Internal Audit Records Management Policy

By Jeremy Woods,2014-11-25 10:32
17 views 0
Internal Audit Records Management Policy

    Internal Audit Records Management Policy

    [This policy was checked and approved by the University’s lawyers in October 2005 and was regarded as appropriate and fit for purpose.]

    Internal audit will comply with the Data Protection Act and Freedom of Information Act. In this regard Internal Audit will only seek to retain information that is needed for ongoing business purposes. Extraneous information will be routinely destroyed. Where practicable, a 'golden copy' of documents / information will be held to reduce unnecessary duplication and ensure that all copies of documents / information is captured and destroyed in line with this document retention schedule.

Personal information will be destroyed as soon as it is no longer required for a specific purpose, in thline with the 5 Principle of the DPA.

    E-mails will be weeded to ensure that only those needed for ongoing business purposes are retained and archived.

Document Retention Schedule

     Ultimate destruction date

    1. Assignment files <= 6 years

    2. Final audit reports <= 6 years

    3. Official UoE Committee papers <= 6 years

    4. Standing reference data Infinity or as long as they have a usefulness.

    5. Application forms from unsuccessful <= 6 months


    6. Application forms from successful <= 6 years from end of employment


    7. Timesheets and leave records <= 6 years

    8. Emails

    <= 6 years ; Assignment related

    <= 6 years ; General office admin

    <= 6 years ; Other e-mails

    These timescales accommodate known statutory document retention requirements. For example, taxation (6 years), personal injury (3 years) and debt actions (5 years).

Document Management

Paper files

    Sequenced & uniquely referenced by year of ; Assignment files

    audit plan and held locally in secure


    Last saved by Page 1


    Clear reference to topic and / or year, stored ; Office admin files


    Clear reference to topic and / or year, stored ; Standing Reference Documents


    Electronic files

    Sequenced & uniquely referenced by year of ; Assignment files

    audit plan.

    Within agreed structure of electronic folders. ; Office admin files


    Moved at end of audit assignment to form ; Assignment related

    part of electronic working file. They are thereafter treated as part of the Assignment


     ; General office admin

    Reviewed and weeded annually. ; Other e-mails

    Reviewed and weeded annually.

Document Destruction Process

    a. At the end of each audit assignment:

    ; Complete and sign off the prompt list regarding destruction of data that is

    ; Sensitive / personal

    ; Personal

    ; ‘Weed’ e-mails and save along with electronic assignment file, deleting mails

    from Outlook folder.

    b. Annually (once new Annual Audit Plan is determined)

    ; ‘Weed’ office admin files / papers, and destroy as confidential waste if


    ; Destroy, or shred, as confidential waste paper files scheduled for destruction.

    ; Destroy, or shred, as confidential waste Committee Papers scheduled for


    ; Update Internal Audit’s main database to reflect file destruction of

    Assignment files.

Responsible Person

Chief Internal Auditor

     rd23 February 2004 thRe-approved 20 October 2005


    Last saved by Page 2

Report this document

For any questions or suggestions please email