An effective audit identifies compliance problems. However, if the information uncovered in the audit is not protected properly, it could fall into the wrong hands and substantially increase the company's exposure. It is therefore important that all phases of an audit be properly protected by the attorney-client privilege and work product doctrine (if applicable). Here are a few tips to best protect the audit:
- The employer should clarify from the outset that its goal in conducting the audit is to ensure compliance with relevant employment laws, and in-house counsel should initiate the audit.
- Outside counsel should open a separate billing matter for the audit, and the employer should receive an engagement letter that makes clear that the purpose of the audit is to obtain legal advice concerning the company's compliance with relevant employment laws. That letter should also authorize counsel to obtain the assistance of all necessary company personnel to obtain information and should stress the confidential nature of the inquiry. This added authorization and direction will help clarify that lower-level personnel are viewed as "the client" for purposes of the privilege.
- Employers should be extremely cautious when considering having human resources or non-legal consulting firms conduct an audit. Often the project manager is not an attorney and is therefore unable to provide legal advice.
- Once the audit begins, all communications concerning the audit should be disclosed only to those with a need to know and should stress the need for confidentiality.
- All documents created during the audit should be clearly marked as "privileged and confidential," and should be treated with the same confidentiality as other sensitive legal documents.
- The results of the audit should not be disclosed beyond those with a legitimate need to know.