Previous | Table of Contents | Next |
The IT auditor may develop workflow diagrams in a variety of situations, but it is likely that the majority of these situations will be either to document an existing or proposed system or to describe a new or alternative process that will be recommended as an available alternative to the audit customer. The workflow diagram can be used as a tool to document existing or proposed systems.
The IT auditor can use the following steps as an effective means for developing a workflow diagram.
Exhibit 31-6. Audit Process Done with Limited Set of Shapes
Exhibit 31-7. Audit Process Done with Limited Set of Shapes
Exhibit 31-8. Audit Planning Activities
Exhibit 31-9. Workflow Diagram with Narrative Text
The IT auditor should endeavor to set standards or minimum requirements for workflow diagramming within the audit department to ensure that any developed diagram can be effectively used in the future. Therefore, the IT auditor is likely to select one of the automated tools available to support the diagramming activity.
Selecting Diagramming Software. The IT auditor has many alternatives for providing automated support to the diagramming activity. These alternatives can be separated into three general types: presentation and drawing software; technical diagramming programs for engineers and system developers; and specialty products developed for anyone needing to prepare workflow, process, TQM, or other diagrams. The IT auditor should consider these questions when evaluating diagramming software alternatives:
Presentation and Drawing Software Used for Diagramming
This software is commonly one of the components of the application suites that combine word processing, spreadsheet, database, and other functionality into one, coordinated application set. Examples of this software include Microsoft Powerpoint, Lotus Freelance, and Harvard Graphics. These applications have been oriented toward general-purpose use, although the increasing using of diagramming in the workplace is leading more software developers to include improved diagramming capabilities in their software. The evaluation of this application category is shown below.
Creating the Initial Diagram with Presentation and Drawing Software. The IT auditor should find that the process for creating a new workflow diagram is relatively simple. This process begins when the IT auditor selects and creates the appropriate shape or shapes, continues with the addition of appropriate text either as the shapes are being created or at the same time when all of the initial shapes have been diagrammed, and effectively concludes as connectors and process flow lines are added. Then, the completed workflow diagram is printed or transmitted.
Creating Shapes. The IT auditor is likely to find that creating shapes with presentation software is relatively easy because there is a wide variety of shapes from which to choose. One difficulty that the IT auditor might experience in creating a complex workflow diagram by using very descriptive shapes is that the general shapes available in these applications do not provide the level of specificity that the he or she requires.
Adding Text. The IT auditor is likely to find that adding text within the shapes is difficult because the text and the shape represent two separate items within the diagram. The auditor may be required to indicate which should appear in front of the other (e.g., the text over the shape is most common). Then, he or she must join the two items into one, which must be done individually for each shape with text on the diagram. The IT auditor must also consider the amount of text to placed within the workflow diagram shapes. Presentation software is not likely to provide for automatic shape sizing or for text to wrap automatically at the edge of a shape. The lack of either or both of these features is likely to increase significantly the amount of time required to create the initial workflow diagram.
Connecting Diagram Shapes and Indicating Process Flow. The IT auditor must connect the shapes on the diagram to indicate the sequence of activities, to illustrate the possible outcomes at a branching or decision point, and to guide the users of the workflow diagram through the activities in which they are most interested. The lines should be straight whenever possible, or take the simplest path when straight lines cannot be used. Workflow diagram lines may cross each other, but there should be a break in one of the lines to indicate clearly that the process flows do not merge or overlap at the point of the crossover. Presentation software is likely to require that the IT Auditor plan the route of each connecting line, and either create the line following that path or create a line directly connecting the endpoints and then dragging the appropriate points of the line to move it into the correct position.
The IT auditor should be aware that most presentation software applications treat a connecting line as a separate item on the diagram, even if it is in contact with the edge of a shape on the diagram. Therefore, these lines must be joined if the auditor wants to be certain that the line will always be in contact with a particular shape.
Printing the Diagram. Presentation software should have standard printing capabilities, permitting the IT auditor to generate an output document for any workflow diagram that was created for audit or other purposes. The functions that presentation software is not likely to have include the automatic creation of off-page connectors for diagrams requiring more than one page to print, an advance preview of page breaks to identify potential disruptions to the diagram, and/or the ability to produce large diagrams in a format that makes them wall-mountable for team-based evaluation.
Maintaining an Existing Diagram. The IT auditor should plan to review draft workflow diagrams with the appropriate personnel to ensure their accuracy because what appears to be the correct understanding can be misinterpreted when translated onto a workflow diagram. This current review or the passage of time is almost guaranteed to create a need to change the diagram. The process of changing the workflow diagram is essentially the same, regardless of whether the change is being done to correct a draft diagram, to make the existing diagram clearer, or to reflect process changes that have occurred over time.
Editing and Adding Shapes. Presentation and drawing software is normally capable of accommodating changing a shape with little effort. Inserting additional shapes should also be handled efficiently because spaces can be created by blocking existing shapes, text, and connections and moving the blocked area to a new location.
Editing and Adding Text. The capability to add or edit text should not be any different from placing the original text on the workflow diagram. The IT auditor should expect that the text functionality of presentation and drawing software in a maintenance situation have the same advantages and disadvantages as in creating text.
Previous | Table of Contents | Next |