Open Framework, Information Management Strategy & Collaborative Governance | Data & Social Methodology - MIKE2.0 Methodology
Wiki Home
Collapse Expand Close

Members
Collapse Expand Close

To join, please contact us.

Improve MIKE 2.0
Collapse Expand Close
Need somewhere to start? How about the most wanted pages; or the pages we know need more work; or even the stub that somebody else has started, but hasn't been able to finish. Or create a ticket for any issues you have found.

Continuous Improvement - Compliance Auditing

From MIKE2.0 Methodology

Share/Save/Bookmark
Jump to: navigation, search
Activities in Phase 5
Phase 5 - Incremental Development, Testing, Deployment and Improvement
Content Model Relationship

Contents

Activity: Continuous Improvement - Compliance Auditing

Objective. '''Compliance Audits can take many forms and are used to assess an organisation’s compliance to information management policies, processes, and metrics. Audits are a key part of a continuous improvement program and form an objective measure for assessing enterprise maturity.

Audits have some commonality with the other continuous improvement activities except that audits should generally be conducted by an external group as opposed to the internal Data Governance team. Audits don’t involve the technical aspects of data analysis (i.e. data profiling), but instead involves inspection of results and looking at overall processes for information management.

Planning, defining and conducting audits will involve the multiple steps explained below.

There is some overlap between the other Continuous Improvement Activities and the Compliance Auditing Activity. The difference for the Audit is that it is performed by an external team and the detail to be covered by the Audit is at the discretion of this team. Therefore, the content assessed as part of the Audit is not strictly defined in this document.

Major Deliverables
  • Auditing Standards and Processes
  • Audit Results
Tasks

Task: Attain Sponsorship of Data Governance Board

Objective: Executive Leadership should establish a policy endorsing the use of Compliance Auditing as a basis for enforcing use of standards and data management processes. Non-compliance action must be documented.

As audits can be seen as cumbersome to participants, senior sponsorship is crucial for emphasizing their importance. The goal is for participants to see that the audit is an improvement exercise in which they are participants, as opposed to simply a mandate that it is an invasion on their work processes.


Input:

  • Auditing Scope Defined


Output:

  • Sponsorship for Auditing

Task: Define Compliance Auditing Processes

Objective: Quality Analysts that run the audit should create established policy and processes for consistently reviewing and assessing compliance with standards, policies and process. Standards, policies, and procedures must be clear to participants and be widely available as the basis of compliance. The Compliance Audit processes should be clearly scheduled so it will be known when audits will be performed and how they will be conducted.


Input:

  • Auditing Scope Defined
  • Sponsorship for Auditing


Output:

  • Auditing Processes Defined

Task: Train Staff on Compliance Standards

Objective: Staff must be trained on the standards prior to being audited and be knowledgeable of the processes and metrics they will be measured against. Staff should clearly understand these standards; training may need to be in-depth and involve the use of experts to be placed on the working teams.


Input:

  • Auditing Scope Defined


Output:

  • Staff Trained on Auditing Processes

Task: Conduct Auditing Processes

Objective: Audits can be executed against active (in-flight) projects and existing systems. Audits that involve interviews should be reasonably brief and the interviers should come well-prepared with a set of standard questions. Similar to interviewing for business requirements, the Compliance Audit should be conducted in a structured fashion (with standard questions) but also allow for some free-flowing dialogue.


Input:

  • Auditing Processes Defined
  • Staff Trained on Auditing Processes


Output:

  • Auditing Process Complete

Task: Present Auditing Results and Recommendations

Objective: The final step of the Compliance Audit is to document findings of audits and take non-compliance action. Individual, project group, and business unit compliance should be tracked over time and comparison again historical results should be presented as part of the findings. Recommendations should be put forward as the final step in the Audit. Recommendations should take into account the overall set of business goals, major issues that have occurred and planned projects. They should also take into account major external factors (e.g. new external standards) and may include comparative information from other parts of the business or from others in the industry.


Input:

  • Auditing Process Complete


Output:

  • Auditing Results
  • Auditing Recommendations

Role: External Auditor Business Architect

Role: External Auditor Information Architect

Role: External Auditor Data Analysts

Yellow Flags

  • Auditing programme lacks support at senior levels and there is a resistance to participation
  • Recommendations from auditing do not tie into an implementation and change programme
Wiki Contributors
Collapse Expand Close