A whistleblower calls and alleges the company is engaged in bribery in a foreign country. Or maybe there’s a conflict of interest, a complaint of sexual harassment, or indicia of fraudulent behavior or corruption. Whatever the reason, there’s a violation of law or policy that stops you in your tracks: it’s time to call in the internal audit team.
Reports like these are more common today than at any other point in our history. Ethics and compliance company NAVEX Global recently observed that the volume of reports is higher than it has ever been—1.4 reports per 100 employees—and more of those reports are being substantiated than ever before.
But, for most organizations, audit today is incredibly challenging and complex. With fewer hard-copy documents and data stored on myriad devices in far-flung locations—some of which are under employee rather than business control—investigating potential wrongdoing is more daunting than ever. And that’s before you consider the fact that you have to keep investigations confidential while avoiding a disruption to the organization’s ability to do business.
Fortunately, there are tools and techniques that can help audit teams study their organization’s data and get to the truth much more quickly than ever before. And those tools and techniques stem from eDiscovery, because internal reviews bear a striking similarity to document preservation, collection, and review.
Here are some of the ways that adopting eDiscovery technology and workflows can facilitate internal compliance audits.
Defining the target
The first step is to identify potential custodians and data sources. A team of IT, legal, and discovery specialists can collaborate to map out the path that data takes through the organization. Is it stored on hard drives, on backup tapes, in the cloud, on mobile devices, or in a combination of these? The team can formulate a data map and set a plan to ensure that data from all potential sources is identified and preserved. IT can also monitor for any illicit data copying and/or deletion.
Narrowing the search
The audit team should collaborate with eDiscovery lawyers and specialists who can help them narrow the scope of the search with recommended search protocols and keywords. Legal can also weigh in on the appropriate technology that can expedite the search. For example, using an early case assessment tool can identify the most important documents in a large data set. With analytics tools such as concept clustering, email threading, and even technology-assisted review, it can be easier to prioritize the documents you need to see first to help you develop a strategic response and cull irrelevant information.
Establishing a chain of custody
Legal, IT, and eDiscovery specialists should collaborate to determine the best ways to preserve and collect data so it can be authenticated and its chain of custody verified, should the matter proceed outside the organization. An outside eDiscovery specialist can play a significant role in eliminating the appearance of bias in collection and review, ensuring that forensic data collection techniques are used, and reducing the risk of spoliation. A specialist can also recommend the most efficient and cost-effective platforms for ingesting, processing, and reviewing data.
eDiscovery and internal investigations go hand in hand
Internal audit and eDiscovery are, essentially, flip sides of the same coin: audit tends to be a more proactive search for problems before they surface, while eDiscovery is often a response to regulatory investigations or litigation. In both scenarios, iDiscover is ready to jump in with a plan for forensic tools to help audit and compliance teams achieve their goals. Contact us to learn more about our auditing capability.