publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/669172
LITIGATION AND PRACTICE SUPPORT 19 WWW.ILTANET.ORG | ILTA WHITE PAPER Auditing E-Discovery for Effectiveness and Efficiency diligence in implementing and managing e-discovery and documenting and assessing e-discovery components, including: » Goals and critical success factors » E-discovery action plans » Individual and group responsibilities and accountabilities » Policies, standards and guidelines supporting e-discovery » Practices and procedures to implement e-discovery » Service dependencies, issues reporting and problem escalation » Tools and soware effectiveness Often when people think about audits and e-discovery, they focus on the effectiveness of a particular tool or service, but this limited view does not address the range and complexity of discovery requirements. The auditors' review must include everything from the identification of stakeholder expectations concerning e-discovery down to the completion of discovery requests. This holistic view builds on individual audits that might be completed in the course of business and extends them into a more systemic view of discovery. Establishing E-Discovery Goals and Success Factors Determining if current e-discovery capabilities satisfy internal and external expectations begins with identifying stakeholder requirements. This sets the limits of acceptable performance and the risk the enterprise willingly accepts. Stakeholders may include external and internal counsel, risk management, business unit management, the CIO and various influential parties such as courts and regulators. Defining expectations and assumptions helps translate e-discovery requirements into metrics that the IS auditor can use to evaluate how well programs and plans satisfy requirements. During the audit, prior e-discovery activities can be assessed against performance requirements to determine if they are realistic, which provides a historical measure of success or failure. Action Plans Discovery in the complex environment of electronically stored information is not as simple as sending a request to the CIO with a date when the information is needed. With so many participants involved and the effort required to ensure completeness and accuracy, it is necessary that discovery processes be well-thought-out and fully documented. Similar to a disaster recovery plan, the e-discovery action plan establishes audit scope, information to be reviewed and who needs to be interviewed. The plan implements established enterprise goals and identifies: » Who leads the effort » Who is responsible for various aspects of the discovery » How activities will be managed » What tools and processes are available to support discovery activities The IS auditor reviews the plan to ensure it is current, comprehensive and complete, and identifies what testing will be required to demonstrate that the plan is implemented effectively.