Skip navigation Spacer Spacer Spacer
Data Protection Logo Spacer Guide to Data Protection Auditing

Data Protection Homepage  Bullet  
Audit Guide Homepage  Bullet  
Download print version  Bullet  

What is a Data Protection Audit? Why Audit? Beginner's guide Step-by-step Process Forms and Checklists Site Map

SpacerThe Role of an Auditor | Auditing Tasks | Human Aspects | Audit techniques | Practical Considerations
Spacer Spacer

< Previous | Next >
 

 Spacer
Spacer

Good Practices (print ref: Part 4, Section 3.2)

Section 3.1 has listed some of the attributes that good Auditors should have to help them do the job. There are also a number of practical steps that the Auditor can follow to make the process as positive, helpful and efficient as possible. Examples of good practices for Auditors include:

  • Ask the right person: Always check that you are talking to the person who can best answer your questions. Don't waste time with people who are not involved with the task or are not responsible for it.
  • Look at the person: When you are speaking to the right person, always look at them when asking your questions. They will find it easier to understand and you will be able to judge better whether they have understood by studying their facial expression.
  • Speak clearly and simply: Auditees will have difficulty following long and complex questions so try and speak clearly and keep the questions as simple as possible.
  • Rephrase the question if necessary: If you can see that the auditee has not understood your question, try and rephrase it and ask it again.
  • Smile and be relaxed: You want to appear friendly to the auditee so smile when introduced. They will also feel more relaxed if you are.
  • Be unemotional and impartial: Remember that your role is to make judgements based on objective evidence.
  • Do not look for trouble: People may become quite aggressive if you find a Non-compliance. Once you have established the basic facts and the likely root cause move on so that staff do not feel they are being victimised.
  • Do not project superiority: You must resist the temptation to be overbearing and throw your weight around due to the authority that has been invested in you as an Auditor.
  • Give praise when deserved: Although your task as Auditor is to judge how effective the data protection system is at preventing errors you must guard against it appearing a search for failure. Try to be as positive as possible and where you see examples of good practice always give credit where credit is due.

Return to top
 
Toolbox top border
Spacer

Human Aspects

Spacer 		Spacer
Toolbox bottom border


< Previous | Next >

 Spacer
Spacer

What is a Data Protection Audit? | Why Audit? | Beginner's Guide | Step-by-step Process | Forms and Checklists | Site Index
Copyright