ABNT NBR ISO/IEC 27037:2013 CONTRIBUTIONS TO DIGITAL EVIDENCE IN FEDERAL GOVERNMENT AUDITS

Abstract

This study investigated how to strengthen the reliability of evidence used in the context of government audits through the ABNT NBR ISO/IEC 27037:2013 standard. In a context of ubiquitous digitization in modern society, the use of digital evidence poses risks for both Government Audits and Digital Forensics. Thus, these fields were articulated by comparing the attributes of the common concept of evidence through a documentary analysis of their normative contexts. The results indicate convergence in the concern for sufficiency, reliability, relevance, repeatability, and justifiability of potential digital evidence information. In the comparison of guidelines and techniques, reliability as described in ABNT NBR ISO/IEC 27037:2013 has the potential to make relevant contributions to the standardization of Government Auditing, as represented by the CGU’s Normative Instructions. The concept of forensic readiness also proves useful in this debate as a preventive and preparatory approach for environments that may generate evidence in potential cases. Accordingly, six guidelines are presented as suggestions for strengthening digital evidence in Government Audits. Finally, future research may further explore these interfaces, addressing, through published case studies, how it is possible to manage the risk of digital evidence while fully leveraging it in potential investigations.