Date post: | 17-Jan-2016 |
Category: |
Documents |
Upload: | abner-pope |
View: | 212 times |
Download: | 0 times |
Internal AuditBusiness Process Documentation Tool
Symposium on Information Systems Assurance
October 22, 2005
Tom Crouch
IT Audit Manager
The nice thing about standards is that there are so many to choose from.- Andrew S. Tannenbaum
Symposium on Information Systems Assurance, October 20-22, 2005 2
About Sun Life• Financial Services company offering wealth
management, insurance and protection products• Head Office – Toronto
– Offices in Canada, US, UK, Asia• Market cap, year-end 2004 of $23.8 billion CDN• 2004 Revenue - $21.75 billion CDN• Serve approximately 7 million Canadians
Symposium on Information Systems Assurance, October 20-22, 2005 3
Brief History of the Tool• Audit documentation consisted of Narratives and
Data Flow Diagrams
– Not collected in one spot
– No ability to correlate
– Depended on drawing ability of Auditor• Too much time making it “pretty”• Difficult to edit
– Large chunks of process easily missed• Too easy to make assumptions
Symposium on Information Systems Assurance, October 20-22, 2005 4
The Vision• To create a tool that would facilitate the capture of
process documentation that would
– provide a level of consistency and rigor– do so in an Auditor friendly manner (efficient / easy)
– be easily understood by clients
– allow processes to be interrelated
– allow analysis and rollup of data
– allow drill down exploration of processes
– combine business and IT documentation
– be easy to maintain
Symposium on Information Systems Assurance, October 20-22, 2005 5
Our “solution”• “Audit Universe”
– Developed in-house over period of years (beginning 1998)
– Written in Clarion 6.2 Enterprise Edition• Rapid Application Integrated Development
Environment (http://www.softvelocity.com )
– Multi-user, MS Windows, LAN based
– Proprietary database structure (encrypted)• Conversion to SQL possible and ‘relatively’
painless
Symposium on Information Systems Assurance, October 20-22, 2005 6
The ‘model’ – Interaction Diagram• Based on Object Oriented principles• Combines Narrative and Data Flow in one diagram• No artistic talent required
– Standardized format, automatically drawn• Connect-the-dots
– minimizes missed, forgotten or not well understood pieces
• Client friendly – “I get it!”– We have had several requests to provide
documentation to projects that are doing business process reengineering.
Symposium on Information Systems Assurance, October 20-22, 2005 7
The basic look (Illustrative example)
Symposium on Information Systems Assurance, October 20-22, 2005 8
Sample output (Illustrative example)
Symposium on Information Systems Assurance, October 20-22, 2005 9
Demo• Let’s take a look
Symposium on Information Systems Assurance, October 20-22, 2005 10
Other capabilities (Illustrative example)• ‘House’ view – hierarchical view of Business Unit
Symposium on Information Systems Assurance, October 20-22, 2005 11
• Tree View – all levels in same view (Illustrative Example)
Symposium on Information Systems Assurance, October 20-22, 2005 12
Security
Symposium on Information Systems Assurance, October 20-22, 2005 13
Summary• More efficient & accurate documentation
– Physical view of process• Creates a universe of documentation that is
– Relational
– Sharable
– Searchable
– Clear and understood
Symposium on Information Systems Assurance, October 20-22, 2005 14
Symposium on Information Systems Assurance, October 20-22, 2005 15
Thank you for your [email protected]