Sarbanes-Oxley Act of 2002: Retention of Records by Auditors and their Clients relating to Outsourcing
October 9, 2009 by Bierce & Kenerson, P.C.
Summary:
The Sarbanes-Oxley Act of 2002 was intended to prevent future destruction of documents relevant to audits of companies that report their financial information to the U.S. Securities and Exchange Commission. On January 24, 2003, the SEC issued a final rule defining the rules that auditors and issuers and registered investment companies must follow to ensure appropriate document retention procedures.
Significance.
The rule is significant because it affects the trust of investors in the marketplace (including the securities of outsourcing service providers, their customers and their listed advisors). The SEC has estimated that approximately 850 accounting firms audit and review the financial statements of approximately 20,000 public companies and registered investment companies filing financial statements with the Commission.
Rules Applicable to Auditors.
Section 802 of the Sarbanes-Oxley Act of 2002 requires the SEC to promulgate reasonable and necessary regulations regarding the retention of categories of electronic and non-electronic audit records, which contain opinions, conclusions, analysis or financial data, in addition to the actual work papers. The regulations implement this law.
Seven-Year Retention Policy.
The final rule, which is included in Regulation S-X, requires accountants to retain certain records for a period of seven years after the accountant concludes an audit or review of an issuer’s or registered investment company’s financial statements. The proposed rules do not require accounting firms to create any new records. Decisions about the retention of records currently are made as a part of each audit or review.
Documents to Be Retained.
Under the SEC rule, records that auditors must keep for the seven-year period include work papers and other documents that form the basis of the audit or review, and memoranda, correspondence, communications, other documents, and records (including electronic records), which are created, sent or received in connection with the audit or review, and contain conclusions, opinions, analyses, or financial data related to the audit or review.
Effective Date.
Because time may be required to develop systems related to the retention of documents (particularly electronic documents) and to train people to use them, the SEC made the rules effective as of October 31, 2003.
Rules Applicable to Reporting Companies.
Inapplicability to Issuers and Investment Companies.
In issuing the final rule relating to auditors’ obligations of record retention in respect of their audits, the SEC considered “whether issuers and registered investment companies should be required to retain documents that the auditor examines, reviews or otherwise considers during the audit or review but are not made part of the auditor’s records.” Ultimately, the SEC concluded that the rules apply to auditors, and are not intended to cover issuers and registered investment companies.
Under the final rule, reporting companies need not retain the same records or supporting records that are furnished, or made available to, the auditors.