT atmosphere.

According to Wikipedia, the simple definition of a flowchart is a variety of diagram that represents an algorithm or method that shows info and its movement normally with arrows. The use of flowcharts is common in many fields for evaluation, style, documentation and method administration.

Flowcharts are most beneficial to visually exhibit company procedures and the supporting technologies. Auditors can concentrate on distinct facets of data flows and infrastructure in these diagrams based on the evaluation of dangers and controls.

Functions that can be captured in a flowchart contain data inputs from a file or database, selection points, logical processing and output to a file or report. Dangers and controls in a enterprise process can be documented visually and analyzed.

Four fundamental designs are commonly used to produce flowcharts. A square is utilized for a approach (e.g. add, substitute, conserve). A sq. with a wavy foundation is employed for a doc. A diamond is employed for a determination point (e.g. sure/no, accurate/false). A sideways cylinder is employed for knowledge storage (e.g. database). These traditional styles had been originally established by IBM and other pioneers of information technology.

Additional designs include circles, ovals and rounded rectangles for the commence and end of a company process. Arrows show 'flow control' among a source symbol and a concentrate on image. A parallelogram represents input and output e.g. knowledge entry from a type, exhibit to user.

In creating flowcharts, there are some simple policies to follow. Start off and end points should be obviously defined. The level of depth documented in the flowchart should be suitable to the subject matter matter lined. The creator of the flowchart must have a distinct comprehending of the procedure and the intended audience must be ready to comply with the flowchart simply.

Our group of IT auditors, employs Microsoft Visio extensively to produce flowcharts and to assess business procedures. A flowchart is usually developed with vertical columns symbolizing distinct departments or phases that are element of an total company approach. Interfaces between departments can be proven whether or not automated or guide connections that facilitate the company approach.

Flowcharts can clarify the controls on knowledge inputs, processing and outputs. Input controls could consist of edit and validation checks. Processing controls can be in the sort of handle totals or milestones. Output controls could consist of mistake examining and reconciliations. Such a representation on a flowchart permits an auditor to recognize locations within a organization process with weak or non-existent controls.

An illustration of engineering that can be comprehended by way of flowchart evaluation is company resource organizing application this sort of as Oracle e-Business Suite and SAP. Input controls are established through certain 'rules' to ensure the validity of data. Method controls are applied to high-danger functions, transactions or forms. Output controls consist of studies and reconciliations.

Another case in point of complicated technologies that can be comprehended via flowcharts is support oriented architecture (SOA). This architecture is composed of many net and application factors that are built-in to hook up provider companies with provider consumers. 'Web services' help particular business procedures. Each of these internet companies will normally have controls on information inputs, processing and output. The flowchart is essential to comprehend this kind of web companies and their integration in a broader surroundings normally by means of an Company Support Bus (ESB).

In summary, a flowchart can be used by IT auditors to analyze a organization procedure. Diverse elements of the procedure can be emphasized such as pitfalls, controls, interfaces, determination points, technology infrastructure and parts. flowchart maker of a picture is equivalent to a thousand words is precise. A flowchart can capture essential points that verbiage and textual content are not able to easily match. We inspire the IT audit, threat and management communities to use this powerful device in performing their respective capabilities.