In continuation of our discussions on how to maintain independence of the “Independent Data Auditors” in a DPDPA compliance scenario, we discussed the need for share holders to approve the appointment so that the auditor does not feel obligated to the management which makes the payments.
One other best practice criteria which Naavi would like to suggest is that no Data Auditor should continue to audit the same company for more than 3 consecutive years. This is also consistent with the norms adopted by the statutory financial auditors.
This will be currently suggested for the empanelled auditors of AIDAI as part of the self regulation of the auditors as an ethical conduct.
FDPPI in its mechanism for regulating the Certification partners who conduct their audits would include this as a requirement so that auditors who donot adhere to this norm may lose the accreditation status.
Currently we shall try to include this in the Code of Conduct for AIDAI empanelled Auditors and try to implement it.
Naavi
