Evidence Management Audits – Critical to Compliance and Security
March 28, 2022
The purpose of an audit is to measure compliance with the standards and best practices of your law enforcement agency. Audits also gauge the effectiveness of your organizational process to see if you are effectively tracking and managing your evidence. In short, audits are a comprehensive compliance evaluation and analysis of evidence management operations.
When and How Should Audits Be Done Effectively?
According to our partners at the Evidence Management Institute, there are some best practices to follow before, during, and after the auditing process…
Evidence management operations should be audited for compliance at least once a year. We suggest additional audits throughout the year for guns, money, and drugs. Any issues or problems discovered during the audit process should be noted and assigned for remediation with a planned resolution date. Then, a detailed report of findings should be compiled by the auditor(s) and submitted for review by the chain of command.
In addition to an annual audit, agencies should require an audit to be completed when: 1) Significant issues – such as evidence loss or theft, evidence contamination, or other similar issues – are discovered by the agency, or 2) When unit supervision, management, or executive-level leadership changes occur within the agency.
The audit process should include a thorough and detailed evaluation of the physical facility and operational conditions; including but not limited to storage areas, storage capacity, unit equipment functionality, and supply levels.
An audit process should include a thorough and detailed evaluation of :
- The unit’s workload and backlog levels, including intake and disposition rates and levels.
- The safety and security processes.
- The accountability measures include inventory status and a review of current evidence stored outside of the custody of the evidence management unit.
- The unit’s packaging and labeling practices to ensure compliance and conformity to existing policy and procedures.
Also, the inclusion of at least one auditor outside the evidence management unit is a highly recommended practice for objective analysis of compliance.
Practical Tips for Audits
When you do an audit, you can go through a percentage of the items in a room and document the compliance of those items. By documenting the review of compliance, you automatically create a detailed report of each selected item.
You can also write down the basic demographic information, read the Tracker Products’ scanning information – and review several pieces of information about the item – to see whether it was: located quickly, stored in the right place, packaged and labeled to standards, and finally, whether it’s eligible for disposal. Those four pieces of information are incredibly useful for you when reviewing the operation protocols of an agency.
So, if it took more than five minutes to find that item, then you may have organizational problems. If an item wasn’t found in the correct location, you can see that there are storage-protocol issues. If it’s packaged or labeled incorrectly, then you’ve got procedural issues that need to be dealt with. Finally, if an item is eligible for disposal and it’s still on the shelf, you can see that there are disposition problems; due to a fallible chain of custody.
As you may remember, we wrote about the Evidence Management Institute’s guidelines for audits at the beginning of this article. In June of 2021, Shawn Henderson hosted a webinar about Inventories, Audits, and Inspections. (If you click the link, it will take you directly to the Audit portion of that webinar.)
The information he presented, regarding the topic of audits, was so good, we’ve decided to include excerpts below…
Shawn said, “When you’re doing an audit, you want to look at everything as granularly as possible. Start with a review of your policies and procedures, because without knowing your policies and procedures, you’re not going to be able to perform an audit. If you don’t know what you have to comply with, then it’s very difficult to measure compliance.
You want to inspect storage areas and storage capacity. The same things that you look at during the inspection process need to be covered during the audit process because this is the one time of the year when you’re looking at compliance and making sure that you do the things you say you do.
RELATED: AUDITS – CRUCIAL FOR PRESERVING THE INTEGRITY OF EVIDENCE
You also want to look at the workload. An audit process should give you another snapshot as to how well you’re doing, or where you’re falling behind in accomplishing the tasks that you’re supposed to accomplish. If you’ve got a preset group of key performance indicators, measuring your progress on those KPIs is a great thing to review during an audit process.
Or, if you’ve got a disposition ratio target goal… let’s say you’re one of those rare agencies that dispose of one item for every item they take in…are you on track? It’s a really great thing to do during the audit process: To measure those things out and report on them because it gives you an idea of whether you’re succeeding or whether you’re falling behind.
An audit identifies where you need to invest more time and energy.
The audit should include a thorough and detailed evaluation of all your accountability measures, inventory status, current evidence stored outside the agency. How many items you have checked out to officers at the moment? What’s the number of items you have out to court? How many items do you have out to the lab? You need to pay attention to that. A great time to pull that into focus is during the audit process.
As a sidebar, there’s very little reason for investigators to check out evidence. But it happens, and we want to make sure that we’re accountable for it. If we don’t draw a line in the sand and say, This is something we’re going to perform during the audit then two years down the road, that list of items that are out of our custody continue to grow. And it’s much harder to bring them back in. An audit process, especially an internal one, is great for that.
We suggest annual audits and we suggest a couple of different intervals. If there are significant issues that crop up, that would be a great time for an audit. Maybe even consider an outside auditor. Also, anytime executive-level leadership changes, it’s a great time to do an audit and an inventory.
A new chief, or executive-level leader for a law enforcement agency, is going to want that because they understand the implications and obligations that they’ve assumed by taking over this agency. They’re in charge of all of it, including the evidence vault. If they want an inventory and an audit process as soon as they take command, that speaks volumes to me.
Compliance Sources
It’s not just local policy and procedures that need to be complied with, you also want to measure your compliance with other things. We suggest industry standards, the NIST standards for biological evidence, and forensic lab compliance standards and best practices. The audit process is the time to look at all compliance. Not just policy and procedure, but statutory compliance, lab compliance, accreditation compliance, industry standards. How are you doing against those metrics? That’s the time that we look at those things.
Here is a sample form. It’s really rudimentary, but it gives you an idea of all the different things that I like to review during an audit process. You’ll see here, we’re talking about facility safety and security: key controls, and checking the functionality of our alarms and our surveillance cameras.
If we never perform these function checks, then we never know how we’re doing with things like: Storage capacity estimates, workload processes, disposition activity, inventory reporting. We’re talking about item audits and shelf-to-file audits. Actually taking a look at a piece of evidence, pulling it off the shelf, and finding that record. Or look at your records and see if you can find those things on your shelf.
It’s a great idea to mix these things up. Look at general evidence, look at currency evidence, look at biological, firearm, and drug evidence. Review representative samples of everything you’ve got.
My favorite page of this form is the last page… Action Items. These are the problems that we found, what we’re going to do about it, and who we assign it to. This is the date that we expect it to be resolved. It’s that follow up, in all of these processes, that’s absolutely critical for your success as an agency.”
Final Thoughts…
Auditing is an important function of any evidence unit and is a valuable tool for effectively and appropriately managing risk. Are we ensuring that we are doing what we say we’re doing? Do gaps exist in our policies and procedures? Is there room for improvement? Are we meeting our compliance goals?
The purpose of auditing internally is to provide insight into an organization’s chain of custody, policies, procedures, and management oversight. Evidence Management audits gauge internal controls such as operating effectiveness, risk mitigation controls, and compliance with relevant standards or best practices.
By continuously monitoring and reviewing your processes, you can identify control recommendations. This will improve the efficiency and effectiveness of your evidence management processes.
Your internal audit program will help you to track and document any changes that have been made to your property and evidence, policies and procedures, or storage facility. This will ensure the mitigation of future mistakes. By regularly performing an internal audit, you can establish compliance with any and all relevant standards and best practices. They can also ensure you are prepared for the possibility of an external audit.
Tracker Products and The Evidence Management Institute want to give you something productive to think about during this time of uncertainty… a series of FREE evidence management training videos and episodes of “The Evidence Show.” You can also watch and comment on the Tracker and EMI webinars. Or – to get in on the discussion, with over 750 evidence custodians – join the Evidence Management Community Forum on Facebook.