Blog Post

Level-Setting Audit and Investigations Strategies Amid Ongoing Disruption – Part 2

  • LinkedIn icon
  • Twitter icon
  • Print icon

In the current environment of remote work and hybrid work environments, our digital forensics and investigations teams have seen significant disruption in the execution of remote global audits, regulatory inquiries and internal investigations. Through this work, we’ve seen that the more sophisticated an organization is in its journey toward digitalization, the more it is able to achieve savings in the time, costs and resources needed to conduct a remote investigation. I discussed this concept in detail in Part 1 of this series, which included an overview of how organizations can examine their digital sophistication.

Once an organization understands its maturity, it can begin to determine how to balance investigations and audits between remote and onsite environments. Organizations that have a high degree of digitalization will likely be successful in maintaining mostly remote investigations and audit processes—particularly in policy review, document collection and review and regular check-ins with key stakeholders—over the long term. Others may need to improve their digital maturity before completely shifting away from onsite methodologies. It’s also important to note that often, regardless of digitalization, certain scenarios will require onsite work to ensure a full, clear view of the facts.

When weighing the benefits and drawbacks of remote and onsite investigations and audits, legal and compliance teams can consider the following questions:

  • Is the investigation/audit scope clearly defined? What is the approach and what are the goals?
  • Is an on-site inspection or visit required (to plants, production areas, physical inventory storage centers, etc.)?
  • What is the situation in the location to be investigated/audited? Are there trustworthy people on site who can ensure the investigation is carried out correctly and defensibly?
  • How sophisticated is the IT team onsite? Are they equipped to facilitate a remote collection, make judgement calls about the data and maintain chain of custody?
  • Which systems, data sources and devices contain relevant information? Can these and sources containing additional background information be accessed remotely?
  • Are there specific and significant cost, time or other benefits to collecting the relevant data remotely.
  • What are the legal and regulatory requirements in the various jurisdictions involved? Would remote access and analysis or transfer of information across borders violate any laws or obligations?
  • In an audit, how can appropriateness and effectiveness tests on compliance processes be performed? Will the team be able to find and remedy control gaps remotely given the organization’s infrastructure?
  • Are custodian interviews primarily fact-focused to find out which systems and devices may be relevant (in which case a remote interview will suffice), or are investigators trying to clarify a compliance violation or suspicion of fraud (if so, an onsite interview is likely necessary)? For remote interviews, can a stable audio and video connection be established?

Every organization and every investigation or audit matter will have unique needs, and evaluating these questions will help teams determine the best strategy for combining the benefits of remote investigations with the necessary onsite processes. The key is understanding that digitalization maturity will impact the success of remote workflows and the use of advanced analytics, and therefore the evaluation criteria and KPIs must be utilized to build a blended remote and onsite framework suited to the organization. With a well thought out and established foundation, teams can then develop remote workflow strategies early on in each matter to ensure they are aligned with unique challenges and set up to access key information as quickly and defensibly as possible.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.