Using Flowcharts In IT Audit Of Essential Applications

A flowchart can be very beneficial in auditing vital organization purposes and programs such as enterprise useful resource arranging techniques (ERP) and provider oriented architecture (SOA) programs. As IT auditors we are concerned with getting a very clear comprehension of the risks and controls in the technologies under evaluation. Flowcharts facilitate an exact evaluation of an IT setting.

In accordance to Wikipedia, the basic definition of a flowchart is a sort of diagram that signifies an algorithm or procedure that exhibits knowledge and its motion typically with arrows. The use of flowcharts is widespread in numerous fields for evaluation, design and style, documentation and process management.

Flowcharts are most helpful to visually display organization processes and the supporting technologies. Auditors can focus on diverse facets of info flows and infrastructure in these diagrams dependent on the assessment of risks and controls.

Events that can be captured in a flowchart include data inputs from a file or databases, selection factors, sensible processing and output to a file or report. Dangers and controls in a business method can be documented visually and analyzed.

4 simple shapes are frequently utilized to generate flowcharts. A square is employed for a procedure (e.g. include, change, help save). A square with a wavy base is utilised for a document. A diamond is used for a decision level (e.g. sure/no, true/fake). A sideways cylinder is utilized for info storage (e.g. databases). These traditional designs were originally set up by IBM and other pioneers of data engineering.

Added styles contain circles, ovals and rounded rectangles for the begin and finish of a company procedure. Arrows present ‘flow control’ in between a resource image and a target image. A parallelogram signifies input and output e.g. data entry from a kind, show to user.

In generating flowcharts, there are some basic policies to adhere to. Begin and stop factors should be plainly described. The level of detail documented in the flowchart need to be appropriate to the subject matter matter covered. The creator of the flowchart must have a very clear comprehension of the method and the intended audience must be capable to follow the flowchart easily.

Our group of IT auditors, employs Microsoft Visio thoroughly to develop flowcharts and to examine company processes. A flowchart is typically created with vertical columns representing distinct departments or phases that are element of an total business method. Interfaces among departments can be demonstrated no matter whether automated or handbook connections that facilitate the business method.

Flowcharts can make clear the controls on information inputs, processing and outputs. Enter controls could consist of edit and validation checks. Processing controls can be in the type of management totals or milestones. Output controls might consist of mistake checking and reconciliations. This sort of a representation on a flowchart makes it possible for an auditor to recognize regions within a enterprise process with weak or non-existent controls.

An instance of technological innovation that can be recognized via flowchart evaluation is enterprise resource organizing computer software this kind of as Oracle e-Enterprise Suite and SAP. Enter controls are set through certain ‘rules’ to guarantee the validity of data. Process controls are utilized to substantial-danger features, transactions or forms. Output controls consist of studies and reconciliations.

One more example of complex technological innovation that can be recognized by means of flowcharts is support oriented architecture (SOA). This architecture consists of many net and software elements that are integrated to join services suppliers with service buyers. ‘Web services’ help specific organization procedures. Each of these net solutions will usually have controls on information inputs, processing and output. The flowchart is important to realize these kinds of net services and their integration in a broader atmosphere normally through an Company Services Bus (ESB).

In conclusion, a flowchart can be used by IT auditors to analyze a company method. Different factors of the procedure can be emphasized such as risks, controls, interfaces, choice details, technological innovation infrastructure and components. The popular expression of a picture is equivalent to a thousand terms is accurate. A flowchart can seize vital details that verbiage and textual content are not able to very easily match. We encourage the IT audit, risk and handle communities to use this potent tool in performing their respective capabilities.