The Data Assurance Group has established a toolkit to help members of the University assess the risk associated with the completion of data returns and set out a coherent process for doing so. The process is outlined in the detailed guidance on Data Risk Management and Assessment (39kb).
For each return (which may be annual or at another frequency, which may be several years), a risk register and accompanying risk assessment should be completed at the start of compilation (normally at the point at which formal guidance has been issued and before embarking on compiling the return) and presented to the Data Assurance Group for review at its next (termly) meeting.
For those returns presenting as high net risk (defined in the toolkit), or where the commissioning body requires the Vice-Chancellor to sign off the submission, a review should also be completed prior to submission. Good practice would be to conduct a review even when not falling under these criteria to ensure that learning from one submission is available for the next occasion, although there is no requirement to submit this to DAG unless there has been a major change during the compilation process or a reportable event.
Templates for assessing data risk are the available as follows:
- Data Returns Risk Register
- Data Returns Risk Assessment
- Template for sign off briefing
Please request templates or submit completed risk registers and risk assessments through the DAG resource account: dataassurancegroup@admin.ox.ac.uk .
