Database Reference
In-Depth Information
The process narratives should include all the subprocesses and procedures that
are performed by employees responsible to ensure that there is a complete picture
of how the process is actually executed. Process narrative should describe manual
procedures as well as procedures enabled through software applications, such
as ERP systems that enable the process. Process documentation may also include
scope of the process, reference to company policies, such as authorization levels
and supervisor review, and references to related processes. Process narratives
that include procedures performed in an application should also reference the
application access controls, segregation of duty policies, configuration controls,
and transaction integrity.
The process flowcharts should provide a graphical representation of all the
procedures, conditional steps, and inputs/outputs that describe the process and
procedures. The graphical representation should also include a legend of shapes,
conditions, and data. Flowcharts can be reviewed more effectively if the charts also
include complete and accurate lists of the risks and controls that correlate to the
process flow. Many organizations separate procedures within a process by lines or
"swim lanes" to represent the employee roles that are responsible for performing,
reviewing, and approving each step in the process.
Process owners and audit staff should use flowcharts to walk-through the process
and gain a clear understanding of the process, as well as control activities that will
mitigate the risks exposure.
InFission approach for managing
process and procedure documents
At InFission, each department manager is responsible for maintaining the process
and procedure documentation. The audit team reviews the narratives and process
flow diagrams with each department biannually, as well as whenever any changes
are made to a significant process. Each auditor is assigned to review one or
more process narrative and flowchart documents. The review is initiated by the
auditor obtaining the latest documentation from the designated employees in
each department. Once the auditor receives the process documentation, she or
he verifies the documents based on InFission standards and governing business
policies. Next, the auditor schedules a process walkthrough session with the
process owner(s) in the department.
Search WWH ::
Custom Search