Audit Definition

Audit, in relation to the Information Profession, is the organizational practice of independently examining adherence to information practices, policies, and processes.

InfoBOK v1.0

Audit Key Points

  1. Audit must have independence.
  2. The goal is to spot-check adherence regularly to view adherence to information practices, policies, and processes over time.
  3. Audit results are often included in Metrics (see “Metrics”)
  4. Audit is often a department in the organization that is tasked with a much broader mission than that of adherence with regards to information.
  5. Audit is often confused with Compliance. Audit is focused on adherence to internal practices, compliance is focused on adherence to external regulation/rules.
  6. Audit and Compliance may be combined in some organizations, but both terms should be retained in their department names to avoid confusion.

Audit Overview

Audit, as it pertains to the Information Profession, is limited as compared to what Audit means across the entire business world. Audit is focused on adherence to internal practices, policies, and processes. Often Audit is confused with Compliance because of similarity in process and often staffing and role overlaps. A simple way to understand the difference between Audit and Compliance is that Audit is internal and Compliance is external.

Additional Resources

(These additional resources are provided by the community and while we make every effort to ensure only high quality resources are included, we cannot guarantee the authenticity, safety, or quality of these resources. Proceed at your own risk.)

Submit New Resource

Information Coalition Resources

Some resources are available only to Professional Members or Standard Members (free).

Contracting in the Sharing Economy: Challenges, Solutions and Trends (Shannon Harmon)


This video is available to logged in Professional Members only.
Become a Professional Member or Login.

This session will discuss contracting in a connected age the manner in which we draft agreements directly impacts our governance practices. In this session, Shannon Harmon will examine some of the current challenges, identify viable solutions and frame the session with a discussion of current trends.

Rich Lauwers – The Curse of the 90s ERPs


This video is available to logged in Professional Members only.
Become a Professional Member or Login.

You don’t have to keep the 90s alive by retaining your legacy ERPs and databases for regulatory or legal purposes. You don’t have to make PDF reports and try to fulfill your business needs with static data. You can create, retain and continue to use your structured data without SQL or source applications.

Rick Borden – Cybersecurity and Privacy Regulations Now Require Information Governance


This video is available to logged in Professional Members only.
Become a Professional Member or Login.

While information governance has been a best practice in cybersecurity, outside of the Federal government and Sarbanes-Oxley financial reporting requirements, for the most part, regulations have not required information governance. That is rapidly changing. The New York Department of Financial Services new cybersecurity regulation has intensive information governance requirements that go beyond personal information. The European Global Data Protection Regulation also has significant information governance requirements. This session will discuss some of these regulatory requirements and where regulation is going in these areas.

Patrick Laverty – I Hack People For Money: A Day In The Life Of An Information Security Professional


This video is available to logged in Professional Members only.
Become a Professional Member or Login.

I hack people for money. Companies pay me to find vulnerabilities in their infrastructure. Everyone from small businesses to top corporations hire me and the company I work for to find the ways that a malicious hacker might compromise their systems and access data. The vector may be through a web site, through their externally facing networks, or even from insider threats in their network. I can also do social engineering, using your company’s employees to give me the information I want. Let’s talk about some of the methods that I use to compromise these targets and you can take away some areas to look at in your own business.

Panel: How To Form & Enforce Information Governance Policies


This video is available to Standard or Professional Members.
Become a Standard Member for free or Login.

Join Robin Thompson as she moderates a panel on forming and enforcing Information Governance policies featuring Ron Daniels, John Jablonski, and Richard Hogg; Moderated by Robin Thompson.

How To Identify & Contract With Cloud Services Providers That You Can Trust – Dennis Garcia, Microsoft


This video is available to Standard or Professional Members.
Become a Standard Member for free or Login.

Increasingly companies are using cloud computing solutions to help reduce their costs and achieve more. However, we still continue to read about high-profile data loss incidents and data privacy laws are changing rapidly. More than ever before it’s important for companies to conduct thoughtful due diligence when selecting a cloud services provider. In this session we’ll explore some strategies for identifying and contracting with a cloud services provider.

Prepare to be Hacked: An MIT Study On Hacking Response Preparedness – Tage Rai


This video is available to Standard or Professional Members.
Become a Standard Member for free or Login.

Tage Rai, an MIT postdoctoral research associate and lecturer, led research into the psychological implications of a data breach on customer populations. His research, out of MIT’s Sloan School of Management, shows that even though the public feels bad for the individuals affected by the breach, it does not feel sympathy for companies targeted by hackers. This research throws into question everything that companies have done from messaging to communicating after they have been hacked. Nick Inglis will be interviewing Tage Rai live on stage in this interview session.

What You Need to Know About PDF – Duff Johnson, PDF Association


This video is available to logged in Professional Members only.
Become a Professional Member or Login.

PDF is a foundational technology in the modern world of digital documents. PDF documents are everywhere, in almost every corner of every industry.

This session informs attendees about the information governance-related features of PDF, including the essential attributes of the format, standardization, governmental and industry adoption, and how PDF meets characteristic IG needs and use-cases such as metadata, authenticity, privacy, security and more.

Takeaways:

  • PDF is unmatched in its ability to function as the electronic document of record.
  • PDF is accepted, growing… and there’s no alternative on the horizon.
  • PDF includes features and capabilities that bear on some of the most vexing problems affecting IG, but few know of or implement these things.

David Horrigan – Discovering Deflategate (The NFL-Tom Brady Dispute & 21st Century Data Discovery Law)


This video is available to Standard or Professional Members.
Become a Standard Member for free or Login.

When most of us tell friends and family we work in e-discovery, we often get befuddled looks. Even many of our legal colleagues think of e-discovery the way they think of ancient Egyptian hieroglyphics or the Rule Against Perpetuities—undecipherable, complex, and best avoided at all costs.

However, the digital era has made e-discovery part of everyday life, where just about any dispute or investigation can trigger a need for discovery of electronic data. Because e-discovery is everywhere, it may not be that difficult to explain—and maybe even fun and entertaining.

e-Discovery is fun? Entertaining? Easy to explain? Really?

Yes, really. Stick with us here for a moment.

To illustrate our point, let’s examine Deflategate, the high-profile dispute involving the National Football League, the NFL Players Association, a star player, and the NFL champion New England Patriots. The NFL (sort of) claims the Patriots cheated on the road to glory by deflating footballs against league rules to suit the team’s celebrity quarterback, Tom Brady, who happens to be the husband of supermodel Gisele Bundchen.

This all-star cast of characters provides some important and entertaining lessons about e-discovery.

Governance Law & Order

Governance Law & Order

Webinar Presenter: Steve Weissman

Steve Weissman helps you address the unpleasant-to-consider but necessary-to-implement enforcement of your governance policies.

If you’re reading this, then you already understand why it’s so important to have policies that govern the way your information is classified, protected, retained, and disposed of. But without the will to actually enforce those policies, you’ll likely find yourself having moved the compliance needle barely at all. Learn how to avoid this fate by tuning in to this webinar, in which Holly Group’s Steve Weissman – The Info Gov Guy – will share his perspectives and experiences regarding how and when to be Good Cop and Bad Cop.
Access The Series

Governance Law and Order: How to Approach Policy Enforcement


This video is available to Standard or Professional Members.
Become a Standard Member for free or Login.

Steve Weissman helps you address the unpleasant-to-consider but necessary-to-implement enforcement of your governance policies.

If you’re reading this, then you already understand why it’s so important to have policies that govern the way your information is classified, protected, retained, and disposed of. But without the will to actually enforce those policies, you’ll likely find yourself having moved the compliance needle barely at all. Learn how to avoid this fate by tuning in to this webinar, in which Holly Group’s Steve Weissman – The Info Gov Guy – will share his perspectives and experiences regarding how and when to be Good Cop and Bad Cop.

The Information Governance Conference 2018