Businesses retain documents not only for business-intelligence purposes but also for compliance requirements. Additionally, documents help prove any claims in a court of law if an issue goes to court. The focus of this article is on the compliance aspect of document retention while a separate article on archiving discusses retention practices.
- Government regulators need evidence that a business has complied with statutory requirements under particular statutes. This evidence typically takes the form of records that clearly identify relevant details. For example, payroll records usually include attendance sheets showing the times employees worked and pay-computation sheets showing how payment for the hours worked is computed.
- Formerly, only accounting records, contracts and other legal documents, and the special records maintained under specific regulations were typically covered by retention requirements. However, enactments such as the Sarbanes Oxley Act (SOX) have dramatically changed the scenario.
- Under SOX, practically every document that comes into a business will have to be maintained for specified periods. These include e-mails, instant messages, internal memos, and other such documents that were usually destroyed to reclaim space.
- Meeting these requirements in modern, large organizations involve extensive involvement of the IT department. IT-based document management practices have tightened since these new regulations came into force. A discussion of internal controls (which include document-retention policies) is required to be included in the annual reports of companies to comply with SOX.
- Under SOX, top management is directly responsible for the accuracy of financial statements. To discharge this responsibility, management needs to retain all the working papers, such as the several versions of spreadsheets from different business units that are ultimately consolidated into the final published statements.
- Companies are required to retain audit working papers and other documents supporting audit conclusions, for a period of seven years.
- When a company is under investigation or has filed for bankruptcy, destroying or tampering with any document that could be relevant to the investigation is treated as a criminal offense. All destructions and modifications must stop on the commencement of any proceedings or even if an investigation is considered likely.
- In addition to the regulations applicable under SOX, businesses might have to comply with special document-maintenance and retention regulations under industry specific regulations such as those under the SEC and other general regulations from institutions like the IRS.
- Documents like audit reports, stock and bond records, contracts, legal correspondence, insurance records, and union agreements are retained on a permanent basis. Most financial records are typically maintained for periods ranging from three to seven years.
- Regulations like HIPAA make it compulsory to ensure privacy of personal data of customers and employees in the custody of a business. This imposes the additional burden of securing the documents against unauthorized access.
- Retention of documents involves systematic archiving, keeping all the different versions, with each one an exact copy of the original document. This is different from backing up, which might involve keeping only the recent copy and is intended more as a disaster-recovery precaution than a document-retention practice.
- Retaining documents for long periods poses special problems in the case of electronic documents. Technology changes can lead to old hardware and versions of software becoming obsolete. Strategies such as regular copying of old documents into new media in new formats will have to be adopted to comply with document retention requirements.
Document retention is becoming an increasingly complex and expensive requirement of running a business. By developing carefully considered policies and implementing them on the ground, it will be possible to cope with this complexity and reduce costs. The alternative is chaos and unending trouble with enforcement authorities.