What is the network?—The first step is determining the
extent of the network. This is generally done by examining
the network diagram. The network diagram is basically a
map that shows all the routes available on the network. The
key factor that the auditor has to worry about in the diagram
is its accuracy. Large networks evolve and change constantly with changing business needs and a diagram that is not
updated is useless. The IS auditor should ascertain what
processes exist in the organization to update and maintain
the network diagram accurately. The use of a software tool
to generate this diagram ensures some degree of accuracy. In
any network, there will be locations where there is a
concentration of resources, such as a data center where ERP
servers, mail servers, etc., are hosted and many points such
as manufacturing plants, sales offices etc., from which these
resources are accessed. While smaller networks may have
only one such location, complex networks may have many
hosting points where critical resources are located. The
network diagram could also provide input on the type of
devices and protocols used on the network. The network
diagram and its details provide the most important input for
the audit, and the auditor should keep referring to it
throughout the audit.