Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Auditing and Digital Paper Trail

Wise Owl Legal supports a variety of auditing functions to comply with legal requirements for transparency and external auditing. In addition, audit logs are useful to ensure the correct and error free operation of your Wise Owl Legal appliance.

There are different auditing mechanisms used by Wise Owl, they all create a digital paper trail, but some are focused on particular modules or scenarios  For example, the entire trust accounting system is designed from the ground up to leave an auditable, transparent digital paper trail. Other system functions and events are logged in a more generic audit log which can also be used as a digital paper trail.

TODO: reports

TODO: compliance with legal standards

Law firms can be audited at any time.  Some of the rules to remember include:

  • The firm's trust records must be available for audit at any time
    • This means trust records must not be taken off site; not by a bookkeeper, principal of the firm, nor an auditor!
  • You must reconcile your trust account within 14 days of the end of the month.  
    • This means don’t put it off! All computer generated reports are dated, allowing auditors to easily verify if this deadline has been met. 
  • Never draw a cheque without having first receipted the money into your accounting system.  
  • If you make a mistake, make it very clear what happened and what you did to fix it.  Ensure there are memos filed with the End Of Month Reports indicating the mistake, and the appropriate actions taken to amend it. Mistakes happen, but trying to hide them makes it worse.

Filing of Trust Record - Hard Copy

We recommend the best way to file trust records is to use a lever arch folder, for the trust audit year, 1st April to 31st March. 

This file should contain:

  • Trust receipts, office copy, filed in strict numerical order
  • Trust deposit slips
  • Trust end of month reports, with one tab for each month
  • A separate tab for the trust account bank statements

Trust Accounting

TODO

Generic Audit Log

The generic audit log is a system wide repository of events. Its purpose is to log, in a structured manner, important events in the system such as changes to matters, user logins and system updates. Records are unable to be edited once created. Audit records are only accessible to administrators of Wise Owl and helpdesk staff.

Audit records contain, at minimum:

  • When the event occurred.
  • What kind of event it was.
  • Who (which user) initiated the event.
  • The IP Address of the user who initiated the event.
  • A brief summary of the event.

Additional information can be recorded, depending on the context of the event:

  • Did the event succeed or fail. Eg: a login may fail due to an incorrect password.
  • Additional details of the event. These vary considerably depending on event type and context.
  • A snapshot before and after the event. Eg: when a matter or system setting is changed, the data before and after is recorded.
  • A variety of associated record IDs. These represent other records in Wise Owl which are relevant to the event being audited. Eg: the matter ID will be recorded against the audit record when a matter changes. Or, for a password reset, both the user who resets the password and the user whose password is being reset are recorded.

Information from the audit log is searchable via the Tools module.

TODO: reports / export functions

Events Recorded

The following lists each event audited by Wise Owl Legal:

EventDetails
  General and System Events
Support / Feedback RequestsDetails of support requests, feedback items or bug reports are saved in the audit log as well as being sent to the Wise Owl Helpdesk.
Unsupported Browser OverrideHappens if a user ignores the warning that their browser is unsupported or out of date. Note, using Wise Owl with an unsupported browser may mean the Helpdesk cannot provide support to the user.
Install Update A system update is installed from the Appliance Settings. 
System Setting Changed Logged whenever system settings are changed. A snapshot of the setting before and after the change are recorded.
Initial Setup Completed An event indicating the Appliance has completed the manufacturing setup process. 
List Edited One of the generic drop down lists (such as countries, address types or matter referral sources) has been edited. Before and after snapshots are taken of the list.
License Related
License TamperingThere are several audit events which indicate your license may be tampered with. They are not listed here; you should never see them.
License Expired The Appliance license has expired. It will now be running in grace period with degraded functionality.
License Grace Period Expired The Appliance license grace period has expired. The Appliance will be running in read-only mode with extremely limited functionality.
License Not Connected to Internet The Appliance has not been able to connect to the Wise Owl License Server in several days. The Appliance may be running with reduced functionality.
  Users and Logins
User LoginA user has logged into Wise Owl Legal. The login may or may not be successful.
User Logout A user has logged off Wise Owl Legal by clicking the logoff button. 
User Timeout A user's session has expired due to inactivity and they were automatically logged off.
User Kicked A user was forcefully kicked from Wise Owl Legal. Detail of who kicked the user are recorded.
User Created A new user was created. 
User Edited A user's details were edited. This may be by themselves or by another admin user. Before and after snapshots are taken.
User Changed Password A user changed their password. 
User Reset Password A user's password was reset by an administrator.
User Sent Forgotten Password A user reset their own password by clicking on the "forgotten password" link. They would have received an email with a code to change their password. 
User DeactivatedA user's account was deactivated. 
User Reactivated A user's account was re-activated after a previous deactivation. 
User Rights or Role Changed A user's roles or rights overrides have been changed by an administrator. Before and after snapshots are taken.
User Deactivated Tutorial A user deactivated the Wise Owl Legal tutorial displayed after login. 
User Account Locked A user's account was locked due to excessive logins or suspicious activity. An admin must unlock the account before they can login again. 
Rights Assignment Changed The assignment of rights in a role have been changed. Before and after snapshots are taken. 
Unauthorised Access A user tried to visit an unauthorised page or resource. 
  Contact Events
Contact CreatedA new contact was created. 
Contact Edited A contact's details were changed. Before and after snapshots are taken. If this contact is a client and is present on an open or recent matter, a Matter Edited event will also be logged with client details.
Contact Number EditedA contact's contact number was manually overridden. Before and after snapshots are taken.
Contact Deactivated A contact has been marked as inactive. Before and after snapshots are taken.
Contact Number Sequence Changed The Appliance-wide number sequence for contact numbers was changed. Before and after snapshots are taken.
 Matter Events
Matter Created A new matter was created. Full details of the matter including full client details are logged.
Matted Edited 

A matter was edited. Before and after snapshots are taken. This records can be logged if the details of a matter's client are changed. 

Matter Number Edited A matter's matter number was manually overridden. Before and after snapshots are taken. 
Matter Number Sequence Changed The Appliance-wide number sequence for matter numbers was changed. Before and after snapshots are taken.
Matter Jurisdiction Changed A matter's jurisdiction was manually changed. Before and after snapshots are taken.
Conflict Check Complete A conflict check was completed for a matter. This records the fee earner for which the conflict check was performed for and the user who recorded it.
Sent Trust Authority Trust authority was recorded as sent for a matter. 
Matter Type Changed A matter's matter type field was manually changed. Before and after snapshots are taken.
Matter Closed A previously open matter was marked as closed. 
Matter Archived A previously closed matter was marked as archived. 
Matter Re-Opened A previously closed or archived matter was marked as open again.

 

Appliance Logs

The Wise Owl Appliance keeps low level system logs. These contain information primarily relevant to technical support, debugging and performance analysis. They can be accessed from the Tools module and exported to an Excel compatible format for external analysis. Unlike the Generic Audit Log, Appliance logs mostly free-form text rather than structured database records. The appliance logs are where details of errors are recorded, plus a variety of other data and statistics. They are not designed to maintain a digital paper trail, but may be used as supporting evidence.

TODO: streaming important messages back to our stats server???

  • No labels