Maintenance of electronic financial records is not a new concept, but the last two years have pushed many companies and organizations to convert paper driven processes to an electronic format. Regardless of the method used to maintain financial and other records, the principles of strong internal controls, appropriate oversight and sufficient documentation should still apply.
In establishing an electronic record keeping system, consideration should be given to what type of information will be maintained, how long it will need to be accessible, the volume of information as well as which employees should be accessing what information. Privacy legislation and confidentiality may impact how some information is stored and secured.
Canada Revenue Agency requirements
Canada Revenue Agency requires that business records be maintained for a minimum of six years, which includes electronic records, which must be in an electronically readable format. This is an important consideration when changing software platforms to ensure that there is an appropriate archive of your data to meet these requirements.
Engaging an IT professional may be prudent to assist with software selection, network design and advice regarding the security of the overall platform. Unfortunately, cyber security threats continue to be an issue for many companies and organizations and the methods of attack are always evolving. Ensuring that you have an employee or an external advisor with the knowledge to protect your electronic data and ensure that the security protocols are current is a key control.
Considerations for cloud-based accounting software
Accounting software has been available for many years, with many products now offering cloud based services. Cloud based accounting records allows any authorized employee to access the information and process transactions from any location, as long as an internet connection is available.
Companies can provide access to the records on an as needed basis to accountants or other advisors on a “read only” basis, which reduces risks associated with sending data through email or storage devices. When evaluating a cloud based accounting software, some considerations include:
- access controls, eg. ability to designate rights to view data or make changes,
- ability to store source documents within the software, eg. invoices,
- audit trail, ie. ability to track who made entries or changes within the software,
- integration with other financial software such as e-payments or payroll,
- reliability of the platform, eg. amount of typical downtime,
- Understanding which data controls are provided by the platform and which are the responsibility of the customer, eg. regular back up of data,
- where the data is physically located, eg. in your home country or elsewhere.
Other practical considerations
One of the most important controls is segregation of duties, which is the concept of having at least two people involved with a process to reduce the risk of fraud or error. This particular control can be recreated in an electronic environment by separating tasks or requiring two people to electronically indicate their participation.
Some software may have this as a built in feature, or a separate process may need to be developed. For example, some financial institutions have the ability to require two people to login to approve electronic payments before they are processed, which replaces the dual signature on physical cheques.
Strong internal controls and documentation are important whether your records are paper based or electronic based. Controls over financial transactions should be reviewed on a regular basis to ensure they are effective and operating as intended. As your processes evolve, the affected controls should evolve as well.
Contact our Compliance Team for advice on valuing your client’s business, determining income for support purposes, calculating economic losses, or any other financial analysis you may require. Fill in the form below to get started.