I pit the IRS

[adaher]

THe IRS lost Lerner’s emails? They were on her computer, not an exchange server? This proves that the IRS is not competent to do its basic job and should be disbanded. Companies are required to keep emails backed up for 7 years. The IRS, on the other hand, leaves them on individuals’ computers where they can be deleted at will. Gross incompetence, stupidity, and no court should ever trust their side of any story against a taxpayer again.

IRS: “This taxpayer owes us $45,000 your honor. Our records shows this to be true.”

Judge: “Your computer records?”

IRS: “Yes your honor.”

Judge: “Case dismissed. Computer records of the IRS are invalid as evidence.”

[Joey_P]

adaher:

Companies are required to keep emails backed up for 7 years.

Which companies? Did you make that up?

[adaher]

Sarbanes-Oxley.

http://www.techrepublic.com/article/what-the-sarbanes-oxley-act-means-for-it-managers/

Although trivialized by mixed personal and business content, e-mails are, in fact, corporate documents and should be preserved. The courts will treat e-mail messages and attachments as business records that must be retained to achieve regulatory compliance. Most large companies have a policy on e-mail communication retention. But is this common practice? The answer may come from a PricewaterhouseCoopers survey titled “Digital Discovery and its Importance on the Practice of Litigation.” Surprisingly, respondents stated that their clients rarely act upon notice of litigation to stop automatic overwriting processes. In another section of the survey, almost 50 percent of the respondents said that e-mails are the most requested electronic data.

The scenario is common: A company gets a new Microsoft Exchange server, and the users are happy with the Outlook calendar and Internet e-mail capabilities. Messages go in and out, but there is no archival process. Backups are sent to tape, which are rotated weekly and overwritten. However, according to Sarbanes-Oxley, if your network administrator is instructed to overwrite the tapes, then your company knowingly allows potential evidence to be destroyed. Depending on your business risks, this scenario could become a malpractice time bomb. In addition, a simple backup of the Information Store with all the mailboxes in your Exchange server will not give you all the e-mails going in or out. So you are at risk when users delete messages, especially if they are engaged in some kind of misconduct.

[adaher]

The Best Defense is Being Proactive About Email Retention

The Sarbanes-Oxley Act imposes strict penalties for the destruction, alteration and falsification of business records. Email and Instant Messages, given their transactional nature, are considered to be viable business records that are subject to legislation prohibiting their intentional destruction. The Act states that companies and their accounting firms must maintain records of their company audits (audit documents) for at least seven years and the Public Accounting Oversight Board stipulates this requirement. To comply, many firms keep their records in paper format, but the massive amounts of electronic data generated make it impossible to store this data for the required 7-year retention timeframe.

But, the Act is clear in that destruction of electronic records, including deletion, carries with it some stiff penalties. Section 802 of Sarbanes Oxley imposes fines of up to $1,000,000 and prison terms of up to 20 years for knowingly deleting an email with the intent to impede, obstruct or influence a current or future federal investigation. Section 103 mandates that audit work papers must be retained for more than five years and a failure to do so is punishable by up to 5 years in prison and/or a fine.

[adaher]

But the IRS, they can destroy their emails for any reason, just because they feel like it. Again, no court should ever trust the IRS over a taxpayers’ word again.

[Joey_P]

Could you cite the part of that law that says “Companies are required to keep emails backed up for 7 years.”

Don’t get me wrong, I’m not saying that if you have all your journal entries or audit trails backed up to email you can delete it because ‘it’s email’, I’m just saying that I don’t see anything there that says I’m required to save all my emails for 7 years.

[Cabbage]

Wait a second, I’m confused. I thought the NSA was kind enough to keep all things like emails and phone calls in that big database of theirs.

Can’t we just ask them for it?

[Skywatcher]

adaher:

http://www.s-ox.com/dsp_getFeaturesDetails.cfm?CID=638

The Sarbanes-Oxley Act imposes strict penalties for the destruction, alteration and falsification of business records. Email and Instant Messages, given their transactional nature, are considered to be viable business records that are subject to legislation prohibiting their intentional destruction. The Act states that companies and their accounting firms must maintain records of their company audits (audit documents) for at least seven years and the Public Accounting Oversight Board stipulates this requirement. To comply, many firms keep their records in paper format, but the massive amounts of electronic data generated make it impossible to store this data for the required 7-year retention timeframe.

But, the Act is clear in that destruction of electronic records, including deletion, carries with it some stiff penalties. Section 802 of Sarbanes Oxley imposes fines of up to $1,000,000 and prison terms of up to 20 years for knowingly deleting an email with the intent to impede, obstruct or influence a current or future federal investigation. Section 103 mandates that audit work papers must be retained for more than five years and a failure to do so is punishable by up to 5 years in prison and/or a fine.

https://www.sec.gov/about/laws/soa2002.pdf
SEC. 103. AUDITING, QUALITY CONTROL, AND INDEPENDENCE STAND-
ARDS AND RULES.
(a) AUDITING, QUALITY CONTROL, AND ETHICS STANDARDS.—
(1) IN GENERAL.—The Board shall, by rule, establish,
including, to the extent it determines appropriate, through
adoption of standards proposed by 1 or more professional groups
of accountants designated pursuant to paragraph (3)(A) or
advisory groups convened pursuant to paragraph (4), and
amend or otherwise modify or alter, such auditing and related
attestation standards, such quality control standards, and such
ethics standards to be used by registered public accounting
firms in the preparation and issuance of audit reports, as
required by this Act or the rules of the Commission, or as
may be necessary or appropriate in the public interest or for
the protection of investors.

(2) RULE REQUIREMENTS
.—In carrying out paragraph (1),
the Board—
(A) shall include in the auditing standards that it
adopts, requirements that each registered public accounting
firm shall—
(i) prepare, and maintain for a period of not less
than 7 years, audit work papers, and other information
related to any audit report, in sufficient detail to sup-
port the conclusions reached in such report;
(ii) provide a concurring or second partner review
and approval of such audit report (and other related
information), and concurring approval in its issuance,
by a qualified person (as prescribed by the Board)
associated with the public accounting firm, other than
the person in charge of the audit, or by an independent
reviewer (as prescribed by the Board); and
(iii) describe in each audit report the scope of
the auditor’s testing of the internal control structure
and procedures of the issuer, required by section
404(b), and present (in such report or in a separate
report)—

116 STAT. 756 PUBLIC LAW 107–204—JULY 30, 2002
(I) the findings of the auditor from such
testing;
(II) an evaluation of whether such internal
control structure and procedures—
(aa) include maintenance of records that
in reasonable detail accurately and fairly
reflect the transactions and dispositions of the
assets of the issuer;
(bb) provide reasonable assurance that
transactions are recorded as necessary to
permit preparation of financial statements in
accordance with generally accepted accounting
principles, and that receipts and expenditures
of the issuer are being made only in accord-
ance with authorizations of management and
directors of the issuer; and
(III) a description, at a minimum, of material
weaknesses in such internal controls, and of any
material noncompliance found on the basis of such
testing.
(B) shall include, in the quality control standards that
it adopts with respect to the issuance of audit reports,
requirements for every registered public accounting firm
relating to—
(i) monitoring of professional ethics and independ-
ence from issuers on behalf of which the firm issues
audit reports;
(ii) consultation within such firm on accounting
and auditing questions;
(iii) supervision of audit work;
(iv) hiring, professional development, and advance-
ment of personnel;
(v) the acceptance and continuation of engage-
ments;
(vi) internal inspection; and
(vii) such other requirements as the Board may
prescribe, subject to subsection (a)(1).

(3) AUTHORITY TO ADOPT OTHER STANDARDS
.—
(A) IN GENERAL
.—In carrying out this subsection, the
Board—
(i) may adopt as its rules, subject to the terms
of section 107, any portion of any statement of auditing
standards or other professional standards that the
Board determines satisfy the requirements of para-
graph (1), and that were proposed by 1 or more profes-
sional groups of accountants that shall be designated
or recognized by the Board, by rule, for such purpose,
pursuant to this paragraph or 1 or more advisory
groups convened pursuant to paragraph (4); and
(ii) notwithstanding clause (i), shall retain full
authority to modify, supplement, revise, or subse-
quently amend, modify, or repeal, in whole or in part,
any portion of any statement described in clause (i).
(B) INITIAL AND TRANSITIONAL STANDARDS.—The Board
shall adopt standards described in subparagraph (A)(i) as
initial or transitional standards, to the extent the Board
determines necessary, prior to a determination of the
Commission under section 101(d), and such standards shall
be separately approved by the Commission at the time
of that determination, without regard to the procedures
required by section 107 that otherwise would apply to
the approval of rules of the Board.

(4) ADVISORY GROUPS.—The Board shall convene, or
authorize its staff to convene, such expert advisory groups
as may be appropriate, which may include practicing account-
ants and other experts, as well as representatives of other
interested groups, subject to such rules as the Board may
prescribe to prevent conflicts of interest, to make recommenda-
tions concerning the content (including proposed drafts) of
auditing, quality control, ethics, independence, or other stand-
ards required to be established under this section.
(b) INDEPENDENCE STANDARDS AND RULES.—The Board shall
establish such rules as may be necessary or appropriate in the
public interest or for the protection of investors, to implement,
or as authorized under, title II of this Act.
(c) COOPERATION WITH DESIGNATED PROFESSIONAL GROUPS OF
ACCOUNTANTS AND ADVISORY GROUPS.—
(1) IN GENERAL.—The Board shall cooperate on an ongoing
basis with professional groups of accountants designated under
subsection (a)(3)(A) and advisory groups convened under sub-
section (a)(4) in the examination of the need for changes in
any standards subject to its authority under subsection (a),
recommend issues for inclusion on the agendas of such des-
ignated professional groups of accountants or advisory groups,
and take such other steps as it deems appropriate to increase
the effectiveness of the standard setting process.

(2) BOARD RESPONSES.—The Board shall respond in a timely
fashion to requests from designated professional groups of
accountants and advisory groups referred to in paragraph (1)
for any changes in standards over which the Board has
authority.
(d) EVALUATION OF STANDARD SETTING PROCESS.—The Board
shall include in the annual report required by section 101(h) the
results of its standard setting responsibilities during the period
to which the report relates, including a discussion of the work
of the Board with any designated professional groups of accountants
and advisory groups described in paragraphs (3)(A) and (4) of sub-
section (a), and its pending issues agenda for future standard setting
projects.

…

[Skywatcher]

SEC. 802. CRIMINAL PENALTIES FOR ALTERING DOCUMENTS.
(a) IN GENERAL.—Chapter 73 of title 18, United States Code,
is amended by adding at the end the following:

‘‘§ 1519. Destruction, alteration, or falsification of records
in Federal investigations and bankruptcy
‘‘Whoever knowingly alters, destroys, mutilates, conceals, covers
up, falsifies, or makes a false entry in any record, document, or
tangible object with the intent to impede, obstruct, or influence
the investigation or proper administration of any matter within
the jurisdiction of any department or agency of the United States
or any case filed under title 11, or in relation to or contemplation
of any such matter or case, shall be fined under this title, impris-
oned not more than 20 years, or both.

‘‘§ 1520. Destruction of corporate audit records
‘‘(a)(1) Any accountant who conducts an audit of an issuer
of securities to which section 10A(a) of the Securities Exchange
Act of 1934 (15 U.S.C. 78j–1(a)) applies, shall maintain all audit
or review workpapers for a period of 5 years from the end of
the fiscal period in which the audit or review was concluded.
‘‘(2) The Securities and Exchange Commission shall promulgate,
within 180 days, after adequate notice and an opportunity for
comment, such rules and regulations, as are reasonably necessary,
relating to the retention of relevant records such as workpapers,
documents that form the basis of an audit or review, memoranda,
correspondence, communications, other documents, and records
(including electronic records) which are created, sent, or received
in connection with an audit or review and contain conclusions,
opinions, analyses, or financial data relating to such an audit or
review, which is conducted by any accountant who conducts an
audit of an issuer of securities to which section 10A(a) of the
Securities Exchange Act of 1934 (15 U.S.C. 78j–1(a)) applies. The
Commission may, from time to time, amend or supplement the
rules and regulations that it is required to promulgate under this
section, after adequate notice and an opportunity for comment,
in order to ensure that such rules and regulations adequately
comport with the purposes of this section.
‘‘(b) Whoever knowingly and willfully violates subsection (a)(1),
or any rule or regulation promulgated by the Securities and
Exchange Commission under subsection (a)(2), shall be fined under
this title, imprisoned not more than 10 years, or both.
‘‘(c) Nothing in this section shall be deemed to diminish or
relieve any person of any other duty or obligation imposed by
Federal or State law or regulation to maintain, or refrain from
destroying, any document.’’.
(b) CLERICAL AMENDMENT.—The table of sections at the begin-
ning of chapter 73 of title 18, United States Code, is amended
by adding at the end the following new items:
‘‘1519. Destruction, alteration, or falsification of records in Federal investigations
and bankruptcy.
‘‘1520. Destruction of corporate audit records.’’.

Where does it say anything about holding email for 7 years?

[adaher]

Oh geez, can we get anyone involved in compliance with companies to vouch for the 7-year requirement? NOt that it isn’t plainly stated. Emails are part of audits and SOX compliant companies archive their emails these days for 7 years.

[adaher]

Another cite:

Quick Guide to SOX Compliance and Email Archiving in 2023

What are the requirements?

Sarbanes-Oxley mandates that all electronic records, audit work papers and correspondence be retained for a period of seven years. Further, tamper proof resources are required to prevent corruption and modification of records.
What is the cost of non-compliance?

Heavy fines, up to 20 years imprisonment and loss of company reputation.
What is the significance of Sarbanes-Oxley compliance?

The rule is designed to protect investors from fraudulent activity and safeguard financial data. All public companies are responsible to implement and practice dependable record management policies that allow for disclosure of information and transparency of business practices.

I guess the public doesn’t need to know when it comes to the IRS.

[Terr]

The dog ate her emails. And yes, adaher is right.

CyberFortress | #1 Trusted Data Backup & Recovery Services

The Sarbanes-Oxley (SOX) Act of 2002 legislates the duration and method in which financial companies must store records. SOX safeguards against accounting errors and financial fraud. SOX specifically states that records, including email, instant messages, and other data files must be saved for at least “no less than seven years”. This allows financial regulators to easily audit transactions and email communications

[drewtwo99]

I know we all want to instinctually argue with adaher at every given moment, but he seems to have provided some pretty good cites that emails probably should be backed up and saved for 7 years in order to keep compliance. And even if there is no law, it’s still inexcusible for the IRS to be throwing the excuse around that the emails were deleted. The IRS should have higher standards for record keeping - including emails - than the minimum that the law requires.

Pains me to say it, but adaher makes a good point in this pitting.

[Sitnam]

Wow, accountant’s flame wars are fucking stupid.

[Skywatcher]

Terr:

The dog ate her emails. And yes, adaher is right.

CyberFortress | #1 Trusted Data Backup & Recovery Services

The Sarbanes-Oxley (SOX) Act of 2002 legislates the duration and method in which financial companies must store records. SOX safeguards against accounting errors and financial fraud. SOX specifically states that records, including email, instant messages, and other data files must be saved for at least “no less than seven years”. This allows financial regulators to easily audit transactions and email communications

drewtwo99:

I know we all want to instinctually argue with adaher at every given moment, but he seems to have provided some pretty good cites that emails probably should be backed up and saved for 7 years in order to keep compliance.

He’s claiming that retaining 7 years of emails is requried by law but can’t seem to point to where the actual Act says this.

[Skywatcher]

By the way, The IRS came up with 24,000 Lerner emails from 2009 to 2011 and said it is producing 67,000 emails to and from Lerner, covering 2009 to 2013.

Also, The IRS has not always backed up all employee emails due to the cost the agency would incur for allowing 90,000 employees to store their information on the IRS’s internal system. IRS employees have the capacity to store about 6,000 emails in their active Outlook email boxes, which are saved on the IRS centralized network, with about 1,800 emails in their active folders prior to July 2011.

[running_coach]

Sitnam:

Wow, accountant’s flame wars are fucking stupid.

Yeah, for every negative thing that’s said, someone has to say something positive.

[Sinaptics]

Skywatcher:

He’s claiming that retaining 7 years of emails is requried by law but can’t seem to point to where the actual Act says this.

I think he’s referring to this:

2. RULE REQUIREMENTS
   .—In carrying out paragraph (1),
   the Board—
   (A) shall include in the auditing standards that it
   adopts, requirements that each registered public accounting
   firm shall—
   (i) prepare, and maintain for a period of not less
   than 7 years, audit work papers, and other information
   related to any audit report, in sufficient detail to sup-
   port the conclusions reached in such report;

However, I’m not sure it applies. For one, is the IRS a public accounting firm? Second, this paragraph is referring to audit reports and not litigation. Normally, the rules of litigation state that data should be retained anytime there is litigation or a likelihood thereof. So the question then becomes, when did they learn and what steps did they take to salvage it.

But that’s all semantics. There is no way that the only copy of her email should have been on her work computer. That’s just idiotic from a technical standpoint. They’re going to get crucified and rightly so.

[drewtwo99]

The law seems written broadly enough that it would take some case law precedence to determine if the IRS ran afoul. adaher isn’t a lawyer and neither are we (except a few of us), so it seems open to interpretation. Anyhow, the point still stands that even if the IRS didn’t break any laws, it’s still incompetent and inexcusable to use email deletion as a reason for not being able to provide evidence or information.

[Sinaptics]

Skywatcher:

By the way, The IRS came up with 24,000 Lerner emails from 2009 to 2011 and said it is producing 67,000 emails to and from Lerner, covering 2009 to 2013.

Also, The IRS has not always backed up all employee emails due to the cost the agency would incur for allowing 90,000 employees to store their information on the IRS’s internal system. IRS employees have the capacity to store about 6,000 emails in their active Outlook email boxes, which are saved on the IRS centralized network, with about 1,800 emails in their active folders prior to July 2011.

I see what they’re saying, but then the correct implementation would be to back up everything from the server, put strict mailbox limits on the employees so that they would have to back up and get rid of non-essential emails so that it’s not filling up space day-to-day, but everything still gets backed-up regardless.