Personal tools

Partners

Continuous Improvement - Compliance Auditing

From MIKE2 Methodology

Jump to: navigation, search
User Support & Operational Procedure GuidesTechnology Backplane DevelopmentBI Application DevelopmentFunctional TestingSystem Integration TestingEnd-to-End TestingStress and Volume TestingUser & Operations TrainingProduction DeploymentEvaluation_and_LaunchContinuous Improvement - Compliance AuditingContinuous Improvement - Standards, Policies and ProcessesContinuous Improvement - Data QualityContinuous Improvement - InfrastructureContinuous Improvement - Information Development OrganisationProject Closeout
The overall set of activities for Phase 5About this image

Contents

Activity: Continuous Improvement - Compliance Auditing

Objective

Compliance Audits can take many forms and are used to assess an organisation’s compliance to information management policies, processes, and metrics. Audits are a key part of a continuous improvement program and form an objective measure for assessing enterprise maturity.

Audits have some commonality with the other continuous improvement activities except that audits should generally be conducted by an external group as opposed to the internal Data Governance team. Audits don’t involve the technical aspects of data analysis (i.e. data profiling), but instead involves inspection of results and looking at overall processes for information management.

Planning, defining and conducting audits will involve the multiple steps explained below.

There is some overlap between the other Continuous Improvement Activities and the Compliance Auditing Activity. The difference for the Audit is that it is performed by an external team and the detail to be covered by the Audit is at the discretion of this team. Therefore, the content assessed as part of the Audit is not strictly defined in this document.

Major Deliverables

  • Auditing Standards and Processes
  • Audit Results

Tasks

Attain Sponsorship of Data Governance Board

Objective:

Executive Leadership should establish a policy endorsing the use of Compliance Auditing as a basis for enforcing use of standards and data management processes. Non-compliance action must be documented.

As audits can be seen as cumbersome to participants, senior sponsorship is crucial for emphasizing their importance. The goal is for participants to see that the audit is an improvement exercise in which they are participants, as opposed to simply a mandate that it is an invasion on their work processes.


Input:

  • Auditing Scope Defined


Output:

  • Sponsorship for Auditing

Define Compliance Auditing Processes

Objective:

Quality Analysts that run the audit should create established policy and processes for consistently reviewing and assessing compliance with standards, policies and process. Standards, policies, and procedures must be clear to participants and be widely available as the basis of compliance. The Compliance Audit processes should be clearly scheduled so it will be known when audits will be performed and how they will be conducted.


Input:

  • Auditing Scope Defined
  • Sponsorship for Auditing


Output:

  • Auditing Processes Defined

Train Staff on Compliance Standards

Objective:

Staff must be trained on the standards prior to being audited and be knowledgeable of the processes and metrics they will be measured against. Staff should clearly understand these standards; training may need to be in-depth and involve the use of experts to be placed on the working teams.


Input:

  • Auditing Processes Defined

Output:

  • Staff Trained on Auditing Processes

Conduct Auditing Processes

Objective:

Audits can be executed against active (in-flight) projects and existing systems. Audits that involve interviews should be reasonably brief and the interviers should come well-prepared with a set of standard questions. Similar to interviewing for business requirements, the Compliance Audit should be conducted in a structured fashion (with standard questions) but also allow for some free-flowing dialogue.


Input:

  • Auditing Processes Defined
  • Staff Trained on Auditing Processes


Output:

  • Auditing Process Complete

Present Auditing Results and Recommendations

Objective:

The final step of the Compliance Audit is to document findings of audits and take non-compliance action. Individual, project group, and business unit compliance should be tracked over time and comparison again historical results should be presented as part of the findings. Recommendations should be put forward as the final step in the Audit. Recommendations should take into account the overall set of business goals, major issues that have occurred and planned projects. They should also take into account major external factors (e.g. new external standards) and may include comparative information from other parts of the business or from others in the industry.


Input:

  • Auditing Process Complete


Output:

  • Auditing Results
  • Auditing Recommendations

Core Supporting Assets

Yellow Flags

  • Auditing programme lacks support at senior levels and there is a resistance to participation
  • Recommendations from auditing do not tie into an implementation and change programme

Key Resource Requirements

Retrieved from "http://mike2.openmethodology.org/wiki/Continuous_Improvement_-_Compliance_Auditing"
Powered by omCollab