According to the Sarbanes-Oxley Act of 2002, or SOX, companies are required to keep all documents that contain information about a company's policy or performance. Any document relevant to the auditing process that contains information about a company that can be represented with words or numbers is considered a document that must be retained for auditing purposes.

To emphasize this point, Section 802 of the act stresses that document retention rules applies to all of a company's e-mail, e-mail attachments and documents retained on computers, servers, auxiliary drives, e-data and websites, as well as hard copies of all company records. Generally accepted accounting principles (GAAP) also require that companies retain business records.

Under SOX, there are four key components that must be met to ensure that digitally stored documents meet document retention policies. Those components are:

  • The documents, including emails must be "tamperproof."
  • Digitally stored documents must be password protected, read-only and cannot be deleted.
  • The digital documents that are stored must be encrypted and digitally signed.
  • The digitally stored documents must have the ability to be audited by a third party, and have search capability.

Compliance Standards

The American Institute of Certified Public Accountants, an organization that is integral to setting the GAAP, also has certain suggestions regarding appropriate controls for digitally stored documents. Copies of emails and other digital copies used during the course of business should be retained both digitally and in hard copy. When documents are stored digitally, it is required that proper internal controls be exercised. Some required internal controls are that the IT personnel responsible for storing digital documents must be independent, and hard copy of security logs must be stored.

Under Sarbanes-Oxley, companies face more significant exposure to the charge of spoliation if their digital recordkeeping is inadequate. Spoliation, the willful or negligent destruction of records, can result in severe sanctions and fines, because the lack of carefully preserved records can deny opposing parties their rights in a potential litigation. 

SOX guidelines require permanent retention of the following type of documents: Bank statements, chart of accounts, payroll records, contracts and leases, union agreements, legal correspondence and employee training manuals. AR and AP ledgers, product inventories, tax returns, and time cards should be retained for seven years. Purchase orders and invoices should be retained for five years, and employment applications should be stored for three. (See also: An Inside Look at Internal Auditors.)

This question was answered by Chizoba Morah.

  1. Is a private company required to show financial information?

    Understand whether a private company is required to disclose financial information to the public. Learn what is required ... Read Answer >>
Related Articles
  1. Managing Wealth

    Pros/Cons of Storing Estate-Planning Papers Online

    Digital storage takes the hassle out of keeping track of estate-planning paperwork, but there are a few significant drawbacks.
  2. Small Business

    How to fill out an I-9 form (step-by-step)

    Step-by-step, here's how you and the employee you've hired fill out the required I-9 verification form from the U.S. Citizenship and Immigration Services.
  3. Retirement

    Does Your Estate Plan Include a Digital Fiduciary?

    What will happen to your social media and email accounts when you die?
  4. Managing Wealth

    Why You Need a Letter of Intent Will

    A letter of intent is a useful and helpful adjunct to other legally binding documents. If you don't have one, do it now. Here's what should be in it.
  5. Personal Finance

    What To Bring To The Tax Man

    Forgetting these forms can cost you your refund.
  6. Investing

    Evaluating Retained Earnings: What Gets Kept Counts

    A company's retained earnings matter. Be investment-savvy and learn how to analyze this often overlooked information.
  7. Personal Finance

    Banks can notarize your documents for free

    Learn how you can obtain the services of a notary public for free at your local bank branch and other places where you can have a document notarized.
  8. Financial Advisor

    How Wealth Managers Can Bridge Digital Tech Gap

    A lack of digital technology offerings puts many wealth management firms at risk of losing significant income due to client attrition.
  9. Taxes

    What To Do If You Get Audited

    If you're in the minority of those that get audited, find out how to prepare and how to handle the process.
  1. LLC Operating Agreement

    An LLC Operating Agreement is a document that customizes the ...
  2. Recording Fee

    To maintain records of all property purchases and sales, government ...
  3. Certified Financial Statement

    A certified financial statement is a financial reporting document ...
  4. Sight Letter Of Credit

    A sight letter of credit is a document that verifies the payment ...
  5. Valuable Papers Insurance

    Valuable papers insurance is a type of property-casualty insurance ...
  6. Notarize

    To notarize a document, a notary public certifies the authenticity ...
Trading Center