How to Conduct a Remote Audit

Most audits are conducted on-site, not because it’s practical or convenient but because it has become customary over the years. Since the dawn of accounting, in-person audits have become a facet of doing business that we begrudgingly accept. In fact, most companies conduct internal audits to be 100 percent certain that they are maintaining compliance with SOX, SOC 1 (Type 1 and Type 2), SEC Rule 17, and other external and internal compliance regulations.  Although it’s worked reasonably well, technology now permits businesses to conduct audits remotely, which means greater flexibility for business, reduced auditing costs, and greater peace of mind. But how do you conduct a remote audit? And how do you know if your business is prepared for remote accounting audits?

What Technology Do You Need to Conduct a Remote Audit?

For companies interested in conducting remote audits, it is important to recognize that technology is the key to unlock this useful capability. Enterprise Content Management (ECM) systems that combine Document Management, Mobile Content Management, and Workflow Automation are ideal for driving remote auditing capabilities. ECM facilitates the digitization of all enterprise documents, which leads to expanded options for dealing with documentation both in and out of the office. Here’s how it works:

  • Enterprise Content Management: a single, integrated platform that connects with your existing Enterprise Resource Planning (ERP) system and provides the framework for the various technologies that make remote audits possible.
  • Document Management: technology that digitizes documentation and provides a secure, centralized repository from which all documents can be accessed, reviewed, and processed by approved users.
  • Mobile Content Management: technology that facilitates access to your organization’s digital repository by providing remote access to mobile devices. Mobile Content Management not only allows users in the field to process documents without returning to the office but also permits auditors to collect and review documents remotely for faster, less expensive audits.
  • Workflow Automation: advanced automation that leverages Robotic Process Automation (RPA) to streamline workflows and automate processes from start to finish. It also helps auditors find what they’re looking for more quickly and allows organizations to automate records retention using RPA-powered policies.

Are Remote Audits Right for Your Business?

ECM permits remote access, allowing approved users to source documentation from throughout your organization. It also allows businesses to create and control access by auditors using the same ECM system. In other words, you can provide temporary credentials to an auditor, allowing them to access the documents they require (and only those documents). This capability is ideal for SMEs and large enterprises that handle a large volume of documentation, such as invoices, sales orders, packing slips, and even onboarding forms.

The other benefit of using an ECM system to perform a remote audit is that it doesn’t limit your businesses to the types of audits it can perform. ECM is designed to be utilized across the enterprise in Accounting, Finance, Legal, Customer Service, Human Resources, and more. These departments often process thousands of documents per month, which creates a significant burden for your auditor if they are tasked with finding documents manually.

What Are the Benefits of Remote Auditing Technologies?

There are many benefits for businesses that conduct remote audits. First and foremost, it makes the process of undergoing an audit simple. Your company provides their auditing firm with an ECM user account with approved permissions that dictate what the auditor can access. Related transactional documentation is also readily available as long as your ECM system supports digital paper trails. Leading ECM systems operate as a “single source of truth” or SSOT. That means your auditor can find everything they need within a single, integrated system. Other benefits include:

  • Provides a central repository with robust search capabilities based on any recorded criteria (i.e., invoice #, vendor name, item #, date, logo, and more)
  • Supports centralized access from decentralized locations
  • Reduces audit fees
  • Accelerates audit completion
  • Captures all transactional documentation using automated Optical Character Recognition (OCR) software, ensuring that no documents are ever lost, damaged, or destroyed
  • Organizes documentation contiguously.
  • Validates and updates information in real-times
  • Improves business intelligence with robust analytics capabilities
  • Tracks auditor activity and progress
  • Guides auditors using plain-text notifications
  • Generates reports that are useful for both your organization and the auditor
  • Allows your organization’s decision-makers to easily review audit results whether conducted internally or externally
  • Facilitates customizable, scalable dashboards that deliver convenient self-service analytics reporting for each audit
  • Conducts multiple audits simultaneously from disparate locations

What Happens After You Embrace Remote Auditing Technologies?

Once you start to conduct audits remotely, it doesn’t necessarily mean the end of on-site meetings. These will continue to occur, although much less frequently, and these interactions should be streamlined due to the added organization and file access provided by your ECM system. Collaboration with auditors and your department heads will be accelerated for faster resolutions. The company-firm relationship will remain strong, and perhaps even improve thanks to the added efficiency of ECM.

It’s still important to meet face-to-face every now and then, but in an increasingly digital world, it’s not unrealistic to believe that these types of interactions are already being phased out in favor of meetings conducted over Zoom and other video conferencing platforms. Additionally, auditors are freed from long stints as a company’s on-site guest — something all parties admittedly appreciate. Your auditors will no longer need to travel, billable hours will be reduced, and you will gain greater control over the cost of audits. Your company will, ultimately, avoid audit projects exceeding projected timetables and budgets, resulting in mutual satisfaction in your fiscal relationships.

Needless to say, remote auditing is highly advantageous for all parties. ECM provides the platform to keep it convenient and cost-effective, allowing your organization to focus less on checks and balances and more on future growth.

To learn more about how remote audits can help your business save money, preserve time, and maintain compliance, contact IntelliChief today.

Regulatory Compliance Tips for Your Company Documentation

Regulatory compliance takes major effort — and that effort often spans an entire organization.

Everyone in your company, from your CEO to  Accounts Payable Director, IT Director, and every employee under their management, is responsible for doing their part to maintain compliance. Of course, we trust that our hard-working employees are satisfying their end of this unspoken contract, but how do we verify this?

Regulatory Compliance Is Easier for Companies That Go Paperless

When it comes to records, companies have to control who is able to view, edit, or delete them. They also need to keep a comprehensive paper trail of every single access point or revision. This allows companies to passively maintain a robust record of recordkeeping-related actions while implementing layers of failsafes to ensure that all documents are available as required by policy, regulation, and law.

The more documents that flow through an organization, the harder it is to account for the complete security of each and every record contained in your file.

One way to make this easier? Taking key business processes paperless.

When you’re able to manage your documents electronically, regulatory compliance and risk management becomes much easier because access control is a built-in feature. It’s one of the easiest, most hands-off risk mitigation strategies that you can adopt.

Compliance Tips for Keeping Up With Document Retention Regulations

SOX, HIPAA, SEC Rule 17…every industry is responsible for maintaining compliance with numerous document retention regulations, and as time passes, these regulations are only getting more comprehensive — and specific. There are riches to be made in the pursuit of businesses that fail to comply, which, inversely, means companies can save money by safeguarding their operations from noncompliance.

Follow these compliance tips to protect your business:

Examine Your Company Documentation

Go through the documents that you currently have stored, whether on-site in a filing cabinet or off-site through a professional service. Decide what you need to keep and what is old enough to be destroyed. Pay close attention to document volume and the types of documentation your organization is tasked with storing securely. You want to develop a profile of your company documentation that will help you create a highly practical retention strategy.

Develop a Retention Strategy

Think about the documents that are continuing to flow into your organization. You need to develop a strategy for collecting, categorizing, and protecting them. When your company documentation falls into the wrong hands, it opens the door for potential violations.

Do you have an effective strategy for dealing with documentation from Accounts Payable, Customer Service Human Resources, Sales/Order Processing, and other departments?

Whether your company deals with large volumes of contracts, invoices, or employment applications, it’s important to identify the proper retention policies that your company is responsible for satisfying.

Leverage Enterprise Content Management

If you currently use (or plan to use) an Enterprise Content Management (ECM) system, see if there are settings that will let you automate burn policies to destroy documents once they’re no longer needed. Not only will you no longer have to worry about deleting files manually but you will also benefit from less “digital clutter.” Another popular option made possible with an ECM is maintaining a back-up server to retain copies of deleted documents in a separate repository.

Map Out and Secure Your Recordkeeping Workflows

You’ve developed a retention strategy, now it’s time to apply it to the way you process documents.

Start by mapping out your workflows so that you can identify potential weaknesses, such as employees manually handling sensitive documents when they don’t need to. Furthermore, you should make certain that financial and transactional data is only sent to the people who absolutely need to see it.

Configure your workflows based on your specific business processes to ensure that your company documentation can only be managed by approved users. You can build additional security protocols into your workflows, too.

Integrate With Your Other Systems of Record

Do you want to experience best-in-class content management? Integrate your core systems of record (ERP, CRM, HCM, HRIS, etc.) with your ECM system to facilitate the flow of information throughout your organization. When connected, these systems can update your data automatically in real-time. At the same time, they can keep your business-critical data safe by implementing permission-based rules to ensure that company documentation is accessible to members across your organization.

Support Digital Audit Trails

Do you find yourself getting lost along the audit trail? If your policies are ever called into question, you may need to show detailed information about who has handled your company’s records. You need to be able to understand the who, what, when, where, and why of every piece of company documentation. An automated digital audit trail can help you maintain such a record without any additional work.

Get More Regulatory Compliance Tips From Our Experts

When it comes to regulatory compliance, it’s crucial to develop a plan before problems arise. Even a short delay can end up costing your organization thousands. Being proactive is better than losing hours (and reputation) to after-the-fact incident management.

If you’re ready to refine your internal policies, contact IntelliChief. We can help you implement a document security and lifecycle management plan that’s aligned with your industry’s unique regulations.

OSHA Record Retention Requirements

OSHA Record Retention Requirements

OSHA Record Retention Requirements

The Occupational Safety and Health Administration (OSHA) is a part of the United States Department of Labor formed by the OSH Act. They govern the health and safety of certain public sector employers and workers as well as the majority of private sector businesses. OSHA is oftentimes perceived as a pest in high-risk industries like construction and manufacturing, where an OSHA inspector can arrive with little notice to assure compliance with OSHA rules, regulations, and record retention requirements.

OSHA is unavoidable. Its jurisdiction covers more than 7 million worksites across the United States, the District of Columbia, Puerto Rico, the Virgin Islands, and beyond. While OSHA inspections are generally the result of imminent danger situations, severe injuries and illnesses, worker complaints, referrals, targeted inspections, or follow-up inspections, it doesn’t require an on-site injury to find yourself at odds with OSHA. For example, OSHA inspectors commonly require employers to provide specific documentation for review. If you can’t produce the proper documentation, you could be cited, forced to pay a fine, or issued a stop-work order until the required documents are made available to your inspector.

Are you following OSHA record retention requirements? Or does your record retention policy put you at risk of noncompliance? This article aims to answer all of your most pressing questions about document retention and how to keep OSHA inspectors off your back.

OSHA Document Retention Compliance Is an Uphill Battle

OSHA doesn’t make it easy to maintain compliance, especially when seeking answers to your questions about OSHA document retention. For instance, when it comes to injury and illness recordkeeping, which utilizes OSHA Form 300A, the employer must submit the documents electronically. However, other forms of documentation like lockout/tagout inspections or noise exposure measurement records might never make the transition from paper to digital.

Over time, you can expect that OSHA will continue to tighten its retention guidelines and push towards more digital recordkeeping. By digitizing all OSHA-related documentation in the near future, you can get a head start while ensuring that your company is meeting all OSHA document retention requirements.

What to Do When OSHA Asks for Documentation

As soon as an OSHA inspector arrives at your worksite, you should inform them that any requests for documentation should be issued in writing. Ask them to be specific and to list the exact documents that are required for review — no more, no less. Having this request in writing will also prevent the inspector from citing you for a document they didn’t request.

If these documents have already been stored electronically utilizing the document management technology in your Enterprise Content Management (ECM) system, you can retrieve them instantly and send the inspector on their way. If they must be retrieved manually, your onsite representative should run the request up the ladder to management. Familiarize yourself (and your team) with documents that aren’t required to be produced under any circumstances, including:

  • Post-accident investigations
  • Insurance audits
  • Consultant reports
  • Employee personnel information

Producing extraneous documentation that reveals any noncompliance could result in a citation. Only provide records as required by law.

OSHA Record Retention Requirements Vary by Industry and Document Classification

OSHA standards and the General Duty Clause dictate how employers are required to create, retain, and produce certain documents while under inspection by an OSHA compliance officer. There are small variances in the OSHA record retention requirements for different industries. For consistency, we will focus only on general industry requirements.

OSHA 300 Log of Work-Related Fatalities, Injuries, and Illnesses Document Retention

Employers must retain the OSHA 300 Log, the annual summary, and the OSHA Incident Report forms for five years past the end of the calendar year attributed to this documentation. To be precise, the OSHA 300 Log is required to be retained on an “establishment basis” as governed by NAICS codes.

General Duty Clause Document Retention

There are no specific standards or retention requirements for “recognized hazards” covered under the General Duty Clause. This doesn’t insinuate that these documents should be neglected. The best practice for General Duty Clause document retention is to retain any training records dealing with “recognized hazards” for the duration of employment, including:

  • The written policy
  • Training records
  • Disciplinary documents for policy violations

Additionally, there are certain documents dealing with General Duty Clause obligations that may be classified as exposure or medical recordkeeping requirements. Be diligent when building your records retention policy to avoid any potential pitfalls, especially when it comes to OSHA records retention requirements.

Lockout/Tagout (LOTO) Document Retention

The OSHA Lockout/Tagout (LOTO) standard, also referred to as “Control of Hazardous Energy,” mandates that employers maintain logs verifying that periodic inspections by authorized employees are being performed at least once per year. LOTO document retention guidelines stipulate that these logs be maintained for a minimum of one year or until a new log is validated and certification is issued. LOTO training records for individual employees should be saved for the length of employment.

Personal Protective Equipment (PPE) Document Retention

There are several written certifications regarding hazard assessment and employee training that must be retained for the duration of a worker’s employment. PPE records for individual employees should also be retained until the employee is no longer employed.

Occupational Noise Exposure Document Retention

OSHA recommends that employers retain noise exposure measurement records for a minimum of two years and audiometric test records for the duration of employment.

Bloodborne Pathogens Document Retention

OSHA employs the “duration of employment plus 30 years for employee exposure records. Training records must be retained for far less; only three years from the date of the training. Still, many employers choose to retain these records until the employee is no longer working for their company.

Respiratory Document Retention

Similarly, employers must retain records pertaining to employee medical evaluations for 30 years past the final date of employment. Employee results from the most recent fit-test should also be recorded and maintained until the results of the next test have been collected.

Hazard Communication Document Retention

According to OSHA, “Chemical manufacturers and importers are required to evaluate the hazards of the chemicals they produce or import, and prepare labels and safety data sheets to convey the hazard information to their downstream customers.”

Furthermore, they require all employers with hazardous chemicals present at their workplaces to label them accordingly and update safety data sheets for their exposed workers. Each safety data sheet (SDS) must be retained for 30 years beyond the duration of employment for all exposed employees. Employers must also retain copies of all SDSs for every chemical currently being used.

Process Safety Management (PSM) Document Retention

The Process Safety Management of Highly Hazardous Chemicals standard (29 CFR 1910.119) states:

The employer shall complete a compilation of written process safety information before conducting any process hazard analysis required by the standard. The compilation of written process safety information is to enable the employer and the employees involved in operating the process to identify and understand the hazards posed by those processes involving highly hazardous chemicals. This process safety information shall include information pertaining to the hazards of the highly hazardous chemicals used or produced by the process, information pertaining to the technology of the process, and information pertaining to the equipment in the process.

OSHA requires process hazard analyses (PHAs), related employee records, and verification records to be retained for the duration of the covered process or the employee’s tenure. Process safety information (PSI) documents used for developing, maintaining, auditing, and managing processes should also be retained for as long as the process is being used.

Finally, employers should save incident investigations covered by the PSM standard for at least five years as well as the two most recent compliance audit reports. Failure to comply with these retention policies could result in a citation, fine, or penalty.

Emergency Action Plans (EAPs) Document Retention

OSHA has not mandated time-specific document retention requirements for emergency action plans (EAPs). However, they do require that employers develop and maintain a written EAP for review during inspection. Small teams of fewer than 10 employees do not need to maintain a written EAP.

Permit-Required Confined Spaces Document Retention

Employers are required to retain canceled entry permits for a minimum of one year. They should also be reviewed within one year following each entry. In regards to employee confined space training records, it is recommended that employers retain these records for the duration of employment.

Electrical Safety Document Retention

OSHA’s electrical safety standards contain no specific record retention requirements. It is still recommended that employers retain these records for the length of employment. When conducting an electrical exposure hazard survey, the employer should retain documentation until the hazard is no longer present.

Powered Industrial Trucks Document Retention

The powered industrial truck standard contains no specific retention requirements for initial training certificates or those issued for three years following a near miss. While there is no specific mandate, these training certifications should be retained for the duration of employment for each employee to protect against liability.

You’ve Satisfied All OSHA Record Retention Requirements. Now What?

When it comes to record retention, OSHA-related documentation should only comprise a small percentage of your total paper volume. Invoices, receipts, contracts, employee files, medical records, and more must also be retained for varying amounts of time depending on state and federal laws as well as your internal policies. The key is to make the transition from paper to digital documents; whether in Accounts Payable, Accounts Receivable, Human Resources, Shared Services, or any other department. Once all of your information can be managed electronically, you can apply automated retention policies for every type of document in your organization, ensuring that your burn policies are executed according to your specific rules. You will never worry about audits or compliance ever again.

To learn more about how IntelliChief Retention Manager develops automated retention policies to optimize your document management capabilities and streamline compliance, click here.

Clear Choice ECM

Why IntelliChief Is the Clear Choice for Enterprise Content Management

Clear Choice ECM

IntelliChief is the clear choice for Enterprise Content Management (ECM), helping you meet your ROI requirements while streamlining and automating your company. Users can create, capture, manage, archive, retrieve, and distribute mission-critical documents directly from their PCs, eliminating the need for storage facilities, fax machines, copiers, and paper files.

As the industry leader in Enterprise Content Management, IntelliChief helps companies of all sizes go paperless with a typical ROI procured within one year or less. IntelliChief’s time-tested methodology is easily integrated with existing ERP systems and business processes. In fact, as one of the only universal integrations on the market, IntelliChief is uniquely suited to help companies across all industries regardless of their existing ERP infrastructure.

IntelliChief uses its workflow functionality to focus on business process improvements, resulting in smarter, more powerful results for users. It is easily incorporated into existing business applications without any customization or coding. IntelliChief enhances business processes in numerous ways, including:

Integrates Seamlessly With Any Enterprise Resource Planning System

IntelliChief integrates with any Enterprise Resource Planning (ERP) system, providing users with document retrieval directly from the ERP application, and access to the application data itself. It enables auto-indexing and the ability to initiate the workflow process. As the most flexible integration on the market, IntelliChief can be deployed across the private and public sectors to enhance businesses over every type.

Helps Employee Manage Problem Resolution

A documented, electronic version of business processes expedites approvals, automating sending and receiving of files for reviews, along with other related operations. IntelliChief enters all documents in electronic format for easy retrieval and resolution so employees can serve customers quickly.

IntelliChief creates a faster process by electronically routing information to the right person to approve, then route to customers or vendors. The workflow engine helps gain better visibility of the entire business process by notifying employees where certain documents are in the business process. It lets authorized users focus on the task at hand without worrying about following up on requests or hunting for lost transactions.

Complies With Industry Regulations

The electronic trail available for authorized users guarantees compliance with industry regulations. You’ll be able to meet specific deadlines to avoid penalties. IntelliChief is designed for highly flexible document retention rules. These rules help provide detailed audit trails and security against unauthorized access and loss of records.

Offers Web-Based Access from Any Location

IntelliChief offers full functionality through a Web browser. It is available to all authorized users from any Internet-accessible location where there is Internet access. IntelliChief is accessible directly from a green screen, a GUI, or a Windows-based dashboard.

Brings a Wealth of Knowledge and In-Depth Technical Support

IntelliChief has helped hundreds of clients across all industries solve their paper problems and business process challenges. They have long-standing expertise and are industry experts who offer support for all types and sizes of businesses to meet specific support requirements. Support includes highly trained personnel, offering both on-site and live remote assistance to respond quickly to problems for complete resolution.

Are you interested in learning more about how ECM and Automation can help your business gain a competitive advantage? Contact IntelliChief today to learn more about why IntelliChief is the clear choice for Enterprise Content Management, and how our award-winning, time-tested solutions have helped hundreds of customers work smarter, not harder.