The Role of Evidence in Establishing Trust in Repositories



The Role of Evidence in Establishing Trust in Repositories

http://www.dlib.org/dlib/july06/ross/07ross.html


parties involved. This can help auditors to assess the suitability of repository functions
and contractual controls.

• Job Descriptions: As these detail the duties and responsibilities of each member of the
repository staff, they give auditors evidence of the existence of capacity to deliver the
kinds and levels of service outlined in the mission statement and depositor agreements.
In addition they provide a mechanism for mapping between the organisational
objectives and the means to deliver them.

• Organisational Chart: Documents detailing the roles and responsibilities of staff and
how they interrelate offer evidence of the existence of appropriate management
structures and support validation of quality control mechanisms.

• Staff Profiles/CVs: Overviews of experience, expertise, and qualifications of staff
should be provided, as these will offer an indication of the capabilities and
backgrounds of individuals performing key tasks within the repository and assist in
giving auditors evidence as to whether the right staff mix is available.

• Annual Financial Reports: Details of income and expenditure as well as project
income and expenditure provide evidence as to the financial footing and planning of
the repository. This evidence should be considered for at least the three previous years.
For example, the historical data will enable auditors to assess how good the repository
is at predicting its future income and expenditure. This will be valuable in enabling
auditors to assess repository financial risk.

• Business Plan: This document details the financial, organisational and methodological
basis for the repository, providing a justification for its existence and a plan to ensure
its persistence. The Business Plan offers evidence of organisational approaches to
sustainability, projected developments, and plans for exploiting emerging market
opportunities.

• Risk Register: How repositories approach risk management will be a central concern
to auditors. They will wish to review any risk registers and assess the repository's
approaches to them: is the register appropriately scaled and detailed; does it indicate a
proactive or reactive approach to risk; and is it likely to help the repository manage
risk? A detailed list should indicate the risk, its likelihood, what actions are being
taken to avoid it occurring, how the repository will respond if the risk were to occur,
and what the impact of its happening would be. For example, how would the
repository approach accidental disclosure of some of its holdings?

• Policy Documents: Documents detailing the repository's policy in key areas, such as
acquisitions, preservation strategies, guidelines for selecting and ingesting digital
objects, and access and disaster recovery, provide a range of insights illustrating the
means by which the repository performs particular functions, the way it provides
specific services, the processes by which it manages its relationships with the user, and
how it responds to such extrinsic factors as legislation and regulation.

• Procedure Manuals: This class of documentation gives evidence of the procedures
carried out by the repository in such areas as methods for validating submissions,
backup, data checking, storage media change, system maintenance, and destruction of
old media.

• Workflow Models: These indicate the level of understanding and management of the
processes applied by the repository. They also give auditors an indication of pressure
points that can be tested as part of the audit visit.

• Technical Architecture: Documentation of the repository's hardware and software
infrastructure provide evidence to enable auditors to validate suitability of hardware
and software infrastructures to support effectively the functions and services aspired to
in both the mission statement and agreed in the individual depositor agreements.

• Maintenance Reports: These documents describe maintenance that has been

6 of 13


01/08/2006 17:25




More intriguing information

1. PER UNIT COSTS TO OWN AND OPERATE FARM MACHINERY
2. Why Managers Hold Shares of Their Firms: An Empirical Analysis
3. Can genetic algorithms explain experimental anomalies? An application to common property resources
4. How we might be able to understand the brain
5. Protocol for Past BP: a randomised controlled trial of different blood pressure targets for people with a history of stroke of transient ischaemic attack (TIA) in primary care
6. Towards a framework for critical citizenship education
7. Estimated Open Economy New Keynesian Phillips Curves for the G7
8. The name is absent
9. On Dictatorship, Economic Development and Stability
10. The name is absent
11. Industrial Cores and Peripheries in Brazil
12. On the Relation between Robust and Bayesian Decision Making
13. Detecting Multiple Breaks in Financial Market Volatility Dynamics
14. MICROWORLDS BASED ON LINEAR EQUATION SYSTEMS: A NEW APPROACH TO COMPLEX PROBLEM SOLVING AND EXPERIMENTAL RESULTS
15. Developments and Development Directions of Electronic Trade Platforms in US and European Agri-Food Markets: Impact on Sector Organization
16. The name is absent
17. Foreword: Special Issue on Invasive Species
18. Expectation Formation and Endogenous Fluctuations in Aggregate Demand
19. Importing Feminist Criticism
20. The Impact of Hosting a Major Sport Event on the South African Economy