Record Retention Guidelines and Policy Development

by Stacey Gumley | October 31, 2013

Although the topic of recordkeeping, including retention and destruction of records, may appear to be straightforward, there are different rules and regulations governing the varying retention periods for records of all types. In order to ensure that an organization is compliant with regulations, a record retention policy should be created that clearly states procedures to be followed. Management should review this policy annually and update as necessary to reflect any changes in regulations. Additionally, all personnel should be required to review this policy annually and acknowledge that they have read it, as the cooperation of all employees is vital to the success of the policy.

Specific roles and responsibilities should be assigned to personnel ranging from new employees to management in order to execute all of the required tasks. For example, an Information Technology Manager/Consultant can be assigned the responsibility of ensuring the backup procedures, including a disaster recovery plan, are implemented and further, that appropriate controls are in place to prevent the compromise of any confidential data. Employees at any level are encouraged to assist in the process of creating procedures to ensure that the policies in place are being observed. In creating a document retention and destruction policy, it is of the utmost importance that the policy clearly distinguishes between records that must be retained, records that can be destroyed and the appropriate retention periods for records be held by the organization.

It is not always required that superseded memos or duplicate documentation are retained. However, under no circumstances should any records, files or electronic data be destroyed if there is any current or pending regulatory or legal investigation or action or if the professional services firm expects such action in the near future.

Retention periods vary in length depending on a multitude of factors. For example, a professional services firm is recommended to retain billing files, correspondence files and audited, reviewed or compiled workpapers for a period of seven years, regardless of whether or not the files pertain to a current or former customer or client. Retention guidelines for subsidiary ledgers, bank reconciliations, purchase orders and vendor invoices recommend that these types of records be held for approximately seven years as well. Lastly, it is recommended that documentation relating to depreciation schedules, sales tax returns, payroll tax returns, minute books of directors and shareholders and property appraisals are retained permanently. Please note that the examples above are not all-inclusive and are recommendations that may not conform exactly to the various regulatory standards that your organization may need to consider.

As evidenced by the examples above, the guidelines surrounding record retention can be administratively overwhelming. For these reasons, it is recommended that each organization work closely with its legal team or trusted advisor to design a policy that is both manageable and meets the demands of the organization’s regulatory environments.

Should you have any questions regarding record retention, please feel free to contact me at sfoley@bpw.com or (805) 963-7811.

Source: Rosario, Ric, Ron Klein, and Suzanne M. Holl. CPA’s Guide to Effective Engagement Letters: Implementing Successful Loss Prevention Practices. 9th ed. Chicago: CCH, 2011. Print