In this post we want to talk about the importance of evaluating the use cases of our clients’ billing, collection and accounting systems to detect both the key functionalities that affect the collection flow of delivery notes, invoices, collections and accounting entries. On the other hand, together with the system architecture diagram, it forms the basis for the next stage in our report, regarding the detection of strengths and threats of the controls that the software already has in place.
Anti-fraud law article 201 bis.
Use cases and software architecture.
The application of the use cases in this type of report is essential to be able to work with dozens of clients in the audit and consultancy of adaptation to the new anti -fraud law article 201bis .
The use cases focused on the core functionality that applies to cash flows and that are therefore likely to apply said law, allow us to understand the controls and functionalities implemented that apply to the dimensions:
Integrity (I) : Faithful image of the information and security measures that assure us that the data stored in the system reflects the operations that have been carried out in it only through the use cases that the application allows. In the event of a violation of the system, the integrity is broken and must be detected by it.
Conservation (C) : Impossibility of altering the information stored in the system or backup copies over time.
Accessibility (A) : Capacity of the system that allows us to access the information and processes it provides.
Legibility (L) : Possibility of clearly interpreting and reading the information stored in the system, backups in an agile and simple way.
Traceability (T) : Need for a system to record the operations carried out on it. Typically a log or event log which in turn is applied by all the other dimensions.
Inalterability of the records (IR) : Related to the chain of custody that the information has over time and that assures us that the data has not been altered in an uncontrolled or fraudulent manner.
To eliminate the possibility of B cash, parallel accounts or use of B companies in the software itself.
The software and systems architecture also allows us to understand the pillars on which the controls applied to the application are based. For example, we have clients with obsolete databases, such as dbase IV (needing what we call certified auditors, compensatory controls) , where it is difficult to implement controls of many dimensions. However, we have clients with modern database management environments, such as Microsoft SQL SERVER, where the application of control measures in the aforementioned dimensions is much easier.
Conclusions
The use cases, such as through the UML methodology, allow us to quickly understand the operation of the application, the controls currently in place, the impact these have on compliance with the law and the detection of strengths and weaknesses that the software is part of. this difficult path of law enforcement. Together with the understanding of the technological architecture, it allows us to propose the next step of the audit, the risk assessment.
If you are a developer, distributor or end customer, contact us and we will discuss your need and how we can help you.