About Audit Management

A great way to start a data investigation in your organization is to develop and execute a plan to identify and validate potentially relevant ESI sources, including key players, data custodians, and data relevant to a matter. Once this is completed, IT supplies your team with access to data locations through IPRO Search.

About Audits

Then it is time to start working with audits. The first thing to do in IPRO Search is for the audit manager to create an audit, which is defined as a container that holds all the information needed for conducting a data investigation. For each investigation you handle, you must create one audit in IPRO Search, on which you can then perform multiple searches. For example, you can conduct separate searches by date, time, and location. Each audit you create can be assigned to a auditor or reviewer.

Within an audit, you must also define the scope, data locations, people of interest, reviewers, and tags. Once this is completed, you will have performed an initial high-level search at this stage of your investigation.

Once you have created a new audit or opened an existing one, you can edit it at any time. This is useful for editing the audit information or applying the Closed status to audits. You are never locked in with the original categorizations. You can edit the locations and people of interest included in the audit, grant and revoke reviewer access, and add/remove tags.

About Locations

A location is defined as the archive store(s) in which the data you want to search resides. IPRO Search can access data in these locations:

• Windows File Sharing (WFS)
• Email archives
• Egnyte
• Box
• Microsoft SharePoint (online and on-premise)
• Microsoft OneDrive
• Citrix FileShare

Once you have determined the data locations relevant for your audit and organization, IPRO Search connects to them and maintains an up-to-date index of the information contained in them.

About People of Interest and Documents

Typically, you will search for people of interest and documents in data locations. The audit manager selects the people of interest to investigate in each location using IPRO Search.

About Auditors and Reviewers

Auditors and reviewers are the individuals in your team assigned to handle an audit. The auditor's task is to perform an initial high-level search by carefully and thoroughly working through the locations you designated and investigating the key players (people of interest) and documents in the audit.

As the auditors encounters items they deem important to the audit, they tag them for an in-depth look later on.

The number of auditors assigned to an audit varies according to the size and complexity of an audit. Since you narrow down the data set before beginning the process-review-analysis stages, fewer auditors are required and the amount of data to sift through is significantly less. However, if needed, audit managers can assign the results of their search to a reviewer to analyze. The audit reviewer is limited to the results of a search conducted by an audit manager or auditor.

The audit manager's task is to choose and assign auditors and reviewers to audits. As a best practice, you should assign one auditor per audit. For example, if you divide an investigation into three separate audits, you can assign one auditor to each audit.

About Tags

Tags are used for classifying documents into several broad categories. There are two tags predefined in IPRO Search:

• Mark as Reviewed: Indicates results that have been reviewed by an auditor that may or may not contain information directly related to the audit. When a Reviewer opens an item, it is automatically marked "Reviewed."
• Mark as Unreviewed: Indicates results that have not yet been reviewed. A result can be marked "Unreviewed" only if it has previously been marked "Reviewed."

For simple audits, the default tags should be sufficient. Complex audits or ones with unique circumstances will require the audit manager to create custom tags. For optimum efficiency, make sure to clearly define how each tag should to be used and communicate it to your team.