“Do you have the necessary policies?”
This question is no longer just an innocent inquiry, but a requirement. As audits become more analytical in today’s digital age, focus continues to shift to companies’ internal controls and the underlying policies influencing them. Among these is the often overlooked document retention policy.
How is document retention changing?
In the digital era, most documents are becoming electronic in nature, making physical office libraries memories of the past. But how similar are digital documents to their paper counterparts? Can we use similar retention parameters to safeguard them? Lastly, how do digital documents impact security?
While a lock and key was sufficient to restrict access to print files, electronic documents need stricter protection. The following protection strategies should be used together to ensure the safety of digital files.
- Password protection
- Secure storage location (ex: server, cloud)
- Backup to storage location to ensures protection under unforeseen circumstances (ex: virus, faulty equipment)
How can my company improve its document retention?
As the professional world becomes increasingly digitized, urge your company to review its current document retention plan. It is crucial to ensure that all documents are covered by your company’s policy and that compliance to this policy is feasible.
Use the following steps to start creating a policy that is up-to-date with today’s technological advancements.
- Define “document.”
- Indicate which files are “documents” according to your policy.
- For instance, are emails documents? Many say no unless they meet certain requirements and are properly stored.
- Specify document types.
- Which documents are covered by your policy?
- This increases your policy’s clarity and allows you to set parameters for the treatment of paper vs. electronic documents.
- Address storage.
- As storage becomes more affordable, companies tend to keep everything.
- Preempt storage related questions in this section of your policy. How do you address security of stored files? How should you set up a storage system to ensure policy compliance?
- Address destruction.
- Who should handle destruction of documents? (Ex: staff, office manager, CFO, IT, etc.)
- How should documents be destroyed? (Ex: automatic through IT protocols, manual by designated individual, etc.)
- When should documents be destroyed? (Ex: at regular intervals during the year, annually, etc.)
- What documents should be destroyed?
- Address policy compliance to include electronic documents.
- How will this policy be enforced?
- How will policy infractions be addressed?
- Include your company’s IT staff in these decisions to ensure they can be implemented.
If you have already followed the above steps, congratulations! You are all set for proper document retention in the digital age. However, if you are still struggling with compiling a policy that addresses digital issues, reach out to the knowledgeable outsourcing staff at Halt, Buzas & Powell online or at 703-836-1350. We are always happy to help you!
Written by Rally Kamenova; Outsourced Accounting Principal.