Is Your Records Management Program Audit Ready?
The Dreaded “A” Word
“Audit.” How does that word make you feel when you read or hear it? Some picture it as people coming into your office and digging through your records to find out what you did wrong and ruin your life. In the late 1800s, during a trial, Lord Justice Henry Charles Lopes said, “The auditor is a watchdog and not a bloodhound.” What a great reminder that the audit process is designed to protect you, your business and community against the harm caused by record managements errors and negligence.
If your records management program is well-maintained and compliant with current state and federal privacy laws, then you can have the peace of mind that comes with knowing you pass your audit, should one be ordered for your business records. But how can you be sure the auditor won’t find fault with your records management practices? In this article, we explain key steps you can take.
How to Prepare for an Audit
- File Indexing and Inventory. Keeping your files in the proper place and maintained is a great start to pleasing and impressing the auditor. This involves knowing the content of every file and having the ability to quickly retrieve it. Quickly locating a specific file the auditor requests will prove that your records management is up to par. File indexing and inventory will make this easy, and includes records that are:
- Tracked with bar codes
- Stored by file type, department, or retention period
- Available 24/7/365
- A Chain of Custody that clearly defines the journey of your records is a must. Keeping a log of where your documents have been and who has accessed them will indicate well-maintained records. At the end of a document’s life, make sure a Certificate of Destruction is issued and kept on file as proof of compliance with data privacy laws.
- File Retention Periods must be monitored and followed. When your document’s lifespan comes to an end, it must be properly destroyed and documented. The use of secure collection containers helps keep information private from when documents are discarded to when they are destroyed. Any auditor will be pleased to note that your company has adhered to required document retention dates.
- Compliance with Privacy Laws that exist to ensure your clients’ and employees’ Personally Identifiable Information (PII) is protected. The auditor will want to make sure that your company is following mandated guidelines like:
- Records Management Partnership with a reputable company will take a load off of your business responsibility and also satisfy the requests of an auditor. Look for a local, experienced records management company that is familiar with all current data privacy laws and retention periods. Being well organized and clearly following privacy laws will help you prevent legal investigation, lawsuits, fines, and the loss of your good reputation.
Who Can Help Me Get My Records Management Program Audit-Ready?
Pacific Records Management offers businesses in Sacramento, Stockton, Modesto, Fresno, Napa and Solano counties a full suite of records and information management services. If you want to increase your audit readiness, give us a call at 800-685-9034 or complete the form on this page.