DRAMBORA: Objectives

From when we first open our eyes in the morning until when we close them at night we are all in the risk identification, mitigation and treatment business. Needless to say therefore, the ability to adequately deal with risk is an integral part of any successful business. Principles of risk management are implicit within every business decision, reflecting and influencing objectives and practically realised in business activities and assets. They assume an even more profound level of importance when dealing with digital information, such is the intrinsic uncertainty that characterises the digital domain. Repositories face a multitude of technological, organisational and methodological challenges within their activities, which if considered as treatable or avoidable risks can be more feasibly addressed and subsequently overcome.

The purpose of the DRAMBORA toolkit is to facilitate the auditor in:

• Defining the mandate and scope of functions of the repository
• Identifying the activities and assets of the repository
• Identifying the risks and vulnerabilities associated with the mandate, activities and assets
• Assessing and calculating the risks
• Defining risk management measures
• Reporting on the self-audit

DRAMBORA is designed to help and guide the auditor along a similar route of analysis to that which an external auditor would use to examine and analyse the work of the repository. Its design is based on the experiences of the DCC audits of digital repositories conducted in 2006. In order to make the self-audit process as easy as possible for the auditor the second release of the self-audit toolkit will be as an interactive web-based tool with semi-automated workflow mechanisms, options for pre-filled fields, and guidance materials in the form of examples, suggestions and comparisons.

At least three possible applications have already been identified for DRAMBORA. The first is validatory, whereby the tool can be effectively used to retrospectively assess the effectiveness of established repository infrastructures in order to plan for their ongoing improvement. The second is preparatory, where it is anticipated that the DRAMBORA process, with its emphases on aggregation and creation of documentation and risk assessment will prepare an organisation to welcome external auditors within its environment. The final possible application is anticipatory, where plans for the development of repositories or repository functionality may be exposed to the DRAMBORA methodology to identify potential shortcomings or gaps.