There’s lots of talk this time of year about record retention guidelines: which Finance docs and emails to keep, how long to keep them and how to dispose of them when the time has come. Plenty of best practices. But how about the worst ones?
Could your finance department unknowingly be embracing any of those? Many companies are.
There’s no shortage of potential missteps out there, according to the folks at CSO Security and Risk online. They’ve ID’d some of the “deadly sins” of record retention.
Before your staffers start to bid adieu to previous years’ documentation, it pays to make sure you aren’t exposing yourself to any potentially expensive shortfalls.
Worst practice No. 1: Staffers confuse records and backup
Yes, your system probably backs up certain information. But that’s not records retention. And if one of your finance staffers confuses the two, you may find yourself unable to produce what an auditor or lawyer needs somewhere down the road.
You don’t want people to have a false sense of security. You’re better off keeping the backup practices IT employs separate from your own finance responsibilities. Make sure Finance independently maps out its own retention responsibilities so you’re not caught short.
Worst practice No. 2: Expecting someone else to know what you need to keep
Just like Finance shouldn’t depend on IT to help them meet their record retention requirements, it’s probably not a good idea to depend on Legal or HR or another department.
Not only do you have federal requirements like IRS to comply with, but depending on how many states you have a business presence in you also have other state and local requirements to fulfill (after all a sales and use tax audit will need records the feds would never request). You don’t have to go it completely alone — your CPA firm can likely help you understand your obligations. But make sure Finance takes the lead on its own record retention responsibilities.
Worst practice No. 3: Not testing you can respond to requests
So maybe no one will ever even ask you to produce that document. Fantastic. Doesn’t mean you can count on that, especially seeing as audits are up across the board.
That’s why you want staffers to periodically test to see if they can locate a given record and just how long it takes to produce it. That includes not only paper documents but electronic records and emails as well. Simply pick a random piece of data you need, just like an auditor would, and give your staffers a timeframe to get it to you.
Worst practice No. 4: Poor timing on trashing
Of course you can’t keep everything forever. So as soon as the retention window’s up, your finance folks are ready to shred it, delete it and otherwise get it out of there.
Which is fine … unless you’re in the midst of an audit or even get wind that an audit may be coming your way or a lawsuit may be brought. Then you want to put a ban on all disposal, even if a record’s time is up. It won’t look good for your department if you start tossing records in advance of one of those events. That will make it look like you have something to hide … even if you don’t.