Wiki governance audit
To ensure that all wikis (all content wikis, chapter wikis, private wikis) across Wikimedia are governed properly and transparently, following Wikimedia-wide policies and norms.
There is no explicit authority in this process. The authority comes from policies and norms that already exist, and consensus discussions where policies do not exist already.
To participate in this audit effectively, one must be familiar with Wikimedia policies. Ideally one would be an experienced administrator on a Wikimedia project or hold global rights.
The goal is to check every Wikimedia project every year. The checks are designed to not take very long; 30 minutes would probably be too long.
The steps will be revised each year. Here is the current version:
- General instructions
- On the checklist page, indicate what has been checked (or in some cases, not checked) and the problems that are found. Any problems found do not have to be related to the checklist, but could plausibly be solved with reasonable effort.
- If you have to ask another user for help, or post on a page, indicate that you have done so and a reasonable timeframe to check back and make sure that proper action was taken.
- Sometimes proper action is not feasible (technically/politically/etc.) That is okay, but note that for next year.
- Should the wiki even exist?
- Generally, the answer is almost always yes.
- CPP summarizes valid reasons why it should not anymore. Generally, the issue would be a very small number of pages.
- Chapter or user group wikis are owned by that chapter or user group. If that group ceases to exist it is unclear what happens. If the wiki seems to be out of date or unused, it may be worth following up with the group to see if they still want to keep using it.
- Should the wiki allow global sysops?
- The cutoff is less than 10 admins or less than 3 admins making a logged action within the last 2 months. However, stewards have been reluctant to enforce the 10 admins part.
- However, local communities are allowed to override default behavior. See Global sysops/Local discussions.
- If you think that a community needs help but doesn't fall below the threshold, you are welcome to start a discussion with that community.
- Change requests should be made at SRM.
- Should the wiki adopt the global bot policy?
- The instructions are at Bot policy/Implementation. It is probably best to focus on wikis that don't have bureaucrats; wikis with lots of admins/bureaucrats that have not signed on probably have rejected the policy.
- Do the sidebar pages lead to valid destinations?
- Are they listed on Project:Village pump (Q16503)?
- Are they on Distribution list/Global message delivery?
- Are there inactive rights holders (admin/interface admin/bureaucrat/CU/OS)? 
- Any CU/OS that has no edits/logged actions in over 1 year can be removed by going straight to SRP.
- If the wiki is listed at Admin activity review/Local inactivity policies then ask a bureaucrat or admin to perform the policy and remove the inactive admins.
- If all the admins are inactive under that policy it is unclear what to do. Some requests at SRP in that situation have been successful.
- Chapter wikis and some other special wikis are exempt from the global AAR. See User:Openbk/list2 for a list.
- But it may be worth asking around (i.e. the chapter) to have admins removed who are clearly inactive, or to come up with an inactivity policy.
- If the wiki does fall under AAR: what happened in this year's run? Occasionally wikis are indeed missed for some odd reason.
- 2021 note: if AAR for this year has not happened yet then please let that process run, and focus on rights holders who have been inactive for 3 years and were missed in AAR19.
- Are speedy deletions backing up? Check on Global sysops/Speedy delete requests.
- If an administrator has edited recently, ask them to review. If not or they do not answer after 7 days, go to SRM.
- Check Special:RecentChanges - are there any obvious problems? (vandalism/spam not being addressed, runaway bots, etc.)
- Are there long-term projects related to this wiki on SRM that aren't being addressed?
- Malicious behavior
If there are no current administrators, some of the following steps can be skipped.
Typically the two most abused admin rights have to do with blocking and user rights.
- Check Special:Log/block.
- Focus on blocks of established users. On a cursory glance does this seem right to you?
- Are blocks being made that show that the admin has no idea how to do range blocks?
- Check Special:Log/rights.
- It is the general expectation of stewards nowadays that permanent adminship requires 8 support votes, and bureaucrat requires 15 support votes. +sysop/crat without any obvious discussion is troubling. (Chapter/test wikis are given an exemption from this).
- Check the user rights structure through pages like Special:Statistics or Special:ListGroupRights. Does it make sense to you?
- Check the CU and OS logs. Even if there are no permanent CU/OS holders, it is worth a check to determine if there has been misuse of rights by stewards, WMF staff, or OC. (Of course, the number of users who can actually check this is limited. There will be a separate item for this in the checklists, and we may have to close some annual rounds without this having been completed for all wikis).
- Obvious problems with content (NPOV, machine translations) should generally be referred to SWA, SRM, or RFC as appropriate.
- If there are recent RFCs or SWAs related to this wiki, they may be worth reviewing.
- Check AbuseFilter for malicious abusefilters.
- Previous examples: Requests_for_comment/Userrights_on_Hindi_Wikipedia#Comment_by_Nemo, User:Snowolf/List of wikis with weird restrictions
- This may require additional privileges if the filter is private.
When you are making notes, please just state the facts and use diffs, and try to keep personal commentary to a minimum until this is referred to another venue. Generally issues from this section need to go to discussion with that admin, then with the community, then to RFC. User:Rschen7754/Help, my wiki went rogue! may also have some suggestions.
- Check for privacy-violating scripts: Load the wiki in a browser like Chrome, Firefox, or Microsoft Edge. Open the developer console with F12, click on the Network tab, and reload the page. Are all the scripts from Wikimedia sites? (wmflabs.org is not okay, they do not have the same NDA that the production environment uses).
- If you are not an interface administrator (or GS/GEI/steward) you will need to request assistance at SRM.