Adopting eDiscovery for Internal Investigations

  • Blog Post
  • Posted on 28 June 2018

Inhouse counsel are often the first to be called on to manage an internal investigation. How can you effectively plan for and manage these investigations? We explore how electronic discovery (eDiscovery) tools help you mitigate risk and effectively achieve your fact-finding mission.

Internal investigations may be required for any number of reasons, including a complaint from a whistleblower for suspicion of fraud or in response to a request from a regulator. The objective of any investigation is to help you with your fact-finding mission. You want to gather evidence and effectively strategise your response plan based on the findings.

The Scenario – Fraud Investigation

Your company has received allegations from a whistleblower for suspicions of fraud and corruption. You are tasked with managing the internal investigation and forming the investigation team. The local regulators have also received news of this wrongdoing and made a regulatory request for information.           The board may decide to proceed with litigation if necessary.

Investigation Steps using eDiscovery


At the beginning of the internal investigation, it is essential to act quickly and ensure that no potentially relevant data is destroyed. Scoping your next steps begins with the investigation planning.

Investigation Planning

Firstly, it is important to identify the nature of the fraud and corruption allegation and plan the investigation accordingly. The investigation will uncover any evidence of the fraud/corruption and helps the board decide on the appropriate action to take. Whether you are undertaking the investigation in-house or using a third party, such as a law firm or external provider, it is vital that a comprehensive investigation plan is put in place. At the initial stages of the planning, you want to define the issues to be resolved so that all involved parties have clarity.

For the information gathering stage, the sources of data and collection methodologies should be mapped out before the process begins. Identifying key persons and custodians involved in the allegation will help you focus on the right data sources. Important evidence could be found in emails and documents collected from laptops, phones and company servers related to these key persons.


Preliminary steps you may wish to take include:

·       Removing access to company servers and devices for the suspected wrongdoers

·       Suspension of employment

·       Alerting your IT Team to monitor for any deletion or copying of data

The essential question of who should undertake the investigation is also decided at this stage. If you decide to engage a third party provider, ensure there are no conflicts and that they are objective and independent. It is also important to establish clear reporting and escalation lines during your planning.

Evidence Collection

Your next step is to collect the evidence for the investigation. Bear in mind that if the data is located in multiple locations and jurisdictions, you may have to take into account different laws of data privacy, state secret laws, and privilege laws.  

In this investigation, there is a high risk that relevant data will be deleted or changed by the wrongdoer. As such, it may be appropriate to undertake a full forensic collection instead of a basic collection. Forensic collection meets requirements for evidence in relation to chain-of-custody and authentication. Whichever method you choose, it is important that defensible preservation and collection methods are used to ensure the evidence is acceptable in court proceedings should litigation arise.

Confidentially is a major issue when considering collection methodology, particularly when deciding who within your company will review the evidence. Finally, collection parameters and timelines must be carefully set to ensure that nothing is missed but time and resources are not unnecessarily wasted.

Using eDiscovery for Review

Your investigation may involve reviewing thousands or tens of thousands of emails and data. Today, there are tools available to assist you with this and cut down on time and costs.


Let us assume that your investigation involves 88GB of email data. Reviewing this using the traditional approach of printing (resulting in 1.2m pages) and reviewing in hard copy would pose a real challenge. You may struggle to conduct the internal investigation in time for the board to make decisions and to meet the regulator’s request deadline.

The eDiscovery method makes use of an online review platform powered with analytics tools. One of the advantages of adopting an eDiscovery approach is the ability to conduct an Early Case Assessment (ECA). ECA helps you quickly identify key documents within large datasets. This enables you to focus on critical evidence first and prioritise these for review. ECA provides you with a high-level overview of the data that has been collected and helps you remove duplicated or irrelevant information.


The below is an example of how eDiscovery significantly reduces the review data size over 14 days.


Investigation Reporting

The investigation report produced by the review will help you report to all necessary stakeholders in sufficient detail. With the findings, you can then maintain privilege and make recommendations to the board where appropriate. In the process, you may want to examine the root cause of the wrongdoing and consider any lessons learned.


With eDiscovery tools, your internal investigations can be more efficiently and accurately conducted, especially if it involves large data sizes. As companies move into the world of Big Data it is increasingly important to be aware of the investigation options available to you in order to select the most appropriate method for your company.

For advice on eDiscovery matters, please contact us.

Share this post