ELECTRONIC EVIDENCE
Corporate Governance & Data Storage is Simply Not Enough
Andrew Szczech, Electronic Evidence Consultant, Kroll Ontrack
Never before have the pressures been greater on organisations to demonstrate sound corporate governance policy and practice. It is not difficult to understand why investors are increasingly sceptical of the trustworthiness and honesty of corporate accountancy policy. International organisations must now implement policies that will not only ensure they comply with regulatory matters but give greater confidence to those within their markets.
IT Systems
Central to the issues of effective control and sound governance practice is the use, protection and distribution of data within an organisation. Corporate governance and Information Technology (IT) are inexorably linked at almost all business stages, primarily due to the increasing use and reliance on tools that create electronic documentation or communications. Lawyers now require a better knowledge of their client’s IT systems from both the legal and IT teams in order to better understand the policies in place and the implications of these for compliance matters.
The ability of an organisation to exercise appropriate control over its IT system is fundamentally related to its ability to demonstrate compliance through any of its other governance procedures and policies. If one is to analyse the actions of an individual or group in relation to their conduct within the organisation for a particular matter, corporate data must form an integral part of the review. Leaving out electronically created documents or communications will ensure a less than thorough analysis is completed, potentially jeopardising the validity of part, if not the whole, of an investigation or case.
Increasingly, problems associated with poor data storage policy or practices are arising, causing serious compliance issues for organisations across the world. This point is clearly illustrated by the recent Morgan Stanley case where the company paid out $10million in a SEC settlement. Corporate clients need to be better aware of the risks involved with their electronically created documents if they are to attempt to comply with the growing number of regulations.
Regulations
Traditionally, organisations were faced with major risks from incidents that were often purely physical, such as fires or floods. In today's world, the changing face of business means that corporate risks are now often non-physical and can affect them on a global basis. These new risks, including legal regulations such as Sarbanes-Oxley and Basel II, are changing the way in which organisations view and manage their business processes.
With the growth and variety of regulatory directives, data retention and retrieval policies within corporations are under increased scrutiny. The disclosure of electronic and paper documents, and the ability to effectively retrieve and review them, is now a legal requirement in a wide variety of matters across a multitude of jurisdictions. Even where there is no strict statutory obligation, well structured IT governance practices are greatly assisting organisations with massive volumes of stored electronic data.
Corporate Governance
It is inevitable that in a corporate environment, despite the best efforts of management policies and the tools that technology can provide, a certain quantity of inappropriate material will be found if an audit is carried out. This often comes as a surprise to senior management and IT staff but, in practice, the best efforts to regulate a workforce's use of a complex system will be less than totally effective. Given that malpractice may be found, enforcement must be effective and fair. If the policies that exist within an organisation are not adequately enforced, or are enforced inconsistently, future enforcement attempts may be severely compromised. This could potentially prompt the wrongdoer to cite discrimination, if differences in enforcement practices are adopted between different departments. In highly litigious cultures, this is a particularly important consideration.
It is not surprising that organisations are investing heavily in order to comply with the growing number of regulatory and compliance matters which involve their IT systems. If incidents like the Enron case continue to appear in the news, corporations will need to continue to invest time and money into developing and then maintaining effective policies and procedures relating to the management of their electronic data. After all, the data held by an organisation in many respects defines that organisation, and credible compliance requires well organised, enforced IT governance strategies and responses.
 |
 |
Electronic Disclosure |
 |
 |
Computer Forensics |
|
 |
Courtroom Services |
Learn how to efficiently manage large volumes of electronic information and quickly find evidence.
Electronic Disclosure Services |
Learn how to find hidden or hard-to-find data, recreate past computer-related conduct, or access data that you think is forever lost.
Computer Forensics Services |
Learn how Kroll Ontrack can help you present evidence throughout the legal process.
Courtroom Services |
| |
|
|
Printable Version