Guide to Data Protection Auditing


			Data Protection Homepage Audit Guide Homepage Download print version

Part 4: Guide to Auditing

Section	Title	Print Page ref
Part 4	Guide to Auditing	4.3
1.	The Role of an Auditor	4.3
2.	Auditing Tasks	4.3
2.1	Obtaining Evidence	4.5
2.1.1	Auditor Introduction	4.5
2.1.2	Opportunity for Member of Staff to Talk	4.5
2.1.3	Explanation of Purpose	4.5
2.1.4	Auditor Gathers Information	4.5
2.1.5	Information Correlation	4.5
2.1.6	Summary and Closing	4.6
2.2	Assessing the Evidence	4.6
2.2.1	Sources and Reliability	4.6
2.2.2	Weaknesses in Information	4.6
2.2.3	Strengthening the Evidence Base	4.7
2.2.4	Validity, Reliability and Repeatability	4.7
3.	Human Aspects	4.7
3.1	A Good Auditor	4.7
3.2	Good Practices/a>	4.8
3.3	Bad Practices	4.9
3.4	Establishing Relationships	4.10
4.	Audit Techniques	4.11
4.1	Basis of Questions	4.11
4.2	Good Questioning Techniques	4.11
4.2.1	Open Questions	4.11
4.2.2	Directed Questioning	4.11
4.2.3	Inviting a Negative Response	4.11
4.3	Questions to Avoid	4.13
4.3.1	Closed Questions	4.13
4.3.2	Limiting Questions	4.13
4.3.3	Hypothetical Questions	4.13
4.3.4	Leading Questions	4.13
4.3.5	Multiple Questions	4.13
4.4	Black Box Auditing	4.13
5.	Practical Considerations	4.14
5.1	Layout of Interview Room	4.14
5.2	Note Taking	4.14
5.3	What to Take to the Audit	4.14
5.4	Auditor’s Code of Conduct	4.15
5.4.1	Honesty	4.15
5.4.2	Conflict of Interest	4.15
5.4.3	Inducements	4.15
5.4.4	Confidentiality	4.15
5.4.5	Concealment	4.15
5.4.6	Professionalism	4.15