Utilizing Flowcharts Inside IT Exam Associated with Critical Applications
March 27, 2020
A flowchart can be extremely valuable in auditing essential organization programs and programs these kinds of as enterprise useful resource preparing systems (ERP) and support oriented architecture (SOA) methods. As IT auditors we are concerned with receiving a obvious understanding of the risks and controls in the technologies underneath assessment. Flowcharts facilitate an precise evaluation of an IT environment.
According to Wikipedia, the simple definition of a flowchart is a kind of diagram that represents an algorithm or procedure that demonstrates information and its motion usually with arrows. The use of flowcharts is widespread in several fields for evaluation, design and style, documentation and process management.
Flowcharts are most valuable to visually screen company processes and the supporting technology. Auditors can concentrate on diverse elements of information flows and infrastructure in these diagrams dependent on the assessment of hazards and controls.
Activities that can be captured in a flowchart incorporate info inputs from a file or database, determination factors, reasonable processing and output to a file or report. Risks and controls in a company approach can be documented visually and analyzed.
4 standard shapes are commonly used to create flowcharts. A square is utilized for a process (e.g. insert, exchange, save). A sq. with a wavy foundation is employed for a document. A diamond is used for a determination stage (e.g. yes/no, true/fake). A sideways cylinder is utilised for information storage (e.g. database). These conventional shapes ended up initially proven by IBM and other pioneers of information technologies.
Additional shapes include circles, ovals and rounded rectangles for the commence and end of a company procedure. Arrows show ‘flow control’ amongst a supply image and a goal symbol. A parallelogram represents enter and output e.g. info entry from a form, show to person.
In generating flowcharts, there are some basic rules to follow. Start and stop factors ought to be obviously described. The amount of element documented in the flowchart should be appropriate to the subject matter coated. The creator of the flowchart need to have a clear comprehension of the method and the intended audience need to be able to comply with the flowchart very easily.
Our crew of IT auditors, utilizes Microsoft Visio extensively to generate flowcharts and to examine enterprise procedures. A flowchart is generally created with vertical columns symbolizing distinct departments or phases that are component of an overall company procedure. Interfaces among departments can be demonstrated whether or not automated or guide connections that facilitate the organization process.
Flowcharts can explain the controls on data inputs, processing and outputs. Input controls may possibly contain edit and validation checks. Processing controls can be in the kind of control totals or milestones. Output controls may consist of error checking and reconciliations. This sort of a representation on a flowchart permits an auditor to determine locations inside of a organization process with weak or non-existent controls.
An case in point of technological innovation that can be understood by way of flowchart examination is enterprise source arranging software this sort of as Oracle e-Organization Suite and SAP. Input controls are established by way of distinct ‘rules’ to guarantee the validity of knowledge. Procedure controls are applied to substantial-chance features, transactions or kinds. Output controls consist of reviews and reconciliations.
An additional illustration of complex technological innovation that can be understood by way of flowcharts is services oriented architecture (SOA). This architecture is made up of many world wide web and software program elements that are built-in to connect services suppliers with service consumers. ‘Web services’ assist certain business procedures. Every of these world wide web services will typically have controls on info inputs, processing and output. The flowchart is important to recognize such world wide web solutions and their integration in a broader environment typically by means of an Company Services Bus (ESB).
In conclusion, a flowchart can be used by IT auditors to examine a business approach. Distinct factors of the method can be emphasized these kinds of as risks, controls, interfaces, decision details, technologies infrastructure and factors. The famous expression of a photograph is equivalent to a thousand words is exact. A flowchart can seize vital factors that verbiage and text can not easily match. We inspire the IT audit, chance and handle communities to use this potent instrument in carrying out their respective capabilities.