In general, I support those who responded earlier - if there is no knowledge, it is better not to take responsibility for yourself.
What rights are there? Do you have a domain admin?
You can at least collect local accounts with a PS script. If you have admin rights again.
Forwarding is more difficult (access will be needed), and open ports can be listened to dofiga than.
Please note that forwarding may not work through some devices (specifically, a switch may well cut a left hand, for example)
Essentially unrealistic.
The most common is to cut off flash drives and prohibit unnecessary network resources. The software for this is dofiga, you can get by with the rights and scripts.
File hosting is a pain, and not an easy one. Well, let's say your proxy is able to update block lists and there is a subscription to them ... But in some cases this does not help - specifically with Google and Yandex for sure.
===
The approach is completely wrong. At all.
Now there is some kind of digging under the system administrator. This is wrong because it is not constructive. If he is trusted, there is no need to hide the audit. If they don’t trust you, you need to expel them right away, because no matter how you twist the powers of the administrator from your side, they will allow him to do anything.
How to:
1. Agree with management about principles. Well, here - access only to members of the domain. OK.
Talk about printing, about sending by mail, about flash drives and personal phones (prohibit connecting to computers), the policy of network shares.
2. Think about how you will monitor changes on file resources. There are many options, convenient paid ones, free ones are inconvenient.
3. Think about what rights to give to whom and how to monitor them.
4. Think about what kind of software and how to monitor it.
5. Should I close any network resources? How to monitor.
(this is for the first time)
Then you carefully describe all this in the "to be" strategy, accompany it with a list of what is necessary for ...
In most cases, if the user has access to the file, he will be able to copy it and transfer it to someone. And I advise you not to be too brutal in relation to prohibitions, but to direct efforts towards external connections (so that you cannot connect from the outside and "suck out") and monitoring.

Oh, your boss's approach is wrong. Your entire audit, alas, can be thrown into the trash!
1) For the questions you ask, you simply do not have the competence for this job.
2) Even if you are completely chewed out, then most likely you will get incorrect results.
3) Even after receiving the correct results, they still need to be interpreted somehow, which is also doubtful.
You wouldn’t be doing this, from the word - in general, it is an audit, because for its results all the dogs will be hanged on you!
But if you are interested in security for yourself, then start by scanning ports (nmap), entering a domain, connecting to a network, wifi access points. Next, we scan the network from the user side. Next - look at connecting to the Internet and filtering traffic. Next - connecting flash drives and all sorts of SD-USB devices. Further - everywhere.

How can you check all this?

If the question is asked in principle , bypassing the main admin, then they suspect him. If the main admin is really involved, you can put an end to the audit. You simply will not find anything, or in the process of the audit they will figure it out and there will be interesting consequences.

wikipedia has a starting point: Information Leak Prevention

To the question:
3) exclude the left output of information
A simple user can upload the necessary documents to all sorts of Google, Yandex disks.