Sarbanes-Oxley Act and Record Retention Best Practices
The Sarbanes-Oxley Act (SOX) is a law passed in 2002 that sets forth standards for the recording and reporting of financial activities. A key part of that law involves record retention. Businesses must retain their records for set periods of time (and in some cases permanently, depending on the type of record) in order to be compliant with SOX. Here, we will review record retention best practices in order to ensure Sarbanes Oxley Act compliance.
The Main Challenge
SOX has presented a massive challenge to businesses everywhere since they now not only have to make regular and accurate reports, but they need to keep the records around that support the numbers in those reports. This means companies have to maintain millions of records, and that can get expensive.
When it comes to best practices for records retention under SOX, the first thing that needs to happen is a plan. You need to put someone in charge of storing, organizing, and maintaining those records.
You also need to catalogue what types of documents you’re dealing with and how long each of those needs to be retained. Any record that contains financial information should be accounted for, including:
- Financial statements
- Accounting records
- Sales reports
- Instant messages
- Bank statements
The list goes on. It may be tempting to try to keep everything indefinitely, but this is simply not possible or practical. It may even violate other regulations such as those governing client privacy.
After planning, the next strong practice is to digitize all records. This massively reduces the physical space needed to store them, and it also facilitates security and retrieval. Document scanning services can convert paper documents into a digital format which can then be indexed into an organized database. Keeping payroll records, tax records, ledgers, and other records for 7+ years is far simpler without rooms full of filing cabinets.
Finally, using multiple repositories is also crucial for records retention. If everything is kept in one place, it can be very easily lost, even if it’s in electronic format. Using multiple servers or storing data in the cloud can help, as can the offsite records storage offered by Armstrong Archives. This allows for enough redundancy that if something happens to one repository, you can still maintain compliance.
Not Indexing Expiration Dates
Many documents contain expiration dates, and failing to track them properly could greatly hamper your entire operation, even leave your company at risk.
Using the Wrong Records Management Service
If you do utilize a company to manage your documents, make sure they understand the specific needs of your business and operations. If they don’t, you might find that accessing your documents is no easier than it was prior to hiring them. The result? Wasted time and money.
While the aforementioned are some of the most common mistakes in document management, they’re not a comprehensive listing of the many considerations your company should be taking into account. An experienced, reputable document management company like Armstrong Archives will help you fill the gaps, ensuring your company can safely maintain and manage its important documents.