Leveraging eDiscovery Technology for Internal Audit

Leveraging eDiscovery

Technology for Internal

Audit

2016 Houston IIA 7th Annual

Conference

April 11, 2016

kpmg.com

1 © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member

firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 540226

1. Survey said…

2. Leveraging eDiscovery technology to audit risk

a. IP threat assessment

b. PII management

c. Incident response

3. Questions?

Agenda

Seeking Value Through

Internal Audit

2016 KPMG/Forbes Survey



What makes Internal Audit

worthwhile?

What does Internal Audit need

in order to be successful?

KPMG/Forbes Survey Internal Audit through the lens of the stakeholder



KPMG/Forbes Survey Internal Audit insights



KPMG/Forbes Survey Internal Audit effectiveness



KPMG/Forbes Survey Internal Audit utilization



KPMG/Forbes Survey Internal Audit skill requirements

The Top 5 skills needed for IA professionals

Source: The future of Internal Audit through the lens of stakeholder needs, KPMG International, 2016



KPMG/Forbes Survey Enterprise use of data and analytics



KPMG/Forbes Survey Internal Audit through the lens of the stakeholder

IP Threat

Assessment

PII

Management

Incident

Response

IP Threat Assessment



IP Threat Assessment Protecting enterprise value

• Unstructured data (e.g., email, network shares, SharePoint, individual assets)

• Legacy systems

• Data migrations (e.g., Office 365)

Identify at-risk data sources

• In-place or collect to search

• Conceptual analysis to identify target data

Index and search

• Sampling and statistical analysis

• Leverage predictive coding to accelerate review

Evaluate results

• Defensible deletion

• Segregate and archive

• Move to secure repository

Disposition data




Identify IP Threats

• Review IP protection policies

• Interview business to identify types of IP

• Interview IT to understand data sources containing IP

Select IP Audit Target

• High risk repositories

• High value IP

Catalog IP Management

Characteristics

• Review data storage and backup protocols

• Determine user access controls

• Understand data movement inside and out

Assess Against Controls

• Retention and backup

• Access rights management

• Security and encryption in transit

PII Management



PII Management Protecting individual privacy

• Unstructured data (e.g., email, network shares, SharePoint, individual assets)

• Legacy systems

• Data migrations (e.g., Office 365)

Identify at-risk data sources

• In-place or collect to search

• Mask-based searching (e.g., XXX-XX-XXXX)

Index and search

• Sampling and statistical analysis

• Leverage predictive coding to accelerate review

Evaluate results

• Defensible deletion

• Segregate and archive

• Move to secure repository

Disposition data




Identify PII Risks

• Review PII protection policies

• Interview business to identify types of PII

• Interview IT to understand data sources containing PII

Select PII Audit Target

• High risk repositories

• High value IP

Catalog PII Management

Characteristics

• Review data storage and backup protocols

• Determine user access controls

• Understand data movement inside and out

Assess Against Controls

• Retention and backup

• Access rights management

• Security and encryption in transit

Incident Response



Incident Response Protecting enterprise reputation and resources

Incident Response Scenarios

Data breach

Natural and man-made disasters

Large-scale litigation

Regulatory investigation




Compliant • Managed by legal department

• Reflects leading practices

• Demonstrates good faith

Defensible • Documented procedures

• Consistent implementation

• Documented execution

Reasonable • Reflects litigation profile

• Balances cost and burden

• Good faith rather than perfection

Questions?

Priya Keshav, Managing Director

Dennis Kiker, Director

www.kpmg.com

KPMG Forensic is service of KPMG International.

This proposal is in all respects subject to the negotiation, agreement, and signing of a specific

engagement letter or contract.

This proposal is made by KPMG AG, a Swiss corporation and subsidiary of KPMG Holding

AG/SA, which is a subsidiary of KPMG Europe LLP and a member of the KPMG network of

independent firms affiliated with KPMG International Cooperative (“KPMG International”), a

Swiss legal entity. KPMG Europe LLP and KPMG International provide no client services. No

KPMG Europe LLP subsidiary or other member firm has any authority to obligate or bind KPMG

Europe LLP, KPMG International or any other member firm vis-à-vis third parties, nor does

KPMG Europe LLP or KPMG International have any such authority to obligate or bind any

subsidiary or member firm.

© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the

KPMG network of independent member firms affiliated with KPMG International Cooperative

(“KPMG International”), a Swiss entity. All rights reserved. NDPPS 540226

The KPMG name and logo are registered trademarks or trademarks of KPMG International.

http://www.youtube.com/user/KPMGMediaChannel

http://www.linkedin.com/company/kpmg-us

http://twitter.com/kpmg_us

https://www.facebook.com/KPMGUS

https://plus.google.com/106458718593123764181/posts#106458718593123764181/posts

Leveraging eDiscovery Technology for Internal Audit

Documents

Transcript of Leveraging eDiscovery Technology for Internal Audit