Add to collection(s) Add to saved
  1. No category

Internal Audit Records Management Policy

advertisement 
Internal Audit Records Management Policy
[This policy was checked and approved by the University’s lawyers in October 2005 and was
regarded as appropriate and fit for purpose.]
Internal audit will comply with the Data Protection Act and Freedom of Information Act. In this
regard Internal Audit will only seek to retain information that is needed for ongoing business
purposes. Extraneous information will be routinely destroyed. Where practicable, a 'golden copy'
of documents / information will be held to reduce unnecessary duplication and ensure that all
copies of documents / information is captured and destroyed in line with this document retention
schedule.
Personal information will be destroyed as soon as it is no longer required for a specific purpose, in
line with the 5th Principle of the DPA.
E-mails will be weeded to ensure that only those needed for ongoing business purposes are
retained and archived.
Document Retention Schedule
Ultimate destruction date
1. Assignment files
<= 6 years
2. Final audit reports
<= 6 years
3. Official UoE Committee papers
<= 6 years
4. Standing reference data
Infinity or as long as they have a usefulness.
5. Application forms from unsuccessful
applicants
<= 6 months
6. Application forms from successful
applicants
<= 6 years from end of employment
7. Timesheets and leave records
<= 6 years
8. Emails

Assignment related
<= 6 years

General office admin
<= 6 years

Other e-mails
<= 6 years
These timescales accommodate known statutory document retention requirements. For example,
taxation (6 years), personal injury (3 years) and debt actions (5 years).
Document Management
Paper files

Assignment files
D:\106756250.doc
Last saved by
Sequenced & uniquely referenced by year of
audit plan and held locally in secure
Page 1
conditions.

Office admin files
Clear reference to topic and / or year, stored
locally.

Standing Reference Documents
Clear reference to topic and / or year, stored
locally.
Electronic files

Assignment files
Sequenced & uniquely referenced by year of
audit plan.

Office admin files
Within agreed structure of electronic folders.

Assignment related
Moved at end of audit assignment to form
part of electronic working file. They are
thereafter treated as part of the Assignment
file.

General office admin

Other e-mails
Emails
Reviewed and weeded annually.
Reviewed and weeded annually.
Document Destruction Process
a. At the end of each audit assignment:
 Complete and sign off the prompt list regarding destruction of data that is
 Sensitive / personal
 Personal
 ‘Weed’ e-mails and save along with electronic assignment file, deleting mails
from Outlook folder.
b. Annually (once new Annual Audit Plan is determined)
 ‘Weed’ office admin files / papers, and destroy as confidential waste if
necessary.
 Destroy, or shred, as confidential waste paper files scheduled for destruction.
 Destroy, or shred, as confidential waste Committee Papers scheduled for
destruction.
 Update Internal Audit’s main database to reflect file destruction of
Assignment files.
Responsible Person
Chief Internal Auditor
23rd February 2004
Re-approved 20th October 2005
D:\106756250.doc
Last saved by
Page 2
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Title: Audit
Title: Audit
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Risk Identification template
Risk Identification template
Download
advertisement