In the early 2000s, a few events in the financial realm shook the confidence of American investors. If the company names Enron, Tyco, and WorldCom ring a bell, you have probably heard of the accounting scandals associated with them. In order to ensure a debacle like this doesn’t happen again—and to build the confidence of investors—an act was passed by Congress in 2002 called the Sarbanes-Oxley Act or SOX. This act mandated strict reforms put in place to protect investors from fraudulent accounting practices and activities. SOX specifically aims to raise the bar when it comes to financial disclosures from corporations that will prevent accounting fraud.
Many things changed in regards to security and safety in investing and within other facets of the accounting world at the onset of the 21st century. There were also standards set about for digital accounting document storage, and this is where SOX and Generally Accepted Accounting Principles, or GAAP, work together to ensure compliance with accounting standards and digital document storage.
GAAP Retention Guidelines
When it comes to company auditing, SOX states that firms are required to keep every document relating to or having information about that company’s policies or performance. Thus, in the process of document storage, any relevant document containing information about a company that is represented in numbers or words must be retained for audit.
This includes the following digital documents:
- Company emails and email attachments
- Documents retained on computers, e-data, servers, websites, and auxiliary drives
Storing company documents for review is not the only part of the retention guidelines. There are digital requirements for storage of all accounting documents, whether that is client information, account passcodes, or investment strategies as part of GAAP.
The parts of the puzzle that ensure proper compliance with digital document storage and GAAP rules include the following:
- All documents, including email, must be tamper-proof.
- Encryption is paramount; all stored digital documents must have cutting-edge encryption and a digital signature.
- Digitally stored documents must be read only, be password protected, and cannot be deleted.
- A third party must be able to audit digitally stored documents and have document searchability.