Audit Checklists (print ref: Part 3, Section 2.3)
Experience from auditing Health and Safety, IT, Quality Assurance, Environmental and Financial Systems has shown that the preparation of Checklists is an essential component of any successful audit. We believe that this is equally true of Data Protection System Auditing and therefore this section will deal with the preparation and use of Checklists during a Data Protection Compliance Audit.
The Role of an Audit Checklist
It is possible to identify a number of important roles for Checklists before, during, and after an audit:
- They are an aid to planning and preparation before the audit
- They act as an "aide-memoir" during the audit
- They help to focus on essentials
- They help to maintain audit direction and continuity
- They are used for note taking during the audit
- They are used as the basis for reporting after the audit
Disadvantages of Checklists
Although Checklists are extremely useful when used properly, they can also have the following disadvantages if used incorrectly:
- They may inhibit flexibility
- There may be some degree of repetition on matters already covered
- If used by the Auditor merely as a list of questions they may:
- Annoy the auditee due to the lack of interaction and discussion
- Reduce the interaction and as a result cause important areas to be missed due to the lack of discussion
- Cause compensating controls to go unnoticed
Return to top
|