Skip navigation Spacer Spacer Spacer
Data Protection Logo Spacer Guide to Data Protection Auditing

Data Protection Homepage  Bullet  
Audit Guide Homepage  Bullet  
Download print version  Bullet  

What is a Data Protection Audit? Why Audit? Beginner's guide Step-by-step Process Forms and Checklists Site Map

SpacerThe Role of an Auditor | Auditing Tasks | Human Aspects | Audit techniques | Practical Considerations
Spacer Spacer

< Previous | Next >
 

 Spacer
Spacer

A Good Auditor (print ref: Part 4, Section 3.1)

It is possible to identify some basic behavioural characteristics that all Auditors should aspire to. Hopefully most of these will be self-explanatory, but it is always useful to keep the attributes in the list below at the back of your mind when on an audit:

  • Objective: An Auditor must only deal with facts. You will be lost if you ever lose your objectivity during an audit.
  • Fair: An Auditor must always be fair and report exactly what they have discovered during an audit without fear or favour. You have obligations to the Data Protection Representative, the organisation and auditees when conducting an audit. If it is an internal audit then these people are likely to be colleagues so it is important to be professional.
  • Thorough: The organisation and its staff will probably have put a lot of time and effort into preparation before the audit. It is therefore important that they feel that the Auditor has made a thorough job of examining everything covered by the assessment. Equally, the more preparation the Auditor has done beforehand the more thorough the Audit will be as a result.
  • A good communicator at all levels: On a typical audit an Auditor may be dealing with senior management, heads of department and office staff. It is therefore important that you are able to communicate effectively at all strata within an organisation and don't "talk down" to junior staff or be obsequious with senior staff.
  • Friendly: Auditees will always react better to a friendly Auditor. When trying to decide just how friendly you should be remember that you are in effect a visitor or guest. Therefore you should try and only do or say things that would be acceptable for a guest otherwise your behaviour may cause concern and provoke an adverse reaction among the staff.
  • Patient: Remember that the process of being audited puts the organisation and its staff under a lot of stress. You must therefore make allowances for this when people don't react quite as quickly as you think they should.
  • Determined: You have to be fairly single minded to achieve the objectives of an audit and settle any doubts without distraction. However, this does need to be balanced by a degree of pragmatism. For example an Auditor who is determined to find fault at any cost may spend hours on endless "nit picking" which is a waste of everybody's time and money.
  • Calm under pressure: Auditing involves quite intense work being carried out over sustained periods. You have a lot to get through with rigid deadlines, and during the audit will probably not be able to stop at 5 pm each day. You must therefore be able to work calmly under pressure to reassure the auditees that everything is "under control" at all times.
  • Calm when provoked: We have said in section 2.1.2 that auditees may be argumentative, undisciplined, opinionated, impatient, domineering or downright rude. It is essential that if you as Auditor are faced with a member of staff who behaves like this that you do not react if provoked but stay calm, polite and in control.

Return to top
 
Toolbox top border
Spacer

Human Aspects

Spacer 		Spacer
Toolbox bottom border


< Previous | Next >

 Spacer
Spacer

What is a Data Protection Audit? | Why Audit? | Beginner's Guide | Step-by-step Process | Forms and Checklists | Site Index
Copyright