Retrobay

Sample audit

A 30–50 page worked example: what an in-depth system audit looks like when applied to a generic small-manufacturing ERP.

Anchor: a fictional but typed-true system, MES-Plus v6.4 — small-manufacturing ERP, 180 employees, in service since 2008.

Contents

1. §1

   Executive summary

   What the system does, who depends on it, what would break if it stopped.

   draft
2. §2

   Scope of this audit

   What was examined, what was not, methodology, evidence basis.

   draft
3. §3

   System overview

   Architecture, deployment topology, integration map.

   draft
4. §4

   User roles and permissions

   6–8 roles, RACI-shape matrix, permission boundaries.

   draft
5. §5

   User journeys

   6–8 main flows, narrative plus flow diagrams.

   draft
6. §6

   Data model

   18–22 core entities, full ERD, attribute notes.

   draft
7. §7

   Process flows

   Order-to-cash, procure-to-pay, plan-to-make, record-to-report.

   draft
8. §8

   Integration inventory

   File imports/exports, APIs, third-party touchpoints, scheduled jobs.

   draft
9. §9

   Reporting catalog

   Standard reports, ad-hoc query capability, BI/export touchpoints.

   draft
10. §10

    Non-functional spec

    Auth, audit logging, concurrency, data volumes, uptime, backup, DR.

    draft
11. §11

    Risk register

    Concrete risks observed, severity, time-horizon.

    draft
12. §12

    Modernisation considerations

    Findings mapped to Patch / Mend / Retrofit / Restructure tiers.

    draft
13. §13

    Glossary

    Business and technical terms used in this audit.

    draft
14. §14

    Appendices

    Audit method, evidence-collection notes, document conventions.

    draft