publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/669172
LITIGATION AND PRACTICE SUPPORT 18 WWW.ILTANET.ORG | ILTA WHITE PAPER Auditing E-Discovery for Effectiveness and Efficiency The auditor should have explored what software and tools are available but not used as part of the current e-discovery action plan implementation. perspective of auditors along with their reporting responsibility make them an invaluable tool for executives and boards in the risk management and control structure of the enterprise. Risk management and control have three lines of defense: Business units own and manage risk within their functional areas of responsibility. Operational managers are responsible for understanding and mitigating risk within their area of control. IT management forms the first line of defense for e-discovery. Leaders at the enterprise level have a wider area of responsibility in terms of risk management, compliance and control. The chief counsel and the chief compliance officer would be part of the second line of defense for e-discovery. Auditors have a wide charge. They have enterprise-wide responsibility for: » Supporting operational effectiveness and efficiency » Protection of assets » Integrity of reporting processes » Compliance with regulations, laws, contractual terms, policies and procedures Auditors, especially those with the Certified Information Systems Auditor (CISA) certification, can best address the complexity of e-discovery. The CISA-certified auditor understands the governance and risk management aspects of dealing with information and has the technical and business expertise to assess the e-discovery capabilities of the enterprise. The E-Discovery Audit The procedures that information systems (IS) auditors perform provide assurance that the risk associated with e-discovery is appropriately managed. This assurance benefits not only those with governance responsibility but also line managers accountable for implementing and managing e-discovery activities. If the e-discovery audit is properly scoped, the IS auditor's work will demonstrate due 1 2 3