Back to Newsletter

By: Christie Forbes, HoganTaylor Director of Assurance Operations

What is a document retention policy?

According to the National Federation of Independent Businesses (NFIB), a document retention policy provides for the systematic review, retention, and destruction of documents received or created in the course of business.

Why is a document retention policy necessary?

When discussing document retention, it is easy to approach it from a regulatory compliance or litigation perspective only.  However, effective document retention can also contribute to controlling costs and improved operational efficiencies.  For instance, storing documents, whether physical or electronic, has an associated cost.  Appropriate document retention can limit the amount of documents retained, thus eliminating the costs associated with maintaining unnecessary documents.  Looking for information also has an associated cost; at least 20% of staff time according to Harvard University.  Effective document retention allows documents to be logically organized (and stored in one place) for quicker retrieval.  The following represent other possible cost cutting and operational efficiency improvements:

  • Avoid purchasing unnecessary storage equipment
  • Minimize risk
  • Increased employee productivity
  • Optimize office space
  • Improve capacity to collaborate and share information
  • Support decision making

Who should implement a document retention policy?

GuideStar states The Sarbanes-Oxley Act of 2002 (Act) made it a crime for publicly traded companies to alter, cover up, falsify, or destroy any document to prevent its use in an official proceeding.  This turned document destruction into a process that must be monitored, justified and carefully administered.  Guidestar’s interpretation of the Act indicates that, like their for-profit counterparts, not-for-profit organizations need to maintain appropriate operational records.

How do you develop and implement a document retention policy?

The NFIB outlines the following steps in creating a document retention policy:

  1. Identify a document retention policy manager. The manager will be responsible for the implementation and education of the policy, as well as ongoing monitoring and enforcement of the policy.  Therefore, it is important that the manager be a senior employee with sufficient authority.
  1. Identify documents, both physical and electronic (includes email and voicemail), that your organization produces. Unfortunately there is no one-size-fits-all policy that an organization can adopt.  The documents that should be retained is dependent upon applicable federal, state, and local laws; applicable regulatory requirements; and the mission of the organization.  At a minimum, The National Council of Nonprofits suggests permanently retaining the following documents:
  • Articles of Incorporation
  • Audit reports, from independent audits
  • Corporate resolutions
  • Checks
  • Determination Letter from the IRS, and correspondence relating to it
  • Financial statements (year-end)
  • Insurance policies
  • Minutes of board meetings and annual meetings of members
  • Real estate deeds, mortgages, bills of sale
  • Tax returns
  • Support for permanently restricted contributions

Additionally, The American Institute of Certified Public Accountants created a template for use as a guideline in developing document retention plans for not-for-profit entities.

  1. Decide how long documents should be kept. Again, this is dependent upon laws, regulations, and other requirements applicable to the entity.  Your organization’s internal or external legal counsel or your state’s Center for Nonprofits is a good place to start to identify applicable requirements.
  1. Decide how and where documents should be kept. This decision essentially boils down to cost.  How much can your organization afford to store and secure physical and electronic records for a specified period of time.
  1. Determine how documents should be destroyed. Whether physical or electronic, the end result must be that the document is no longer readable or accessible.
  1. Implement and follow the document retention policy. The manager identified in the first step will play a key role in this phase, so it is important that he or she is part of the development process.

Now that we have covered the W’s and H of document retention policies, it is time for the final letter.  G for Green light, Go for it!


National Federation of Independent Businesses, NFIB Guide to Developing a DRP

Harvard Records Management Services, Controlling Costs and Promoting Efficiency

GuideStar, The Sarbanes-Oxley Act and Implications for Nonprofit Organizations

National Council of Nonprofits, Document Retention Policies for Nonprofits

Back to Newsletter