Audit

DG Audit

Purpose

Compliance with this Policy and related USG BPM sections can be subject of institution, system, or state audit. Georgia Tech must maintain records not only of documentation explicitly referenced in the Policy and the corresponding guidelines, procedures, and resources but also general evidence that Georgia Tech is in compliance.

 

Go to Procedures
Go to Resources

 

Related Policies

Data Governance and Management Policy

Related Guidelines, Procedures and Resources

Definitions

Capitalized terms not otherwise defined herein shall have the same meaning as set forth in the Data Governance and Management Policy

Audience

Responsible Internal Auditing
Accountable Data Governance Committee
Support Associate Data Trustee
Data Steward
Associate Data Steward
System Owner
Technical Manager
Data Administrator
Data User
Consulted Data Governance team
Cyber Security
General Counsel
Informed Data Domain & Technology Sub-Committees

Procedures

Audit Roles and Responsibilities
  1. The Chief Audit Executive (or their appointed designee) may conduct internal audits and may facilitate external audits of this Policy and corresponding guidelines, procedures, and resources.
  2. The Data Governance Officer, the Chief Information Security Officer (or their appointed designee), and the General Counsel and Vice President for Ethics & Compliance (or their appointed designee) may consult with Internal Auditing on both internal and external audits.
  3. The roles indicated in the “Support” section of the “Audience” list above shall support audits by participating in surveys, interviews, and review of documentation that supports compliance with the Policy and the corresponding guidelines, procedures, and resources.
Internal Audit
  1. Internal audits may be prioritized based on feedback by the Data Governance Committee, the Data Governance Officer, the Chief Information Security Officer, and the General Counsel and Vice President for Ethics & Compliance.
  2. Internal audits will be conducted at a frequency determined by Internal Auditing.
  3. Internal audits may be conducted through the use of surveys, interviews, and review of documentation that supports compliance with the Policy, guidelines, procedures, and resources.
  4. Internal audits may be conducted with a sampling of Associate Data Trustees, Data Stewards, Associate Data Stewards, System Owners, Technical Managers, Data Administrators, and Data Users. Internal audits may be conducted with the Data Governance Committee, the Data Management Committee, and the Data Domain & Technology Sub-Committees.
  5. Internal audit results will be documented and retained in accordance with GT and USG Records Retention and Disposition schedules. A summary of findings and recommendations will be provided by the Chief Audit Executive to the Chair of the Data Governance Committee, highlighting areas of concern, improvement, and success.
  6. Internal Auditing and the Data Governance Committee will communicate any areas of concern to the Data Trustees and Data Owner as appropriate.
External Audit
  1. Internal Auditing may facilitate an external audit.
  2. The Data Governance Officer, the Chief Information Security Officer (or their appointed designee), and the General Counsel and Vice President for Ethics & Compliance (or their appointed designee) may consult with Internal Auditing during an external audit.
  3. External audit results will be documented and retained in accordance with GT and USG Records Retention and Disposition schedules. A summary of findings and recommendations will be provided by the External Auditors to the Chair of the Data Governance Committee, highlighting areas of concern, improvement, and success.
  4. External Auditor and the Data Governance Committee will communicate any areas of concern to the Data Trustees and Data Owner as appropriate.

Resources

When will auditing efforts begin?
The USG expects all institutions to have a Data Governance and Management Program in place by June 2021. Internal and external auditing of this Program may begin as early as the second half of 2021.

 

Revision Date Author Description
2021-07-27 Zachary Hayes, Data Governance New