SIDEBAR: Which Records Must Be Saved?
Here's how the SEC defines which audit-related records must be maintained:
"The final rule requires that the auditor retain records relevant to the audit or review, including work papers and other documents that form the basis of the audit or review of an issuer's financial statements, and memoranda, correspondence, communications, other documents and records (including electronic records) that meet two criteria. The two criteria are that the materials: 1. are created, sent or received in connection with the audit or review; and 2. contain conclusions, opinions, analyses or financial data related to the audit or review."
SIDEBAR: Top 10 Tips for Effective Electronic Data Management
Kroll Ontrack has created the following 10 tips that should be considered when developing and maintaining rules for electronic record retention:
- Make electronic data management a business initiative, supported by corporate leadership.
- Keep records of all types of hardware/software in use and the locations of all electronic data.
- Create a document review, retention and destruction policy, which includes consideration of: backup and archival procedures, any online storage repositories, record custodians and a destroyed documents "log book".
- Create an employee technology use program, including procedures for: written communication protocols, data security, employee electronic data storage and employee termination/transfer.
- Clearly document all company data retention policies.
- Document all ways in which data can be transferred to/from the company.
- Regularly train employees on your data retention policies.
- Implement a litigation response team, comprised of outside counsel, corporate counsel, human resources department, business line managers and IT staff, that can quickly alter any document destruction policy.
- Be aware of electronic "footprints" - Delete does not always mean Delete, and metadata is a fertile source of information and evidence.
- Cease document destruction policies at first notice of suit or reasonable anticipation of suit.
On a final note, make a practice of conducting routine audits of policies and enforcing violations.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.