As data storage becomes virtually limitless and new workplaces emerge, Increasingly, organizations generate more data each year. In reality, it’s the legal team’s responsibility to preserve, collect, and review mountains of electronically stored information (ESI). In today’s blog, we’ll be focusing on the review process.
Using an In-House or Outsourced Document Review
Legal departments even have to cut legal spending despite increasing data volumes. Legal teams need a realistic option for reducing EDRM costs. Data processing and review are no secret to be expensive stages of the EDRM.
A growing amount of data makes outsourcing everything unsustainable. Simply put, it’s too expensive, in addition to having to contend with another company’s schedule. In-house document review saves on costs as well, but you must equip your staff with the right tools for the job. Although most legal review needs within corporations can be managed in-house, what happens when a class-action lawsuit requires hundreds of reviewers?
A Guide for Introducing In-House Reviews
Determine what gaps you have first.
- Are you capable of processing data? It is important to know how to transform ESI from multiple sources into a format that can be viewed and tagged.
- Data processing: Where does it live? Data on highly sensitive matters need to be stored in a secure environment that protects them.
- Would you mind sharing your review tool? It is time-consuming and potentially risky to rely on email systems or PDF viewers to view documents when the metadata has been altered during the review process.
- Is it easy to export data? When you do engage outside counsel, you need to be able to send them only those documents that you want them to review.
As a second step, ensure that the necessary tools and processes are implemented to facilitate in-house processing, review, and production.
Tips for Implementing Document Review
- Treat your Documents as Source Code: The first step in building a solid and reliable document review program is to treat the documents you are reviewing as if they are software source code. Here’s why: Many companies approach their document review by assuming that their documents will never change, so conducting an effective document review requires only a cursory or “code-reading” level of understanding about what the company does. The problem with this approach is that, over time, even great-performing teams discover that they need to make changes to documents to address newly uncovered risks or new regulatory requirements. So, treating your documents like software prevents these problems from occurring because it will force you to think carefully about how you build your documents (and ask questions about whether there are better ways to communicate information) and maintain them over time.
- Train, Train, and Train Again: Three things are necessary for preventing a document review program from falling apart over time: 1) carefully selecting your team members, 2) effectively training your team members, and 3) continuing to train your team members. Without the proper documentation of the expected outcomes or results of any given task (whether it is changing a policy or reviewing an agreement), it will be very difficult for you to hold people accountable (or simply hold yourself accountable). So as part of training your team members, make sure that each member understands what documents they need to review, why those particular documents are important, which risks they should look for on each particular type of document, and the types of questions they should be asking themselves while reviewing each document. You’ll also need to identify what outcomes or results you expect from your team. For example, do you expect that your team will document all applicable risks? Or only those risks that are material?
- Start Small, Optimize as You Go: You wouldn’t start optimizing a car engine by taking it apart for cleaning; rather, you would start by driving the car around the block and making adjustments based on how it performs. To create an effective document review program, you need to take a similar approach. Begin with an initial set of documents (for example, your most important policies), train your team members appropriately, hold them accountable to make sure that they are identifying all applicable legal risks, and then evaluate the results of your training and adjustments before moving on to the next set of documents.
- Set up a Standard Operating Procedure: The goal is to create a standard operating procedure for conducting effective document reviews throughout your organization. This means that you need to be able to both identify the most important risk-generating transactions in your company and implement a process by which every transaction can be reviewed as part of an internal control program. Here are some things that might be included in such an SOP: – What documents should or will be reviewed? – Why are these particular documents being reviewed? – What analyses should take place while reviewing each type of document? (For example, what specific questions should a reviewer ask for each document type)
- What are the expected outcomes or results of reviewing these particular documents?
- How does the organization effectively communicate any changes to policies, procedures, and agreements that have been made as a result of a review?
- What is the process for managing the RACI (responsible, accountable, consulted, informed) matrix associated with each document?
- Make Sure Your Team Members Know What They Have Accomplished: Without feedback, it will be very difficult to motivate your team members—or hold them accountable—to make sure that the documents they’re reviewing contain all applicable risks. So, make sure you’re communicating results throughout your organization by creating some standardized templates that include important information about individual transactions as well as analysis performed by your team members. You’ll also want to make sure that you’re acknowledging the work of your team by thanking them for identifying certain risks, and by making sure that appropriate IT and HR personnel are aware of any material changes that have been made to in-place policies or procedures.