Retention of Records 1714
jteddy last edited by
I have been reading the SEC’s Retention of Records Relevant to Audits and Review, and was wondering what measures other organisation’s are taking to ensure they are compliant to this section from an IT prespective.
Are you retaining e-mails, voice messages, all financial system transaction logs, and even logs of users logins and logoffs etc?
My next question is what measures are you taking to ensure the data hasn’t be tampered with, example WORM storage, encryption, MD5 or SHA1 hashing etc?
Based on the 7 year retention times what kind of media are you backing up to for ease of use, cost, etc?
SEC Rule: sec.gov/rules/final/33-8180.htm
For those unaware I have pasted the relevant SEC rule below.
Rule 2-06 – Retention of Audit and Review Records
For a period of seven years after an accountant concludes an audit or review of an issuer’s financial statements to which section 10A(a) of the Securities Exchange Act of 1934 applies, or of the financial statements of any investment company registered under section 8 of the Investment Company Act of 1940, the accountant shall retain records relevant to the audit or review, including workpapers and other documents that form the basis of the audit or review, and memoranda, correspondence, communications, other documents, and records (including electronic records), which:
Are created, sent or received in connection with the audit or review, and
Contain conclusions, opinions, analyses, or financial data related to the audit or review.
For the purposes of paragraph (a) of this section, workpapers means documentation of auditing or review procedures applied, evidence obtained, and conclusions reached by the accountant in the audit or review engagement, as required by standards established or adopted by the Commission or by the Public Company Accounting Oversight Board.
Memoranda, correspondence, communications, other documents, and records (including electronic records) described in paragraph (a) of this section shall be retained whether they support the auditor’s final conclusions regarding the audit or review, or contain information or data, relating to a significant matter, that is inconsistent with the auditor’s final conclusions regarding that matter or the audit or review. Significance of a matter shall be determined based on an objective analysis of the facts and circumstances. Such documents and records include, but are not limited to, those documenting a consultation on or resolution of differences in professional judgment.
For the purposes of paragraph (a) of this section, the term issuer means an issuer as defined in section 10A(f) of the Securities Exchange Act of 1934. [/b]