publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/669172
LITIGATION AND PRACTICE SUPPORT 20 WWW.ILTANET.ORG | ILTA WHITE PAPER Auditing E-Discovery for Effectiveness and Efficiency Responsibilities and Accountabilities The CIO and staff hold primary responsibility and accountability for e-discovery. These custodians of data and systems are expected to know about the storage, use and retrieval of information assets available within the enterprise; but, in the modern IS environment, data are everywhere, and ownership responsibility can be outside the purview of the IT department. With the proliferation of cloud and mobile computing and the bring-your-own-device movement, the IT department might not know exactly what information the enterprise has or where it is stored. Even if they know, they might not be able to access information on personally owned devices or in the cloud under a "Shadow IT" scenario. During the audit, prior e-discovery activities can be assessed against performance requirements to determine if they are realistic, which provides a historical measure of success or failure. This creates a situation where actual responsibility and accountability for e-discovery must be more widely assigned. This can be documented in a simple responsible, accountable, consulted, informed (RACI) chart but may need to be expanded as situations change. The IT auditor reviews the RACI chart to verify the identification and assignment of responsibilities, including the consultation of proper authorities and who will be updated as e-discovery progresses. Policies To Support and Practices To Implement Policies and standards establish how e-discovery activities will be performed. These include court rules, accepted professional standards and internal policy. Guidelines set boundaries for action; they provide a structure for performance while allowing those responsible to use their best judgment. Practices and procedures implement policies and standards. The IS auditor evaluates how effectively the e-discovery action plan implements policy and standards, assesses the completeness of practices and procedure documentation and reviews past performance against these guides to determine the level of compliance. Service Dependencies, Issues, Reporting and Escalation When e-discovery activities require aention greater than IT or other internal departments can provide, enterprises enter into service agreements with law firms or other discovery service organizations to assist. Enterprises might also contract access to needed soware