| Information Type | Information Class Code | Information Class Name/Description | Retention Period | Retention Event Trigger |
|---|---|---|---|---|
| Audit | AUD100 |
Corporate Policies and Procedures Manuals and related materials. Examples Include: • Policies and Procedures Manuals | IND | Retain indefinitely (Because a firm retention period cannot be determined in advance, the status of these records must be periodically reviewed. The records must be destroyed when they are no longer needed for operational, tax, audit, or legal purposes.) |
| Audit | AUD120 |
Records from external financial audits of company and business units not covered elsewhere. Examples Include: • Audit Committee Notes or Minutes • Audit Work Papers—External Financial Audits • Audit Correspondence—External Audit Oversight • Preliminary and Final Audit Reports—External Financial Audits • Management Responses—External Financial Audits • Supporting Documentation—External Auditor Oversight | 7 years | Retention period begins when the record is created. |
| Audit | AUD130 |
Records related to audits and investigations by governmental agencies. Includes governmental agency orders, hearing notices, audit reports, and correspondence. Does not include litigation or tax audits and appeals. See LEG150 for Litigation See TAX130 for Tax Audits and Appeals Examples Include: • Governmental Agency Audits, Reports, Inspection Reports, Notices, of Violation, Warnings, Citations or Hearing Notices • Governmental Agency Correspondence • Governmental Agency Hearing Notices • Governmental Agency Orders | Act+ 3 years | Active for the life of the investigation. The retention period begins when the investigation has concluded. |
| Tax | TAX100 |
Federal, State Income & Franchise Tax Returns Records that represent actual tax returns and related work papers for federal, state, and local income and franchise taxes. Examples Include: • Federal/State Income Tax Returns • Income and Franchise Tax Work papers | IND | Retain indefinitely. |
| Tax | TAX120 |
Federal, State Property Tax and Miscellaneous Tax Returns Records that represent actual tax returns, related work papers, audits and appeals for property taxes and federal and state miscellaneous taxes that are not classified separately elsewhere. Examples Include: • Property Tax, Sales & Use Tax or other Miscellaneous our Federal or State Tax Returns • Estate and Gift, Occupancy, Real Property, Excise, or Stock Transfer Taxes • Tax Work papers | IND | Retention period begins when the record is created. |
| Tax | TAX130 |
Tax Audits & Appeals Audits, audit work papers and appeals related to audits and appeals. Examples Include: • Tax Appeals • Tax Audit Reports • Tax Work papers | 15 years | Retention period begins when the record is created. |
Records Management and Retention
APPENDIX 5-R: Sample Retention Schedule Excerpt
Don't show this message again
Navigation
Table of Contents
- Front Matter
- Chapter 1: Overview of Compliance and Ethics Practice
-
Chapter 2: Foundational Materials and Program Infrastructure
- Essential Elements of an Effective Ethics and Compliance Program
- APPENDIX 2-A: Sample Letter to Vendors
- APPENDIX 2-B: Sample Nonretaliation/Nonretribution Policy
- APPENDIX 2-C: Sample Compliance Officer Job Description
- APPENDIX 2-D: Sample Audit Review Form
- APPENDIX 2-E: Sample Confidentiality Statement
- APPENDIX 2-F: Sample Hotline Information Sheet
- APPENDIX 2-G: Sample Compliance Issue Follow-Up Form
- APPENDIX 2-H: Glossary of Compliance-Related Terms
- The History of the Organizational Sentencing Guidelines and the Emergence of Effective Compliance and Ethics Programs
- Beyond the Sentencing Guidelines: Governing Directives, Guidelines, and Standards from around the World
- Components of an Effective Compliance and Ethics Program
-
Chapter 3: Implementing a Program
-
Getting Started
- Initial Steps for Building a Program
- APPENDIX 3-A: Compliance Program Implementation Action Plan
- APPENDIX 3-B: Compliance Job Description
- APPENDIX 3-C: Compliance Program Risk Inventory
- APPENDIX 3-D: Sample Compliance Committee Charters
- APPENDIX 3-E: Sample Policies and Procedures
- Making the Business Case: Selling Compliance and Ethics to Management
- Appendix 3-F: Benefits of a Compliance Program
-
Compliance Standards and Procedures
- Creating a Code of Conduct
- Communicating Values Across Cultures: Globalizing Your Code Of Ethics
- APPENDIX 3-G: General Checklist for Global Code Implementation
- Developing and Implementing Policies for an Effective Program
- APPENDIX 3-H: Sample Policy Prioritization Matrix
- APPENDIX 3-I: Sample Policy Development Workflow
- APPENDIX 3-J: Sample Policy Template
- APPENDIX 3-K: Sample Policy Implementation Master Tracker
- APPENDIX 3-L: Sample Communication Plan
-
Program Oversight and Management
- Structuring the Chief Ethics and Compliance Officer and Compliance Function for Success: Six Essential Features of an Effective CECO Position and the Emergence of the Modern Compliance 2.0 Model
- Board Engagement, Training and Reporting: Strategies for the Chief Ethics and Compliance Officer
- APPENDIX 3-M: Twenty Questions that Boards of Directors Should Ask about Compliance and Ethics*
- APPENDIX 3-N: Web Conference: Not Your Father’s Board Training
- APPENDIX 3-O: Web Conference Q&A: Not Your Father’s Board Training
- YES—A Board can Positively Affect Culture: 10 Practical Actions
- Delegation of Authority
-
Education and Awareness
- Essential Steps for Ethics and Compliance Program Branding and Marketing
- APPENDIX 3-P: Branding and Marketing Resources
- Training by Design
- The Effectiveness of Compliance Training
- Fraud Awareness Training: Enhancing a Low Cost, High Impact Control in Challenging Economic Times
- 3M’s Transparency Journey: Using Ethics and Compliance Cases as Teaching Tools
- Onboarding as a Key to an Effective Compliance Program
- Auditing and Monitoring
- Internal Reporting Systems
-
Investigation and Response
- Creating an Organizational Investigations Program and Conducting Effective Workplace Investigations
- APPENDIX 3-R: Checklist for Assessing Investigation Capabilities
- APPENDIX 3-S: Sample Internal Investigations Policy
- APPENDIX 3-T: Sample Upjohn Warning
- APPENDIX 3-U: Sample Evidence Collection Worksheet
- APPENDIX 3-V: Sample Key Allegations Worksheet
- APPENDIX 3-W: Key Facts Worksheet
- APPENDIX 3-X: Sample Investigation Report Form 1
- APPENDIX 3-Y: Sample Investigation Report Form 2
- APPENDIX 3-Z: Sample Policy Against Retaliation
- APPENDIX 3-AA: Instructions to Witnesses
- Independent Investigations Overseen by the Audit Committee: Procedures and Guidance
- Root Cause Analysis: A Critical Ethics and Compliance Practice
- Taking a Broader View of Compliance Risks and Enforcement Readiness: Tips on Maintaining Good Regulatory Relationships, and Preparing for Grand Jury Subpoenas and Search Warrants
- Discipline and Incentives
- Risk Assessment and Management
-
Getting Started
- Chapter 4: Measuring Effectiveness
-
Chapter 5: Specific Compliance and Ethics Risks
-
Anti-Corruption and Anti-Bribery
- Anti-Corruption and Anti-Bribery Compliance Programs
- APPENDIX 5-A: Additional Resources on Anti-Corruption and Anti-Bribery
- APPENDIX 5-B: Considerations in Initially Planning or Reviewing Your Training Program
- APPENDIX 5-C: Checklist for Managing Third-Party Risk
- APPENDIX 5-D: Common Red Flags Indicating Heightened Potential for Corruption
- The UK Bribery Act 2010
- APPENDIX 5-E: Bribery Act Resources
- International Recognition for Compliance and Ethics Programs: The 2010 OECD Good Practice Guidance on Internal Controls, Ethics and Compliance
- A Global Standard to Address Bribery Risk: ISO 37001: Anti-Bribery Management Systems Standard
- Anti-corruption Laws/Regulations in Latin America
- APPENDIX 5-F: Latin America Anti-corruption Resources
- Anti-Money Laundering
- Antitrust/Competition Law
- Conflicts of Interest
- Entity-Specific Risk Management
- Environmental Liabilities
- Government Contracting and Relationships
- Government Enforcement Actions and Disclosures
- Identity Verification
- Labor/Employment
- Mergers and Acquisitions
-
Privacy and Data Protection
- A Data Privacy Compliance Program Primer: A Snapshot of Data Privacy Regulations, Risks, and Compliance Program Effectiveness Strategies
- Does GDPR Apply to My Organization?
- The Role of the Data Protection Officer in Europe
- A New Decade in Data Privacy: Complying with the CCPA
- Bring Your Own Device Policies and Practices
- Cybervigilance and Cyber-resiliency
- Cyber Insurance Guidelines for Corporate Compliance and Ethics Executives and Boards of Directors
- APPENDIX 5-L: Determining your Company’s Cyber Insurance Needs
- APPENDIX 5-M: How to Prepare for and Reduce Costs for Cyber Insurance
- APPENDIX 5-N: Common Cyber Insurance Mistakes to Avoid
- Data Mapping: A Necessary Risk Management Tool for Simplifying Data Compliance
- APPENDIX 5-O: Typical Data Map
- APPENDIX 5-P: Data Map Survey Worksheet
- Security Incident and Data Breach Response
- Records Management and Retention
- Social Media
- Supply Chain
- Technology and Compliance
- Trade Compliance
-
Anti-Corruption and Anti-Bribery