Hardly anyone keeps paper records anymore. Naturally, the IRS knows this, so auditors ask for your electronic accounting records.
Problem #1: Software files often contain data beyond the audit years.
Problem #2: Software programs routinely create metadata for every data file created.
So how do you keep the IRS from snooping around the personal and confidential business information that's contained in those files?
Employers across the country are scrambling to decipher the legal rules for filing … retaining … protecting … and destroying their e-records. And each decision seems to lead to another question (Must I keep hard copies, too? Do the "separate files" rules also apply to electronic personnel records? Is "delete" the same as "destroy"?). Get the answers here...
Data and metadata
Regardless of how your accounting records are kept—on paper or electronically—the rule is the same: You only need to produce the documents auditors ask for in their Information Document Request (IDR).
An IDR will most likely ask you to provide a copy of your original accounting software backup files. Backup files may be provided on CDs, DVDs or flash/jump drives, but the files must be exact replicas of your backup files. You can't, for example, create new files by re-inputting the data or converting the data into Excel spreadsheets.
Metadata—data about data—describes how, when and by whom a particular item or set of electronic information was collected, created, accessed, modified and formatted. The IRS can request this data, too, provided it's relevant to the audit.
Hitch: The IRS broadly defines relevancy. It considers metadata relevant because it speeds audits by identifying a transaction's original date, the dates entries were changed, your internal controls and the username of the person who made the entries. Same warning: Don't re-create files that remove metadata.
When it comes to electronic records, mistakes are easy to make – and very expensive to undo. To find out how to avoid the legal pitfalls in electronic document collection, storage, retention and disposal, get Electronic HR Records: Compliance & Best Practices Workshop today!
Best electronic file practices
Sticking to the conventional advice of only providing auditors with the electronic files they requested in the IDR might not be so easy to do, owing to limitations placed on backup procedures by software manufacturers.
What are your options if you can't create computer files specifically for auditors, and free access to your backup files can tempt auditors into expanding the audit based on what they see?
Until software manufacturers improve their file backup processes, you can take these steps to ensure that auditors have access to the requested information, and nothing more.
- Cooperate with the auditors by voluntarily disclosing electronic files. Why: Auditors must return the original electronic (or paper) files to you. They don't have to return anything they receive in response to a subpoena.
- So they can read your electronic files, auditors will request the accounting software administrator's username and password. To address concerns about sharing this information, preserve the existing password and then change the password to a temporary one—IRSaudit, for example. Then create your backup file for the auditors and change the password back.
- Don't wash personal or confidential company data from your files. The IRS may access personal and confidential data during an audit, but must keep that information confidential.
- Close out electronic files at the end of a year and open new files at the beginning of the next year, but back up the old year's files. That allows you to provide auditors with a backup file created immediately at the close of the audit years. This isn't a perfect solution, since the closed-out year may still contain confidential data (e.g., customer lists), but it will lessen the amount of extraneous data provided to auditors. However, auditors may request transactions for the months prior to and after the tax periods under audit, if transactions in those months are relevant to the data they seek.
- Condense files for years prior to the audit year. The IRS will accept this, provided the condensed data don't include transactions created or changed for the audit year or transactions from prior years that have an impact on the audit year.
Going Back Even Further: If the scope of an audit expands, auditors may request a backup file that was created before the date the files were condensed. They may also request a copy of an archived file that was created during the condensing process. If you don't have a complete understanding of the condensing process, contact the software provider before you condense any files.
In this audio recording, attorney and nationally recognized record-keeping expert Joe Beachboard examines today's (and tomorrow's) electronic record-keeping issues, providing practical advice on communicating your policies to managers.
Electronic HR Records: Compliance & Best Practices Workshop covers:
1. Record Retention: What, Where and For How Long?
How electronic retention rules differ from paper standards
How to know when it's safe to scan a document and dump the paper original
Retention policy changes needed due to Lilly Ledbetter Fair
Pay Act requirements
The best methods for keeping records safe and secure
Electronic I-9s: How to comply with the strict new federal rules on completing, signing and retaining
The four steps you must include in your electronic I-9 program
2. Enforceable Agreements: What's Legal in the E-world
Legal requirements when allowing individuals to complete applications online
What counts as a "legal" electronic signature
When can you change company policies via email?
The key steps to an effective electronic records management system
and Information Management
Which records you must be prepared to produce if hit with a legal complaint
What's a "litigation hold" and when are you required to apply it to your electronic records disposal?
The safest way to dispose of electronic HR records – and the questions to ask yourself before you do so
How little-known Federal Rules of Civil Procedure should alter your policy for storing and deleting company emails
Get your copy today!