 |
Audit Plan (print ref: Part 3, Section 2.5)
At this stage of the audit preparation process the Auditor should be in a position to draw up an Audit Plan showing the timetable of activities during the Compliance Audit and specifying exactly who will do what, when and where. It is recommended that a pro-forma is used for this purpose and a typical Audit Plan is provided in Annex C.5.
Auditors will appreciate that there is a lot of work to do over a short period during an audit and it is important that their time is used as efficiently as possible. The utilisation of their time can be maximised by giving careful thought to the sequence in which the audit is conducted. Some points of good practice to bear in mind when drawing up the Audit Plan include:
- Start off with a Functional Audit working through the Checklists of Annexes F, G and H with the Data Protection Manager/Officer or other senior staff member. This will allow the Auditor to build up a "top down" picture of the organisation.
- If there are two Auditors, the second Auditor can conduct One-to-One Interviews and/or Focus Groups while the first Auditor carries out the Functional Audit.
- During a One-to-One Interview, the Auditor is able to establish a relationship with the interviewee and elicit information about their job within the organisation. It is therefore very efficient to follow this immediately with a Process Audit of the interviewee's work as this will capitalise on this relationship and eliminate the time required for basic introductions etc.
- If there is only one Auditor then they can conduct the One-to-One Interviews and/or Focus Groups followed by Process Audits once they have completed the initial Functional Audit.
Return to top
|
|
