Control flowcharts illustrate that controls exist in a system and where these they are located in the system. There are basically three purposes of flowcharts for auditing purposes:
1. Comprehensive. The construction of this type of flowchart highlights areas where auditors do not have a thorough understanding of either the system or the controls located in the system.
2. Evaluation. Auditors use control flowcharts to recognize patterns that show control strengths or weaknesses.
3. Communication. Auditors may use control flowcharts to communicate their understanding of the target system and its related controls to other parties
Types of FlowchartsTypes of Flowcharts
There are many different types of flowcharts that can be crafted. There are flowcharts for analysts, designers, engineers, managers, or programmers detailing individual understanding.
Document flowcharts have the purpose of showing existing controls over document-flow through the components of a system. These flowcharts are typified by their vertical structure. The chart is read from left to right and documents the flow of documents through the various business units. An example of document flowchart is shown in Exhibit 1.
The second popular type of flowchart is the data flowchart. This diagram has the purpose of showing the controls governing data flows in the system. Data flowcharts are used primarily to show the channels that data is transmitted through the system rather than how controls flow. It is important to note that data flowcharts are not particularly useful in gaining an understanding of controls placed in the physical or resource level of a system. In other words, data flowcharts do not illustrate controls in prevention of detection of errors (Exhibit 2).
System flowcharts are the third type of illustration showing the controls located at the physical or resource level. System flowcharts show the flow of data to and through the major components of a system such as, data entry, programs, storage media, processors, and communication networks. These types of flowcharts demonstrate how the controls are placed to ensure the correct functioning of the named components (Exhibit 3).
The fourth type of flowchart, the program flowchart, shows the controls placed internally to a program within the system. For example, illustrating the process modules within a program aids the auditor in gaining an understanding of the means by which data integrity is preserved during processing (Exhibit 4).
Taking Care of the Stakeholders
Although this practice is not really part of the collection of evidence, it is relevant. In any audit process, no one likes surprises. Experienced auditors will initiate and foster dialogues with stakeholders during the audit. It is unwise for auditors to play "Gotcha" with audit results, besides most folks lose their sense of humor resulting from this behavior.
Here are a few best practices in the care and feeding of stakeholders:
Keep audit stakeholders briefed during the audit process. Keep them briefed of any serious negative trends or indications of fraud or abuse. Ensure that verbal briefings reflect exactly the same terminology that is going to be found in the audit report. Discrepancies of this nature cast serious doubts on auditor credibility.
Keep the audit manager briefed regularly throughout the audit process.
Reports should not be overly brief nor should they be overly verbose. They should be concise and supported by brief and relevant narratives.
Auditors should feel they have the independence to stray from the audit program, but a logical explanation is necessary if they spend significant time outside the formal program.
0 comments:
Post a Comment