Retention of documents related to lawsuits is one of only two provisions of Sarbanes-Oxley that are applicable to nonprofits. Nationally recognized nonprofit attorney Tom Silk wrote this Model Document Retention Policy on a pro bono basis for CompassPoint Nonprofit Services to use and to make available for all nonprofits.
This document management policy is designed to conform with the charitable laws of states which, like California, given the Attorney General an unusually long statute of limitations (10 years) within which to bring an action for breach of charitable trust.
Three items to note in particular:
- First, think about this as part of document management, rather than simply document retention; holding on to documents too long is an unnecessary expense.
- Second, there may be some documents that are worth saving for the community’s sake or for the sake of clients that go beyond these legal guidelines.
- And third, remember that e-mail messages are documents that should conform to these guidelines.
Document Management Policy
For each document, add its location or where it is stored.
- Accounts payable ledgers and schedules: 10 years
- Accounts receivable ledgers and schedules: 10 years
- Audit reports of accountants: Permanently
- Bank statements: 10 years
- Capital stock and bond records: ledgers, transfer payments, stubs showing issues, record of interest coupon, options, etc.: Permanently
- Cash books: 10 years
- Checks (canceled, with exception below): 10 years
- Checks (canceled, for important payments; i.e., taxes, purchase of property, special contracts, etc. [checks should be filed with the papers pertaining to the underlying transaction]): Permanently
- Contracts and leases (expired): 10 years
- Contracts and leases still in effect: Permanently
- Correspondence, general: 4 years
- Correspondence (legal and important matters): Permanently
- Depreciation schedules: 10 years
- Donation records of endowment funds and of significant restricted funds: Permanently
- Donation records, other: 10 years [Note: Donation records include a written agreement between the donor and the charity with regard to any contribution, an email communication or notes of or recordings of an oral discussion between the charity and the donor where the representative of the charity made representations to the donor with regard to the contribution on which the donor may have relied in making the gift.]
- Duplicate deposit slips: 10 years
- Employee personnel records (after termination): 7 years
- Employment applications: 3 years
- Expense analyses and expense distribution schedules (includes allowance and reimbursement of employees, officers, etc., for travel and other expenses: 10 years
- Financial statements (end-of-year): Permanently
- General ledgers and end-of-year statements: Permanently
- Insurance policies (expired): Permanently
- Insurance records, current accident reports, claims, policies, etc.: Permanently
- Internal reports, miscellaneous: 3 years
- Inventories of products, materials, supplies: 10 years
- Invoices to customers: 10 years
- Invoices from vendors: 10 years
- Journals: 10 years
- Minute books of Board of Directors, including Bylaws and Articles of Incorporation: Permanently
- Payroll records and summaries, including payments to pensioners: 10 years
- Purchase orders: 3 years
- Sales records: 10 years
- Scrap and salvage records: 10 years
- Subsidiary ledgers: 10 years
- Tax returns and worksheets, revenue agents’ reports, and other documents relating to determination of tax liability: Permanently
- Time sheets and cards: 10 years
- Voucher register and schedules: 10 years
- Volunteer records: 3 years
Warning: All permitted document destruction shall be halted if the organization is being investigated by a governmental law enforcement agency, and routine destruction shall not be resumed without the written approval of legal counsel or the Chief Executive Officer.
[Note: this language, which is not typically included in document management policies from accounting firms, provides important additional guidance and protection for the organization.]Note that organizations that see patients or clients may also have special document retention and privacy policies related to patient and client information.
See also:
Any information as to how long nonprofits must retain child care signed consent and release forms from a program activity or convening? Thanks!
It depends on the statute of limitations for personal injury in the state in which your nonprofit is located/activity takes place. A participant injury may not be realized or reported when it occurs. For adults, the statute of limitations in most states is 2 years; however, some states have a 1 year statute, while other states have 3, 4, 5 and 6 year statutes. In most states, the statute of limitations does not begin to run until the minor reaches the age of majority (typically 18 years of age), so in a state where the statute is 6 years, the minor could bring a claim before he/she reaches the age of 24. Best practice … this means you should hold waivers for 10-20 years depending on the age of the participants.
You should consider retaining the ‘wet signature’ copies for 12 months and then scan into a PDF for archiving.
Most injuries/claims from an activity/event are going to be reported fairly soon, if not immediately. Use your judgment and establish a policy for document retention based on type of event/exposure.
How long do you keep grant proposals that relate to a private foundation grant award? Does that fall under the “significant funds” category of keeping permanently?
I need document retention for nonprofits specifically for Ohio. where can I find that information. Thanks
What about donor acknowledgements related to annual giving, sponsorship, and other monetary gifts? In this day of databases that record the date that an acknowledgment was generated and send, do non-profits need to keep an electronic copy of the letter to the donor or is it sufficient to just list the date that an acknowledgement was sent?
This list mentions canceled checks, but who even gets those anymore? Do we need to print the image of our canceled checks off from our online banking? Or is the record of payment (the bottom stub of our checks that we keep) good enough? Thanks!
What about dissolved nonprofits?
Here is my response to a couple of posts.
Electronic Records: generally speaking electronic records are acceptable if image is a true and accurate representation of the original. The only exception would be items with a raised seal.
Keeping records on site: records should remain readily accessible. The term readily accessible could vary based on related laws an regs, although it basically means being able to retrieve in a reasonable amount of time.
Access to corporate records: your records management policy is what should dictate whom can access records. The principle of least privilege is what should guide access. Basically says people should have access to information they need to perform their job.
These are great questions! Keep them coming.
We are a community reentry program for a county jail. We do not provide medical services. How do I find the length of time for client record retention?
Electronic records are an acceptable format unless the paper has a raised seal on it. On the director / officer access. Is really comes down to if they need access to these records to perform job duties. Access should always be granted on this principle.
Can a director be refused access to corporate records? Can officers refuse access of corporate records to a director?
My non profit deals with aid to low income Seniors for rent. How long should client files be kept on sight? Note: Most of our terminated files are a result of Client’s demise.
What are your thoughts on the method of retention. Must we maintain the "paper record" or is an electronic storage method acceptable"?
We checked with Michael Freedman, CPA, a partner at the Bethesda, Maryland accounting firm, He said, "electronic is OK!".
We’re still not yet determined on the length of time and which in turn records end up being kept from 501c3 includes legally closed. We were a nice group as well as records will be stored within a former member’s home.
www.voice-over.org
Would like counsel/suggestions on how to handle this situation. Our 501 c2 Foundation has received a check for $1,000 from a Family Charitable Trust. It clearly states that the individual family member making the contribution cannot receive any goods or services. They have however, requested that a portion ($450)of this $1,000 be allocated to paying the green fees of three people (not related to donor) for the golf outing we run each. All proceeds from this outing go to support the general operating expenses of our Foundation. As the individual that has made the contribution is not receiving any direct benifit from their contribution we believe that it will be ethical for us to honor this request. Your thiughts please.
Hello,
As a member of the working force, you possess specific statutory rights specifically designed to protect injured employees in the event that you are injured while performing in the course and scope of your employment. Workers’ compensation provides limited insurance coverage for injured employees for lost of wages, medical treatment, vocational rehabilitation and retraining, if necessary.
workers’ compenstion lawyer Louisiana
It would be nice if you included what needs to be shredded when disposing. Obviously bank records and employee records. But what about time cards that do not have any personal info on them other than first and last name?
I would say that most things would be acceptable in electronic format. Definitely check with your CPA and attorney, as in a few circumstances paper or microfilm are the only acceptable media. Dallas Document Scanning
What about expired insurance policies–automobile, building, workers comp for a non-profit? Keep permanently? 10 years? 7 years? I can’t seem to pin down this information and the IRS website doesn’t help! Thanks for any insight you can offer.
Likely, yes, electronic documents will cover the need for keeping permanent records. If you are choosing to depend on electronic back ups, you must have safe off-site storage practices.
Be sure to check with your CPA firm, attorney or other advisor for a specific ruling on your situtation.
Still interested in question earlier — do electronic records suffice for permanent records? Hoping someone can answer. Thx.
We’re also trying to find out if electronic records suffice for permanent records. Can anyone answer this question?
1. Do documents referring to “employees” (eg, applications) also include unpaid volunteers?
2. Also, was there ever a response to the question about whether electronically stored scans of supporting documents suffice as document retention?
Here is an IRS publication I actually found to be somewhat helpful and informative:
Publication 4221-PC (07-2009) — http://www.irs.gov/pub/irs-pdf/p4221pc.pdf
I found that publication, as well as links to other Compliance Guides, here:
http://www.irs.gov/charities/article/0,,id=210721,00.html
Still can’t seem to find anything specific for New York guidelines — I hope ten years covers it…
Thanks!
lovely.
Is a private foundation, that does not receive donations from any governmental bodies or governed by any governmental bodies, subject to the State’s retention policy as noted in the article?
Does anyone know according to Sarbanes-Oxley what documents must be kept as hard copies and what can be kept as electronic copies or can all copies be kept as electronic copies?
I am still not clear on how long and which records need to be kept after a 501c3 has legally closed. We were a small group and the records are being stored in a former member’s apartment (with not a lot of room.)
What is the appriate amount of time to retain closed files on insurance producers?
Linda
B. E.
January 24, 2011
Any idea where I can get a list like this for a non-profit high school in Maryland?
I work with a non-profit agency that started approximately 15 yrs ago. Nothing, since the beginning of time, has been disposed of and we will be beginning the undertaking of clearing out unnecessary – outdated information. Your article is wonderful to guide us in what we are able to shred, however, we are meeting a lot of resistance with the older crew regarding the "need" for the 12 year old document. If you could give a brief explanation as to the benefits of cleaning house, that would be extremely helpful as well. Thank you, Heather D.
The recommendation for tax-related documents is permanent. Is there some sort of IRS regulation that requires permanent retention or is this your recommendation based on your experience of working with nonprofits? I haven’t found anything on the IRS website but have found different information specific to certain types of tax records (income,etc.), so I’m curious about why these would be listed as permanent. Thank you!
Can we destroy records of an organization that has shut down; no more staff, board or funds to pay for storage? Thanks.
Thanks! I’m an undergrad working on a service project for a youth organization. It’s a new nonprofit being sponsored by my team. This retention/management policy is exactly what I was looking for.
We are a non-profit agency that hosts several support groups. What is the records retention requirement for former members of a support group who are deceased.
Are electronic copies just as good, meaning, can a non-profit scan its documents and shred originals?
Has anyone provided the answer to this question? I am facing the same issue. Thanks.
I am doing research for an educational non-profit. Any chance that you would know how long application and alumni records should be kept, or whether or not these files would need to be saved in hard copy form?
I have seen both 10 and 7 years for invoices. Timesheets / cards typically are tied to Fair Labor Standards Act (FLSA). Last time I checked they had a 3 year from creation retention period, but should check state laws.
curious to know where the 10 year retention time comes from for invoices to customers and paid invoices to vendors Time sheets and cards, 10 years? thanks, Joel Petitti
Good question! These kinds of issues should be discussed when developing or revising the non-profit records management program and related policy. Permanent retention may not be a useful way to describe records of a closed non-profit. Perhaps something like life….non-profit plus x years would work much better in situations like these.
How long should a non profit agency keep records of former members of a support group who are now deceased?
I have questions about what to do with the records that should be kept indefinitely: What if the nonprofit, heaven forbid, has to close it’s doors? Must they try to budget for an indefinite repository of those records?
PCI-DSS Policy will require that you document the legal, regulatory, and business requirements for data retention. Most companies incur fines for keeping credit card numbers longer than needed. The bottom line is to dispose of credit card numbers after payment is processed.
http://www.vistul.com
Nice article 🙂 .
Where can I read the California codes that pertain to document retention for donor gifts and gift certificates
thank you
Re the prior comment: I’ve practiced law since 1992 (and had the immense pleasure of working for some years with Tom Silk, who founded the largest nonprofit law firm on the West Coast decades ago). In my experience, which includes five years of litigation and subsequent corporate practice at a national firm, it is extremely rare to see a policy that is produced for a client and intended for practical use by the Board larded with footnotes to all the different cites that apply. I’d be curious to know if the prior commentator actually sends this kind of product to clients on a regular basis.
A true records retention policy should cite specific laws and regulations to back up it’s retention periods. Anybody can put together as list of document and record types and say that’s how long you should keep them.But why? The citing of specific legal authority is what makes the retention schedule useful for combating claims of spoliation in litigation. If you were following your policy and schedule and were acting on good faith because you believed that a specific law or regulation was controlling in terms of your retention period then it will go a long way toward stopping an adverse jury instruction about unlawful destruction of documents – even if you were in error about the controlling law or regulation as it applied to your case.
Thanks to you Blue Avocado readers who brought the absence of donor records and other items to our attention. Tom Silk has amended and clarified the policy (July 2009) and we hope it will be helpful. Thank you for your comments . . . such comments are contributions to all the readers. Jan
Where can I get the July amended policy?
The policy has been amended on the site, so that the one now up is the amended one. Thanks for asking!
I have pulled Silk’s Model Document Retention Policy for Nonprofits up, from a google search. The date of the policy is given as Jan. 14, 2009. How do I find the July revision?
Thanks.
Yur loyal reader,
Barbara West
The article now up is the amended one, although the original publication date still appears. Hope this answers the question!
Jan, I am interested in reviewing the amended and clarified policy (July 2009) you mentioned above. Can you tell me how to access it/where I can find it? Thank you! Susan Arts Council of Johnson County
The amendments have been made directly to the article, so that the one that is now up on the Blue Avocado site is the revised one. Thanks for asking! Jan
I took donor records to be covered by Accounts Receivable.
My question is this: how does email correspondence fit in to records retention?
Give consideration to this principle whenever thinking about the form in which records reside. Retention is NOT governed by the form or format, or the method of conveyance of the information.
Information is retained solely based on the content and its value. The criteria for assessing a retention period are:
Legal or statutory requirements (establishes MINIMUM required retention)
Regulations by an Agency responsible for your industry segment (ditto above)
Business needs relative to the information (may exceed required retention)
Historic, Enduring or Intrinsic value (to your organization or the Public)
And consideration given to retaining information longer than required or to serve business purposes should be weighed against any potential risk to your organization of discovery in a legal case. That said, if you are aware of any potential pending or actual lawsuit related to information the records support, you MUST RETAIN THE INFORMATION until such time the legal action is completed.
Lawrence J. Medina
Danville, CA
RIM Professional since 1972
RIMMAN.LARRY@gmail.com
This list is great, and I appreciate the acknowledgment of state laws with a longer statute of limitations, however I agree about the lack of tailoring to nonprofits, particularly for the same reasons (donor records).
Also, with payments via credit card increasing, shouldn’t some allowance for confidential credit card information be made? I get nervous about keeping credit card numbers for donors for as long as ten years.
Hope you are blacking out those numbers.
This is a bit disappointing. This listing doesn’t seem to be tailored to a nonprofit organization. How long should records relating to donor gifts be kept? The answer is different depending on whether there are restrictions on the gift.
And this is an operational policy. Is there a good sample of a board level policy?