Does the thought of going through an audit scare you? According to The American Heritage Dictionary, an audit is – An examination of records or financial accounts to check their accuracy or confirm adherence to policy or regulation. Auditors perform verification and substantiation procedures for financial, compliance and security functions to name a few.
Audits are not something that most of us enjoy going through because of the extra time demands. Your accounting system or ERP has been designed to collect and keep your transaction information. However, can your auditor verify and substantiate the transactions or adherence to policies by matching it to your supporting documentation? If not, you need to take a system of record approach to documentation and you’ll say “bring on the auditors”.
Take the simple paid invoice as an example. In the accounting system there is a record of the invoice and a payment to a vendor for an amount. The auditor can verify the transaction by asking for a copy of the invoice, approval and bank statement to show it was actually due and paid. You can sleep easy if you can pull those documents together and can prove they were the final, unaltered copies. If you can’t produce that information, then you’re not following a system of record approach to document management.
Here is another example. Your compliance policy says you will perform quarterly tests of your vendor hiring practices to ensure requirements are met. Your ERP system can easily produce the report of new vendors. But where did you save the report for that quarter and the corresponding vendor review checklist? And where did you save the evidence that someone actually reviewed the information and confirmed the results met the policy? If you can’t do that, your methods are not part of a system of record.
A good system of record has the following characteristics. First, documents need to be easy to associate to the underlying data. For example, electronic invoicing systems keep the invoice image attached to the data throughout the process. Second, the documentation needs to be confirmed as final and valid, ie. who, what, where and when, otherwise known as logging. Third, the documentation needs to be protected for accidental or intentional deletion or alteration. Lastly, the documentation needs to show that it was actually reviewed and when and by whom, aka workflow.
If your document management system doesn’t have these characteristics, then it isn’t a system of record and it would explain why you are scared of audits. Storing files on a network drive or in a folder based system doesn’t meet these requirements. You could store the record copies of your important documents in locked file cabinets, but then you have to deal with auditors coming to your office and well, you’re still using file cabinets.
imkore Millennia Group has been providing a system of record workflow and document management solution since 1996. For more information contact us or visit our website.
Comments