October 2002
Record Retention 101: Seeking a Nexus of Commonality
Record-retention policies and regulations have received intense scrutiny in the wake of the collapse of Enron and the conviction of its auditor, Andersen, causing nervous reactions in many quarters. A long history of ambiguity on record retention and record destruction justifies and explains such nervousness. I think the nervousness may even be a good thing, if it motivates regulators and legislators to remain focused on why records are important.
The New York State Board of Regents recently proposed a new rule for CPAs’ working paper documentation and retention. The NYSSCPA has commented on the technical and practical points, but our comments, like most current discussions of record retention, accept the prevailing popular rationale without ever addressing why we need record-retention policies in the first place. The Regents’ proposal fails to fully assess in modern terms how such new requirements will affect all CPA practice areas or their implications for the 38 other professions that the State Department of Education regulates.
The bottom line is that if questions arise later, without records no documented evidence exists that financial information is accurate or an auditing procedure was done correctly. Also, unfortunately, recent events make us recognize that as a necessary part of disaster planning, where records are kept is as important as the length of time.
My point is that these areas not only overlap and intersect to different extents but they also vary widely for different types of work. No single record retention policy makes sense for all of them, either in specifying what must be retained or the period of retention and its media.
For example, New York State requires a CPA license in order to perform audits, reviews, and compilations, and the tax authorities permit validly licensed CPAs to represent clients before them. In New York, the legislature has placed the CPA license under the jurisdiction of the Board of Regents. Although tax authorities require tax preparers — to keep copies of their clients’ tax returns and to retain documentation of certain tax credit qualifications, in general the tax payer rather than the tax preparer is required to maintain the documentary evidence for tax treatments.
In the financial planning area, the Certified Financial Planner (CFP) Board has its own Code of Ethics and Professional Responsibility for holders of this certification. And, a CPA who holds the AICPA’s Personal Financial Planning (PFP) specialist certification has additional voluntary standards to follow as well. Both require their professionals to maintain documentation of certain aspects of their relationship with the clients and the advice given them.
The State of New York Securities Division regulates New York State CPAs selling securities if the level of their business is less than a specified amount. The SEC governs them if the level of their business exceeds that amount. In either case, extensive records of the relationship between a broker and client need to be kept, as evidenced by the extensive investigations that have become part of the daily news. Furthermore, CPAs who offer insurance products as a client service must follow the regulations of the New York State Insurance Commissioner.
But, face it, if someone intends to shred documents that should be kept, they’ll probably do it regardless of any law, rule, or regulation. So the current emphasis on document retention is a knee-jerk, hopefully crowd-pleasing response to a problem that requires deliberation and consensus building. The NYSSCPA recommends that the Regents’ proposed rule extend to all CPA services covered by Statements on Auditing Standards, Statements on Standards of Attestation Engagements (SSAE), and Statements on Standards of Accounting and Review Services (SSARS). Audits, reviews, compilations, and other attestation services share in common certain types of evidentiary matter that pertain to conclusions for use by third parties that only CPAs can arrive at.
In nonaudit attestation engagements, the proposed rule should reference the documentation requirements in the General Standards, the SSAEs, and the SSARS. Any evidential material that standards require should be documented in the same manner and retained for the same period as audit documentation.
We have also suggested that if an audit lacks adequate documentation, there should be a rebuttable assumption (overcome by a preponderance of the evidence) that the work wasn’t done. We also think the regulation should define a substantive alteration, and we have suggested the following: A substantive alteration consists of changes to audit or other documentation that alter the nature, timing, extent, and results of the audit procedures performed, the evidence obtained, the conclusions reached or the reasons therefor, or the identity of the persons who performed and reviewed the work.
Regulators and legislators might consider standardizing record-retention in other ways that make sense. For example, the retention period for records that may be needed for court cases could be set to expire at the same time as the statute of limitations for the relevant service (for example, six years for breach of fiduciary duty). The retention period for tax returns and related records could expire when the IRS or the State can no longer audit them according to their own regulations. Records that are both tax-related and may be needed for court cases could be required to be kept for the longer retention period of the two. Audit records could be required to be retained for the same period, thereby avoiding having multiple record retention policies affecting the same records. In all cases, the emphasis should be on retaining only those records that are germane to the purpose.
Given the current situation, with retention policies and regulations all over the map, no wonder people express frustration and bewilderment, and sometimes make mistakes. Here’s an opportunity to fix something that’s needed it for a long time. If we can’t get it exactly right, we should at least try not to make things worse.
Louis Grumet
Publisher, The CPA Journal
Executive Director, NYSSCPA
lgrumet@nysscpa.org
©2006 The CPA Journal. Legal Notices
Visit the new cpajournal.com.