A more reasonable approach to internal investigations

Legal project management in the age of digital transformation

By Dr. Michael Holzhäuser and Dr. Nicolas Nohlen

Download article as PDF

Internal investigations – a legal and organizational challenge

Internal investigations that seek to expose misconduct within a company, as well as the consequences of that misconduct, are currently pervasive. They often – in the case of the emis-sions scandal, for example – affect whole economic sectors. These investigations are often conducted for legal reasons, as directors of German companies are obligated to probe into evidence of wrongdoing within their businesses.
Internal investigations can be very ­expensive and time-consuming. They often require an enormous amount of resources and immense budgets, regardless of their potential outcome. The exact scale of the demand on resources and funds is difficult to foresee at the start, leaving businesses with significant ­challenges.
Furthermore, the precise steps necessary to prepare and execute an internal investigation (especially of a transnational nature) come with a range of legal, organizational and practical problems. The relevant legal framework, codetermined by labor and data-protection guidelines, often makes the process complex enough in its own right. Regulatory and corporate govern-ance issues often add to this complexity, regardless of the subject matter of the individual investigation.
All these conventional problems with ­internal investigation processes have been further exac-erbated by cross-sector digital transformation within companies.
In light of this, a specialized, efficient and reasonable approach in line with the relevant legal framework is essential. If a company has not invested heavily in the development of its own resources in this respect, it is advisable to consult with multiple external experts who can sup-port the company in the execution of complex internal investigations. We recommend to adopt a modular approach that puts control in the hands of a small, specialized team of lawyers and employs services specialized in document review and preservation of evidence (for example, IT forensic techniques or legal tech).
Where a small team of highly qualified legal analysts and alternative providers deliver work that can be standardized, efficiency can only be significantly improved and costs substantially reduced if the coordinating law firm (ideally along with the other firms involved) uses decisive and experienced project managers to continuously control and adapt the investigative process when necessary. In the era of big data, where the collection and processing of information carries an excessively high price tag, efficient collaboration between different expert teams in a modular approach seems all the more advantageous. Most importantly, together with the company, the coordi-nating law firm should produce a project plan, coordinate the investigation and ensure that the relevant legal framework is observed accurately. This requires considerably greater planning costs for law firms than the traditional model of project management. However, since pro-cessing information through document review is often the most intensive part of an investiga-tion in terms of cost, time and resources in the age of digital transformation, the efficiency gained by involving cheaper, more specialized providers considerably outweighs the increased planning and coordination costs to the firm as part of project management.

Data analysis in the age of digital ­transformation

When processing information in the course of an internal investigation, one of the most vital facets – apart from interviewing employees – is the analysis of internal company data (docu-ment review).

Legal and organizational challenges of a document review

In planning document reviews, a suitable team of experienced analysts should be assembled, and the management board of the company should be consulted early in the process. The IT infrastructure and internal company rules should be examined and, if necessary, adapted. Data-protection experts should be integrated to ensure data security. When contracting with provid-ers of forensic software and services, it is necessary to ascertain whether the provisions can be fashioned into data handling contracts, and it is important to make sure the contractual offers made by the vendor comply with legislative requirements.
Data collection, review and analysis present particular organizational challenges. Prior to digital transformation, processing data through document review was successful largely depending on whether or not the reviewers had access to a enough physical resources. Today, more than 80% of searchable information in a company’s “big data” is unstructured and in multiple digital formats as a result of progressive digitalization. It comes from many sources (servers and ex-ternal hard drives, for example) and is saved in various places worldwide. Consequently, the data cannot be efficiently viewed and analyzed using traditional methods. Moreover, as the term “big data” indicates, the amount of available and searchable information will only continue to increase, making document review even more cumbersome and complex.

Big data and document review – is artificial intelligence doing the trick?

Today, the review of unstructured data in large volumes for the preemptive discovery of breaches of the law is predominantly carried out through electronic forensic data analysis (“electronic discovery” or “e-discovery”). Using e-discovery software, even very large and complex volumes of data – such as emails and digital files, but also audio recordings of conver-sations – can be combed through with the help of a keyword search created specifically for the purposes of an investigation.
Even investigations by authorities (known as “dawn raids”) are primarily carried out using e-discovery today. The authorities first request access to all the company’s servers, demand the surrender of digital storage media and, if applicable, request access to any cloud infrastructure. These can accurately be referred to as “e-raids”.
However, the e-discovery process is very complex. It encompasses many different participants, interests and legal problems, and there is no universal procedural standard.
In practice, however, the following basic steps have proved useful:
The company’s IT system should be analyzed to ascertain which data belongs to those under investigation (custodians), where and in which formats the information is saved, and how the sources can be accessed (data mapping). While saving the information, arrangements should be made to ensure the data cannot be deleted, manipulated or reconstructed. To preserve digital evidence, it is crucial to extensively document the actions being performed.
To ensure the review is timeefficient and costeffective, the volume of data must be appropri-ately reduced. For this purpose, the secured data (files, email records) should be analyzed and limited to data that stems from within the investigative period and is saved in the relevant document formats. It should then be further reduced by up to 90% through a pre-examination process and the removal of identical and nearly identical documents.
The data set can be reduced even further by choosing keywords specific to the case that are then used as search terms in a “linear document review.” Given that this is crucial for the outcome of the investigation, the terms need to be broad enough to capture as much of the po-tential misconduct as possible, but also targeted enough to pinpoint relevant data as accurately as possible. This keyword review separates relevant documents from irrelevant ones. Because there will be documents that contain a search term but have nothing to do with the purpose of the review (“false positives”), there may still be a large number of documents marked as relevant. Affected documents will then be rechecked in a second stage.
Until this point, the steps outlined essentially reflect the approach authorities use when handling data collected during a raid. To move faster than the authorities, technology assisted review (TAR) can speed up manual document review by a considerable margin (up to 60 times). Additional features include, for example by the graphical display of communication lines and document summaries by topic.
TAR is currently one of the fastest-developing and booming areas of legal tech solutions, particularly in the realm of artificial intelligence. “Predictive coding” is applied to the results of the previous review to train an algorithm to autonomously review documents for relevance. In this way, a considerable number of documents that lawyers would otherwise need to analyze in detail can be excluded. The algorithm is “trained” using an array of examples of relevant documents determined by a lawyer working on the case. The program uses these examples to “learn” throughout multiple rounds of “fine tuning”, then it codes the documents automatically.
Given the progress that has been made in the development of algorithms in recent years, it is no longer reasonable to doubt the reliability of predictive coding. US courts categorized and pronounced TAR to be more reliable than a manual review several years ago.
The review ends with the export of the documents determined to be relevant and a report in which these documents are evaluated. This is the foundation of the broader strategic advice detailed here for – or in defense of – a company.

The crucial importance of modern legal project management

An inadequately organized document review can easily get out of hand in an international con-text with numerous parties and enormous volumes of data. As a result, an internal investigation can end up in jeopardy if predetermined time restrictions and budgets are not observed.
The transition from traditional investigations carried out by large teams to complex e-discovery processes is a major challenge for all law and accountancy firms, and these firms may yet to have adequately adapted their structures and resources accordingly. Even when firms have strengthened the internalization of processes and significantly expanded their own resources, the desired increase in efficiency for the client has frequently failed to materialize.
However, collaborating with alternative providers still generates serious problems for many law firms. This is because a law firm’s previous experience and the structure of traditional investigations do not readily mesh with investigations in -‘Industry 4.0,’- where digital transformation is a driving force and data-driven business models are spreading quickly. Until now, only a few law firms have expedi­ently recognized the modern challenges of closely cooperating with LPO pro-viders, project lawyers, IT forensic experts and software providers – a service not uncommonly requested by clients. Law firms could significantly improve their level of efficiency and secure a competitive advantage if they were to interpret the new e-discovery landscape as an opportunity rather than a threat.
On the one hand, collaborating with specialized providers means outsourcing certain parts of a company’s own business. This fact means that a law firm with a traditional pyramidal model as its organizational structure cannot maintain its team structure. However, using alternative providers will not mean that lawyers are superfluous in internal investigations, but rather the opposite: Only standardized procedures in the gathering and pro-cessing of information is automated and sped up using processes supported by software. The critical legal advice provided by lawyers both in the investigation and in the strategic advising of the company remains untouched.
On the other hand, it is important to maintain internal standards regarding the quality of legal work, even when some tasks are outsourced to third-party providers. Owing to the wide variety of providers and the range of services offered, this requires a profound knowledge of the mar-ket and, ultimately, a reliable relationship.
Some law firms regard the costs for coordinating several parties to be too high and not justi-fied by the desired improvement in efficiency. This fear, however, originates from an outdated approach to project management that has become impracticable in the age of e-discovery. The traditional approach envisages the workload in the planning phase to be low; during the investigation, high; and at the end of the project, low again.
Modern project management, in contrast, follows the reverse trend. It requires considerable planning beforehand, significantly reducing expenses critical to the budget by establishing both a project plan and appropriate lines of communication. Investing in a comprehensive debriefing upon completion of the project is of no consequence compared with the improvement in efficiency that can be achieved by carrying out such a debriefing, and it simultaneously ensures other savings can be harnessed in the planning phases of future projects.
The main tasks encompassed in legal project management (LPM) for internal investigations are in line with many aspects of traditional LPM, such as scoping the project as precisely as possi-ble, staffing, timing, formulating action plans, determining budgets, monitoring, overseeing communication lines and reporting.
In addition, where e-discovery is used, it is important to hold to certain criteria in selecting external providers as ­collaborators­- including level of technical capabilities and infrastructure, competence of staff and composition of teams; quality control and standards, transparency of procedures and guidelines; agreement on costs, budgets and remuneration; descriptions of levels of service, process, timing and communication flows; as well as various aspects of secu-rity, data protection and confidentiality.

Importance of experienced project ­managers

Internal investigations today are time-consuming and require a lot of manpower, and external service providers constitute the biggest proportion of the costs. The success of an e-discovery process greatly depends on the implementation of experienced, cutting-edge and specialized project managers. As coordinators of the investigation and a nexus to the company management, these project managers are indispensable. They are responsible for time management, resourcing and control of the budget, as well as ensuring all processes run smoothly and communication between all participants flows properly. This includes the establishment of a transparent reporting system and the complete documentation of all steps taken and decisions made.

Conclusion: plea for a modular approach in order to ensure efficient and reasonable investigations
Neither internal investigations nor efficient project management are ends in themselves. There is no doubt that it is in the interest of a company to investigate violations of the law. However, it is also in a company’s interest to carry out its investigation efficiently, appropriately and rea-sonably. Advisers, too, must take into account these interests.

The solution for efficient and reasonable performance of internal investigations in the age of Industry 4.0 is an innovative, modular approach that combines high-quality legal advice with new technologies to complete routine legal work. The key to this approach’s success lies in modern legal project management, which ensures that methods used by various legal service providers all comply with certain rules and takes care that those involved work together efficiently. This requires high planning and coordination costs, but these costs can be recouped many times over as a result of the improvement in efficiency in the investigative process, es-pecially when using document review.

This approach offers companies not only time and cost benefits during the disruptive investigative process, but also transparency and clarity for planning – ­ultimately ensuring that an internal investigation will no longer become a confusing, bottomless pit.