Back to all activities

Staff Feedback Survey

Summary

Providing a space for anonymous, guided feedback is valuable to gather information about how your audit work and the SAFETAG framework itself are supporting organizational understanding of risk and their ability to adapt. This long-term capacity building is critical to the SAFETAG framework, so finding ways to measure the impact of an audit towards these goals is important.

Considerations

    • Provide this survey in a method that respects the client's need for privacy, security, and anonymity.

Walkthrough

    This exercise provides a simple survey you can implement in a variety of settings (Google Forms, SurveyMonkey, via plain documents, etc.).

    Sample Survey Questions

    1. Before the audit:
    Completely False False I don't know True Completely True
    I understood the risks my organization faces [ ] [ ] [ ] [ ] [ ]
    I understood the risks that I personally face. [ ] [ ] [ ] [ ] [ ]
    I understood the risks that my organization's beneficiaries face. [ ] [ ] [ ] [ ] [ ]
    The auditor understood the risks my organization faces. [ ] [ ] [ ] [ ] [ ]
    The auditor understood the risks that I personally face. [ ] [ ] [ ] [ ] [ ]
    The auditor understood the risks that my organization's beneficiaries face. [ ] [ ] [ ] [ ] [ ]
    1. After the audit:
    Completely False False I don't know True Completely True
    I understood the risks my organization faces [ ] [ ] [ ] [ ] [ ]
    I understood the risks that I personally face. [ ] [ ] [ ] [ ] [ ]
    I understood the risks that my organization's beneficiaries face. [ ] [ ] [ ] [ ] [ ]
    The auditor understood the risks my organization faces. [ ] [ ] [ ] [ ] [ ]
    The auditor understood the risks that I personally face. [ ] [ ] [ ] [ ] [ ]
    The auditor understood the risks that my organization's beneficiaries face. [ ] [ ] [ ] [ ] [ ]
    1. Do you feel the audit took a reasonable amount of time?
    2. I would have been willing to spend more time in the audit.
    3. We did not spend enough time on the audit.
    4. The audit took more time than it should have.
    5. The audit took the right amount of time.
    6. I don't know.
    7. Do you have any immediate behavioral changes you intend to make because of the audit?
    8. Yes
    9. No
    10. Did the auditor provide you everything you need to start addressing your digital security?
    11. Yes
    12. No
    13. I don't know.
    14. Did any training that you received specifically address the risks identified during the audit?
    15. Yes
    16. No
    17. I don't know.
    18. Did the recommendations made by the auditor directly address the digital security needs you identified during the audit?
    19. Yes
    20. No
    21. I don't know
    22. Did the recommendations made by the auditor address the digital security needs of your organization?
    23. Yes
    24. No
    25. I don't know
    26. The recommendations from the audit...
    27. Were implemented before we received the report.
    28. Will be easy to implement.
    29. Will be only slightly difficult to implement.
    30. Will hard to implement.
    31. Will be impossible to implement.
    32. The biggest barrier you see to implementing the auditor's recommendations is....
    33. Lack of money
    34. Lack of time
    35. Lack of interest
    36. Lack of technical expertise
    37. They are too difficult to implement