Do you know which records to retain?
In the past,
nonprofits may not have paid much attention to the issue of record
retention. But with the passage of the Sarbanes-Oxley Act of 2002,
the subject has become one they can't ignore. Although the corporate
governance law mostly affects public companies, not-for-profits are
subject to two areas: document retention and whistle-blower.
Be aware
of Sarbanes-Oxley
One Sarbanes-Oxley provision makes it a crime
for a corporation or its employees to alter or destroy documents
to prevent their use in official proceedings. In addition, if an investigation
is under way or even suspected, the law requires organizations
to immediately stop document purging or risk criminal obstruction
charges.
Even nonprofits that have had long-standing record retention
policies - or those that have developed them since the passage of
Sarbanes-Oxley - will want to make sure their policies take into consideration
the law's specific requirements. Meanwhile, organizations without
such a procedure will want to create it immediately.
To ensure proper
handling of records, organizations need a mandatory policy that
provides guidelines for both the retention and destruction of information,
including electronic records. Why? A record retention policy makes
certain that important documents are available when needed. It
also saves money, time and space while providing a careful and routine
destruction of unimportant, superfluous or sensitive documents.
Evaluate
your records
Start by determining general document categories.
For instance, records might have historical, legal or administrative
significance. The category they fall into is a significant factor
in deciding whether you'll maintain them and for how long.
Once
you've determined general document categories, develop classifications
that are meaningful to your organization, such as critical, sensitive
and noncritical. Certain documents such as human resource records,
for example, might always be classified as sensitive, while financial
ones should be categorized as critical. Remember to keep records
documenting donor restrictions until requirements are met.
Review
document retention requirements
Your policy will be considered
sound if it's based on federal and state laws and regulations,
and legal or other contractual requirements.
Retention requirements
for some documents are relatively clear. For instance, you should
keep financial or employment-related documents for the minimum
period required by regulatory agencies. Also, keep copies of your
exemption application, tax returns and annual financial statements
permanently.
Meanwhile, records that pertain to your organization's
day-to-day operations may not be subject to any external requirements
for retention. Various funders, including governmental agencies,
may have more extensive retention requirements. If you aren't sure
which retention requirements apply to your nonprofit, consult your
CPA for guidance.
Develop retention and destruction guidelines
When there are no external requirements for maintaining
records, organizations will need to develop their own. A not-for-profit
might decide to keep documents relating to strategic and operational
decisions for five years, but to purge documents and e-mails about
routine matters each month.
The importance of the documents will also
dictate handling and storage considerations. Records should be stored
in a logical manner so you can easily retrieve them. For some that
are essential to keeping your organization operating in an emergency,
you may need multiple backup procedures or to maintain them off
site.
In addition, formulate guidelines for how to destroy
documents. For instance, require staff members to shred all financial and
personnel information, but throw away or recycle meeting agendas.
Apply the policy consistently
Help employees
understand the different types of records and how to distinguish
among them. For instance, e-mails pertaining to the selection
of a new vendor would probably warrant archiving, while those
discussing mundane details about a fund-raiser could be ditched.
A policy provides protection only if it's
consistently followed. It's essential that nonprofits archive
or purge records as scheduled. If a document request is
received from a funder or tax authority or through a subpoena,
and the requested information has been destroyed, it will
be viewed more positively if you can show you've followed
a sound and consistent policy.
Some organizations set up
systems to automatically delete routine records at regular
intervals; others have purge days, where time is set
aside for staff members to review, archive and destroy records.
Be sure to document records before purging them.
No matter what system you use, charge
a staff member with overseeing the document retention
policy and making sure it's properly carried out. This
individual should also periodically review the procedure
to keep it in compliance with new or revised regulations.
Take time
Although creating and adhering to
a policy requires time and effort, it's beneficial because
everyone will be on the same page as to what you are keeping
and for how long.
