Storage of financial records - key control? 2435



  • In terms of file retention, does your company require off-site storage of certain paper records?
    If so, do you deem that a key control?
    I understand that every company has different requirements, and I don’t think there are external rules regarding where a company stores its documents. It is the management’s responsibility to ensure the file storage location is secure. I mainly wanted to see what other companies do in terms of making that part of the SOX key controls.



  • Generally, document retention would not be considered to be a key control for SOX purposes. Of course there are always exceptions to the rule.
    Document retention typically impacts compliance with statutory requirements…HIPAA, PCI, etc.
    I would not encourage including document retention within scope for SOX as it will result in another control that must be periodically teUSDted each year or as appropriate for the control frequency.



  • Thank you, Milan. And I liked the term ‘teUSDted’. 😄



  • Thank you, Milan. And I liked the term ‘teUSDted’. 😄


Log in to reply