Compliance Reviews and Internal Audits
The Need for Proactive Compliance Reviews
An Altegrity Company
Internal fraud is on the rise globally, many companies are not prepared for the UK Bribery Act and
there is an ever-present risk of anti-competitive behaviour. That combined with increasingly
aggressive enforcement activity by regulators makes it essential for companies to focus on staying
out of trouble. Given the impact on business, severe penalties and reputational damage associated
with corporate wrongdoing such as cartel behaviour, bribery or fraud, companies need to take
proactive steps to detect unlawful behaviour ahead of a knock on the door from the authorities.
In line with guidance from the authorities such as the European Commission and Serious Fraud
Office, companies are now also reviewing their electronic communications and information as part
of their internal compliance monitoring and audit processes to ensure compliance with regulations
and to uncover wrongdoing.1
Electronically stored information (ESI) such as email is a source of evidence targeted by regulators.
Companies are now reviewing electronically stored information as part of internal monitoring
and audits to ensure that they are compliant with regulations. Companies that carry out internal
reviews of their ESI to detect wrongdoing such as corrupt practices and anti-competitive behaviour
will be better-placed to defend themselves.
General Features of Compliance Reviews
When Compliance Reviews are Needed
» A company acting on suspicion of wrongdoing needs to
Kroll Ontrack’s electronic disclosure services and online
review tools have been used to support internal audits and
compliance reviews triggered by circumstances such as:
carry out an internal investigation and review of evidence
as a matter of due diligence. The investigation is not
necessarily “live” and there may be no immediate
pressure from regulators or law enforcement authorities.
» Emails and ESI for a select group of individuals needs to
be reviewed to check for non-compliance with company
policies, laws or regulations.
» The review team is usually small and may include internal
and / or external reviewers.
» The volumes of data to be reviewed initially are not
usually large.
Benefits of Kroll Ontrack’s Compliance
Review Service
» Access to state of the art searching and early case
assessment technology will allow you to analyse your
data rapidly, assess the extent of any potential exposure
to legal action and the need for remedial action.
» A hosted service allows you and your compliance team to
access data online at any time and collaborate, without the
need to acquire and manage software.
» A highly cost effective service, which helps you to predict and
control the technology costs associated with an internal
review and reduce the overall cost of reviewing documents.
» Working with Kroll Ontrack you will have access to expert
knowledge and experienced consultants to help you
design and implement a compliance review and internal
investigation suited to your purpose.
Internal audit into anti-competitive behaviour
Following an alert from an internal whistleblower about alleged
price-fixing a company may need an internal audit of its
business practices to ensure competition laws are being
complied with. This might involve a live internal investigation
into the specific allegations made and also carrying out
proactive periodic checks as part of the company’s ongoing
compliance. Email and other ESI created by select groups of
individuals can be interrogated and reviewed in an online
review tool by the company’s internal legal department.
Post-merger due diligence audit
In the post-merger integration phase, a company may
detect business practices in the newly acquired entity such
as suspected corrupt payments. To ensure adherence with
company ethics and policies, a company may need to carry
out an internal audit of business practices and key
transactions in affected departments and more generally.
A review and analysis of the email and other ESI created
by targeted individuals by the company’s lawyers would
be an integral part of such a programme. This would
provide a factual basis from which to investigate and assess
the extent of any wrongdoing, potential exposure to legal
action and the need for remedial action.
1
See Compliance Matters, published by the European
Commission in November 2011 and the Guidance on
Adequate Procedures for Preventing Bribery issued by
the Ministry of Justice in March 2011.
Internal audit of business practices following
a regulatory investigation
Following an investigation by competition authorities into
a cartel resulting in heavy fines being issued, a company may
need to carry out further internal audits into other business
practices in other markets or related product lines. A costeffective way of carrying out such a review would be to
employ a small team of external lawyers to check the
emails and other electronic documents stored by a select
group of individuals to check for further instances of the
anti- competitive behaviour.
Internal audits to check on fraud and theft
From time to time companies may need to carry out internal
investigations into suspected fraud or theft from the
company involving employees. Those companies who face
a higher risk such as companies expanding into new
territories may carry out routine proactive checks on high risk
business practices, transactions or departments to ensure
that it is not being affected by theft and fraud. This will
usually involve reviewing the mailboxes of key individuals.
Investigation into suspected bribery
A company under suspicion of having paid bribes to foreign
officials will need to assess rapidly what its exposure is to
the allegations. Using an early case assessment tool like
Ontrack® Advanceview™, makes it possible to interrogate
emails for key individuals, review large volumes of
documents rapidly and quickly assess whether a problem
exists, who is involved and whether it is necessary to
self-report to the authorities.
Ontrack® Advanceview™, displays e-mail messages and
documents in a series of charts and graphs to see who is
communicating with whom, when the communication occurred,
and what subjects were discussed.
How Kroll Ontrack Can Help with Compliance Reviews
Your Challenge
Our Solution
Designing compliance checking procedures and reviews to underpin and
complement compliance programmes. This will include extracting ESI samples
such as email accounts from company systems for interrogation and review,
focussing on high risk individuals or departments. Routine checks can also be
carried out across other departments. The selection of data sources and data
custodians is likely to be aided by the drawing up of a data map for the company.
Kroll Ontrack’s Computer Forensic experts are available to help companies
navigate their IT infrastructures and data stores and assist with data mapping
and selection.
The collection of data sources in a way that withstands regulatory scrutiny.
Kroll Ontrack’s Computer Forensic experts can collect data globally and in a
forensically sound manner when the neutrality or expertise of an external
expert is required.
Forensic investigation of digital evidence may be required at an early stage to
uncover suspected wrongdoing.
Kroll Ontrack’s Computer Forensic Investigation service can extract and analyse
digital evidence, and provide expert reports on what it shows. Our experts
employ the correct evidence handling techniques to carefully and accurately
preserve and extract critical evidence and investigative experience to provide
expert opinions on computer-related evidence.
Data samples can be filtered using sophisticated technology to remove
duplicates and where appropriate keyword searches can be run to identify key
documents or exclude irrelevant data.
Kroll Ontrack’s sophisticated data processing technology can be relied on to
process and filter data rapidly and reliably and in a highly secure facility.
A collaborative document review tool can be used by lawyers and paralegals
(both internal and external) to search across documents, review them
and collaborate about their content. Large volumes of documents need to
be reviewed comprehensively and rapidly to detect whether or not there
has been any wrongdoing.
Kroll Ontrack’s early case assessment tool, Ontrack® Advanceview™,
has strong searching, investigative and review capabilities including:
• fast searching and document review speeds
• c oncept searching which broadens searches to include synonyms and
variants of words and helps find key documents quickly
• d ata analytics which provides a visual overview of who has been
communicating with whom, when and about what, making it easy to hone in
on key lines of communication
• d ata dictionaries to list all words used in the data set exposing hot topics
and topic grouping which groups similar documents together, helping
prioritise documents for review
Skilled project managers are required to assist with the successful
management of compliance review projects.
Kroll Ontrack’s ESI Consultants, Legal Consultants, Electronic Evidence
Consultants, Computer Forensic Experts and Project Managers are able to
assist with in project scoping, data selection and processing options and
review workflows to support compliance reviews and the investigative process.
An Altegrity Company
Kroll Ontrack
Nexus, 25 Farringdon Street
London EC4A 4AB
+44 (0)20 7549 9600
[email protected]
www.krollontrack.co.uk
© 2012
An Altegrity Company