7.6 Safe custody and retention of working papers

Safe custody and retention of working papers is a critical aspect of the audit process to ensure the security, integrity, and availability of the documentation. Here are some guidelines for the safe custody and retention of working papers:

1. Physical Security:
   • Store physical working papers in secure and controlled access areas, such as locked cabinets, rooms, or vaults.
   • Implement appropriate security measures, such as security cameras, alarms, and restricted access controls, to prevent unauthorized access to the physical storage area.
   • Limit access to working papers only to authorized personnel who have a legitimate need to review or handle them.
2. Digital Security:
   • If working papers are stored digitally, implement robust cybersecurity measures to protect them from unauthorized access, hacking, or data breaches.
   • Use secure network connections, firewalls, encryption, and strong passwords to protect digital working papers.
   • Regularly update software and operating systems to ensure they have the latest security patches and protections against emerging threats.
3. Backup and Disaster Recovery:
   • Regularly back up working papers, both physical and digital, to protect against loss or damage due to unforeseen events such as fire, theft, or technological failures.
   • Store backup copies of digital working papers in secure and separate locations, preferably offsite, to mitigate the risk of data loss or destruction.
4. Retention Policies:
   • Develop and adhere to a documented retention policy that outlines the specific timeframes for retaining working papers based on legal, regulatory, and professional requirements.
   • Consider the nature of the engagement, industry-specific regulations, and any contractual agreements when determining the retention periods.
   • Ensure the retention policy is communicated to relevant personnel and consistently followed across the organization.
5. Proper Indexing and Documentation:
   • Maintain a clear and organized system for indexing and cataloging working papers to enable efficient retrieval and reference.
   • Clearly label and document working papers with relevant information such as engagement name, date, auditor’s name, and unique identifiers.
   • Cross-reference and link related working papers to establish logical connections and facilitate traceability.
6. Secure Destruction:
   • Establish procedures for the secure destruction of working papers once the retention period expires to maintain confidentiality and protect sensitive information.
   • Use secure shredding methods for physical documents and ensure proper erasure or destruction of digital files to prevent unauthorized access or data recovery.
7. Compliance with Legal and Regulatory Requirements:
   • Stay informed about relevant legal, regulatory, and professional requirements concerning the retention and disposal of working papers.
   • Ensure compliance with data protection and privacy laws, including the proper handling and protection of personal or sensitive information contained in the working papers.