Temat: ŚCIEŻKA AUDYTU

ŚCIEŻKA AUDYTU

W audycie wewnętrznym w administracji publicznej wprowadzono mylną definicję 'ścieżki audytu'. Warto się zapoznać z tym, co rzeczywiście jest ścieżka audytu i czemu służy.

W "SŁOWNICZKU WYRAZÓW OBCYCH" w mojej książce "AUDYT I KONTROLA WEWNĘTRZNA W PRZEDSIĘBIORSTWACH I ADMINISTRACJI PUBLICZNEJ" podaję taką definicję ścieżki audytu:

AUDIT TRAIL:
dosłownie "ścieżka" audytu. Wyrażenie należy rozumieć jako możliwość sprawdzenia całej operacji od samego jej początku do końca. W manualnym systemie jest to względnie łatwa sprawa, gdyż każdy krok w przetwarzaniu danej operacji jest zwykle wyraźnie udokumentowany - od zlecenia aż do wykonania i ostatecznego zaksięgowania i rozliczenia. W systemie komputerowym zależnie od ustalonych procedur i zdolności oprogramowania jest mniej dokumentacji. Dodatkowo system może sam dokonywać pewnych operacji, tzw. systems generated entries (np. accruals, czyli naliczanie odsetek i ich jednoczesne księgowanie na koncie dochodów i kosztów); zwykle sam system wykonuje większość kalkulacji, produkuje szereg raportów i sprawozdań.

Audit trail jest możliwością audytora badania poprawności przetwarzania i księgowania operacji (system musi być taki, aby audytor mógł każdą operację zbadać mimo pewnych braków dokumentacji). Do tego potrzeba znajomości samego systemu i zasad według których on działa. Systemy, które nie zostawiają "audit trail" nie powinny być akceptowane przez dyrekcję jednostki Audytu wewnętrznego.


Z Wikipedii, wolnej encyklopedii: Ścieżka audytu (ang. audit trail) oznacza złożony dokument, który powinien zawierać jak najbardziej przejrzysty opis przebiegu operacji finansowej, gospodarczej lub procesu od samego początku, w trakcie ich trwania po zakończenie, z opisem sposobu dokumentowania i kontroli tych operacji. Ścieżka audytu powinna umożliwiać śledzenie kolejnych faz zatwierdzania, rejestrowania i sprawdzania pojedynczej operacji lub procesu. Jest narzędziem wspomagającym zarządzanie w organizacji i jest jednym z podstawowych mechanizmów kontroli wewnętrznej, umożliwiając wykrycie luk i niesprawności w procesie.

Ścieżka audytu często wykorzystywana jest w trakcie audytów wewnętrznych, do zrozumienia przebiegu procesu, analizy kontroli wewnętrznej oraz identyfikacji słabych punktów procesu.


Teksty angielskie:

What is an Audit Trail?

The term audit trail is used in more than one application in the business world of today. Historically, an audit trail had to do with being able to provide a complete history of any given financial transaction. The idea was to be able to identify each step in the process from the initiation of the transaction all the way through to the completion of the transaction. Typically, this process took place by being able to produce paper documents that showed the progress of the transaction from start to finish. Today, an audit trail also has to do with tracing data in electronic form as well, with the transactions not necessarily limited to financial data.

An audit trail of any type will include an attempt to establish a chronological list of steps that were necessary to begin the transaction as well as bring it to completion. Audit trails can be very simplistic or extremely complicated, depending on the number of steps involved with the transaction. For example, conducting an audit trail on an invoice issued by a vendor would be a relatively simple process.

Beginning with the receipt of the invoice, the document is tracked through Accounts Payable, all the way through to the issuance of a check or electronic payment to settle the debt. At the same time, creating an audited trail to allow for the reconstruction of a manufacturing process may contain many more steps and become very difficult to follow.

An auditor may choose to begin the process of creating an audit trail from either the beginning or the completion of the transaction under consideration. Often, beginning the audit process with the most recent completed phase and working backward is an efficient means of establishing the audit trail. However, when both the beginning point and the point of completion are well established, it is possible to approach the audit trail from both ends simultaneously, simply filling in the steps occurring between the start and finishing steps to the transaction.

Using an audit trail can often be an effective tool in managing the financial and other resources of a business or organization. The process of identifying the audit trail may in fact help to identify steps within the process that were unnecessary and that can be eliminated in future transactions. Another important application of the audit trail is that the process can uncover attempts to manipulate the financial profile of the entity, perhaps in an attempt to cover up the fact that funds are missing or were misappropriated in some manner. Basically, the audit trail is a helpful device to ensure that transactions are conducted smoothly and honestly, with the least amount of necessary steps employed in the process.


From: webopedia.com:

Audit trail or audit log is a chronological sequence of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function.

Audit records typically result from activities such as transactions or communications by individual people, systems, accounts or other entities.

Webopedia defines an audit trail as "a record showing who has accessed a computer system and what operations he or she has performed during a given period of time." ([1])

In telecommunication, the term means a record of both completed and attempted accesses and service, or data forming a logical path linking a sequence of events, used to trace the transactions that have affected the contents of a record.

In information or communications security, information audit means a chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event.

In nursing research, it refers to the act of maintaining a running log or journal of decisions relating to a research project, thus making clear the steps taken and changes made to the original protocol.
In accounting, it refers to documentation of detailed transactions supporting summary ledger entries. This documentation may be on paper or electronic records.

The process that creates audit trail should always run in a privileged mode, so it could access and supervise all actions from all users, and normal user could not stop/change it. Furthermore, for the same reason, trail file or database table with a trail should not be accessible to normal users.

In what relates to audit trail, it is also very much important to take into consideration the liability issues of your audit trails, as many times in case of dispute, these audit trails can work as an evidence for some incident.

For users of typical ERP suite, audit trails provide track, trace and reporting capabilities for any changes associated with any data in that ERP, and for any data in third-party software or customized software resident within the suite.

The software can operate with the closed-looped controls, or as a 'closed system,' as required by many companies when using an Audit Trail system.