Electronic Records for Audit, Ethics and Internal Control
If an institution – any institution – is to maintain its reputation, it must be prepared to investigate the actions of its employees (personnel). Inevitably, allegations will arise that this or that employee embezzled, acted unethically, abused authority, laundered money, executed an unauthorized trade or simply made a mistake. Power to conduct internal investigations is critical to government agencies and for-profit corporations, as well as charity, non-profit, and educational organizations.
Modern investigations today are different from those of the past, by virtue of the presence of digital records. The sheer quantity of e-records (e-mail, text, chat or instant messages, logs, meta-data, photographs, blog comments, surveillance videos, and on and on and on) is mushrooming beyond comprehension. When an institution undertakes to audit whether a superior harassed a subordinate, an accountant misunderstood a tax liability or an administrator wrongfully tolerated a conflict of interest, a brimming corpus of electronic records can be available for examination . . . and can facilitate a just outcome. The records can shed welcome light on whether the subject of the investigation did what is claimed, or did not do it.
A case in point is an investigation at Yale University, a regular recipient of research grants from the federal government. Prosecutors alleged that academics at Yale had misallocated federal money (funds or assets) by (a) transferring grant funds to accounts that were not intended for the grants in question, and (b) paying themselves for summer activities using money from grants not earmarked for those activities.
In other words, the government claimed professors and staff played fast and loose in interpreting the purpose of specific grants.
In the face of such allegations, an institution has no choice but to cooperate with government. (Which university wants to be the subject of an adversarial police raid in search of computer records?) Yale launched a massive investigation, covering some $3 billion in grants over seven years (2000-2006). It turned over more than a million pages of documents. No doubt the massive quantity of records included email and other computer-based records. (A similar corruption probe in the 1980s could not have yielded as many records because computers and e-mail were not as pervasive then.) The college settled the matter in 2008 by agreeing to pay $7.6 million.
Although Yale admitted it had made some errors, the government granted the school a release from further liability with respect to the years that were investigated.
$7.6 million is a relatively small penalty. The university appears to have done itself three favors. First, it had retained plentiful records for many years. Second, it cooperated with the government and divulged rafts of records. Third, when the allegations first arose, Yale instituted reforms preemptively, including tighter accounting controls and improved staff training. The result was the imposition of only a small settlement payment. And as for the future, Yale remains qualified to receive grants from the government.
Had Yale produced fewer records, and displayed less transparency and less cooperation, the institution would not have fared so well.
I’ll bet the “errors” to which Yale admitted reflected past practices that had developed over decades, in an age when records were fewer and therefore government (inspectors general) had less ability to audit or investigate.
The incident teaches Yale staff (and staff at other institutions receiving federal grants) that they will be on a tighter leash for the future. A digital informant is ready to snitch on them. The super-plentiful e-records now being made about their daily activities expose them to greater review and accountability than was historically possible.
–Benjamin Wright
Mr. Wright is an advisor to Messaging Architects, thought leader in records-dirven investigaions. He also teaches Internet law at the SANS Institute.
Recent Comments