 |
Black Box Auditing (print ref: Part 4, Section 4.4)
It is quite possible that an Auditor may be asked to audit a complex and technical process with which they have little familiarity. In these circumstances it may be helpful for the Auditor to think of the process to be audited as a "Black Box" where the staff carrying out the process have been trained to operate within the "Box". The Auditor does not have to be an expert at the detailed technical operations within the "Box" but needs to check that the overall process complies with the requirements of the Data Protection Act in terms of:
- Are the inputs to the process adequately checked?
- Are the outputs from the process adequately checked?
- Is the process itself adequately documented consistent with the expected skill levels of the staff involved?
- What happens when errors occur?
- Are the records adequate to show that work has been processed correctly?
- Have the staff been adequately trained to carry out the process?
This "Black Box" audit model is illustrated graphically in Figure 4.2
Fig. 4.2: Black Box Audit Model
Return to top
|
|