Since I teach a lot of internal control seminars, people are asking me how to 'idiot proof' their systems against fraud. Sorry- it can't be done. As long as humans are prone to error, people will find ways to beat systems- it's in our nature to improvise, adapt, and overcome problems we face. That having been said, I have come across some innovative ways to document and search for weaknesses in internal controls over the last couple of years.
The keys I have seen are to keep things understandable and focus on the average reader. Sure, you'll want to mention the location of key database files in UNC codes (think names like \\luther\apps\appname\database.mdb), but keep the overview focused on the big picture. If you find yourself creating diagrams on large format paper, you need to break things up. My experience has been that your average retail/wholesale/manufacturing company user can't comprehend a diagram on large format paper - it's just sensory overload.
Because half of the people viewing your diagrams are visual learners, it's important to use diagrams, flowcharts, and color. I have a flowchart template for Excel which is available from my website, www.bftcpa.com. The visual items make it easier to grasp the whole system without getting initially bogged down in the details.
Color can be used in listings of duties to identify potential segregation issues, Three colors of highlighters - one blue, one yellow, and one orange - can be used to identify tasks as either access to assets, recordkeeping, or approval/override, The lists of duties by employee can then be reviewed, and if an employee has more than one color highlighting in their list of duties for, say, the revenue cycle, the duties should be reviewed to see if they are consistent with each other.
C-2.8Ghz, 256MB RAM, 80GB SATA HD, CD-ROM, capable of SATA RAID 0 and 1, 8MB onboard video, keyboard/mouse. No monitor (like you needed another monitor on your desk anyway). The RAM upgrades seem kind of high ($150 for an "upgrade" to 1GB of PC3200 ECC RAM (400MhzFSB)), so you might want to buy the RAM on your own - it's what I'm going to do.
This promo has to be ordered by phone, and mine shouldn't be here until August 4th. I had a great CSR on the other end of the line in South Dakota, and he was really helpful even though I was buying a super-cheap PC - you may want to call him if you want to order one, since this is a "phone only" promotion. His name is Tucker Carman, and his number is 800-846-2042 x25357. Tell him that I sent you - and remember - you were young, eager, and hungry at one point, and people gave you some breaks you probably didn't deserve - so return the favor to him already if you want one of these.
With tax (TN- 9+%) and shipping, I paid $249.09 for this PC. I will either use it for my continuing work to get better at UNIX/LINUX, or I will use it as a "loaner" for clients to use while I am out of town. For MS Action Pack members, you can load this up with your SW from MS (e.g. Server 2003, Sharepoint Portal Server, etc.), or just put linux on it like I probably will and use it as a test server. With the challenges of keeping people happy over a large area, I may set it up as a "pre-placed" spare in a client's office an hour from my home. This would make it easy for the cluster of clients in that area to get back working in the event of a hardware failure. For those of you that don't have a LINUX distribution already, Novell is giving copies of their stuff away to qualified IT professionals.