Beruflich Dokumente
Kultur Dokumente
Main Menu
Getting Started
Running The Organisation
o Meetings
o Financial Reporting Requirements
o Document Retention Requirements
Winding Up
When Things Change
This Site
Home
The following outlines some frequently asked questions and answers about keeping records and
documents. Before you read them you should check:
Your organisation's rules (constitution) to see if there is any provision about clients
having the right to inspect their own files or have their records retained;
The organisation's rules, policies or resolutions passed by members requiring that the
organisation's records to be retained for specified period; and
Funding agreements to see if they require records to be kept and retained.
This summary details some of the main record-keeping requirements but is not exhaustive. There
may be others that your organisation needs to comply with depending on the area your
organisation works in or contracts/agreements it has.
maintain proper accounts and records of the transactions and affairs of the society for a
period of at least 5 years
The Companies Act states that a company must keep accounting and other records that will:
sufficiently explain the transactions and financial position of the company; and
enable true and fair profit and loss accounts and balance-sheets and any documents
required to be attached thereto to be prepared from time to time, and
be kept in such manner as to enable them to be conveniently and properly audited.
Source documents that substantiate all transactions in your business - e.g. receipts,
invoices, vouchers, and other relevant documents issued or received from
customers/suppliers;
Accounting records and schedules - manual or electronic records of assets and liabilities,
revenue and expenses, gains (profit) and losses;
Bank statements; and
Any other records of transactions connected with your business.
Please retain and keep proper records of all income derived by the estate/trust and distributions
made to the beneficiaries for a period of seven years from the relevant Year of Assessment (YA).
For YA 2008 and each subsequent YA the record keeping period is reduced from seven to five
years. For information on the types of records, see the "What taxation records do we need to
keep?" section on this page.
The Charities Act states that a charity must keep accounting records to:
entries showing from day to day all sums of money received and expended by the charity
and the matters in respect of which the receipt and expenditure takes place; and
a record of the assets and liabilities of the charity.
These records must be preserved for 5 years and the last trustees of the charity are obliged to
carry out this duty even where the charity ceased to exist within the 5 years.
Note: These requirements do not apply to exempt charities and charitable companies. For further
information on exempt charities please go to www.charities.gov.sg
If your organisation is also an Institution of a Public Character
An institution of a public character must maintain accounting records containing entries showing
—
If your organisation is a fund that is approved to collect tax deductible donations for a limited
period or of a limited amount only, your organisation must maintain separate accounting records
for moneys received for the fund and shall comply with the limits to the approval period and to
the approved amount for donations to be collected.
An institution of a public character must maintain every accounting record for a minimum period
of 5 years from the end of the financial year to which the accounting entry relates.
All IPCs are required to post their financial and non-financial information online on the Charity
Portal.
Your company must maintain proper records of its financial transactions and retain the source
documents, accounting records and schedules, bank statements and any other records of
transactions connected with your business.
For accounting records and supporting documents relating to Year of Assessment (YA) 2007 and
the earlier YAs, your company must retain the records for a period of seven years from the
relevant YA. For YA 2008 and each subsequent YA the record-keeping period has been reduced
from seven to five years.
Please retain and keep proper records of all income derived by the estate/trust and distributions
made to the beneficiaries for a period of seven years from the relevant Year of Assessment (YA).
For YA 2008 and each subsequent YA the record keeping period is reduced from seven to five
years.
With effect from the Year of Assessment 2008 all registered charities will enjoy automatic
income tax exemption without having the need to meet the 80% spending rule.In other words
you do not need to file income tax returns effective from the Year of Assessment 2008.
Some IPCs have been authorised to issue tax deduction receipts. Upon receiving the tax
deductible donations the IPCs should issue tax deduction receipts to the donors.
IPCs can also use the electronic medium provided by the Inland Revenue Authority of Singapore
(IRAS) to issue the tax deduction receipts.
IPCs have to maintain a record showing the particulars of every tax deductible donation
received. The record should include the following items:
These records must be kept for at least 5 years from the end of the year of assessment relating to
the year in which the donation was received.
It is obligatory for charities to disclose the extent of their compliance with the Code of
Governance. The Code of Governance provides these guidelines –
Basic:
There should be documented human resource policies that cover areas such as
recruitment, wages, benefits, training, development actions, performance appraisal and
disciplinary actions, approved by the Board for paid staff and volunteers
Enhanced:
Advanced:
Advanced guidelines address the further areas of insurance, feedback channels, conflict
resolution and exit policies.
CPF
The Record of Payment (Form CPF 90) should be kept for future reference. If you have
misplaced the Record of Payment and request a reprint a service charge will be levied.
Employment Act
Under the Employment Act every employer shall prepare and keep a register showing the
name;
address;
the basic rate of pay and allowances;
the amount earned;
and the amount of deductions made from the earnings of each employee employed by
him; and
such other particulars as may be prescribed from time to time.
The Commissioner may require any employer to forward to the Commissioner a return giving
the particulars requested.
Please refer to the MOM website for more information on who is covered under the Employment
Act.
Under the Workplace Safety and Health Act the occupier must keep the following records in the
workplace:
every document issued in respect of the workplace by the Commissioner for Workplace
Safety and Health under the provisions of this Act;
a copy of every notice furnished to the Commissioner as required under this Act; and
all reports and particulars prepared in respect of the workplace under this Act.
Incident reporting:
An incident report must be submitted to the Commissioner of Workplace Safety and Health for
all accidents, dangerous occurrences and occupational diseases. Employers and occupiers are
required to keep a record of all incident reports for three years. It is an offence to fail to make an
incident report as required by the law.
Note: These requirements do not apply to exempt charities and Institutions of a Public Character.
Every accounting record must be maintained for a minimum period of 5 years from the end of
the financial year to which the accounting entry relates. Total expenses incurred on public fund-
raising appeals in a financial year must not exceed 30% of total donations collected through the
public appeals in that year.
Records of all donations must be kept. (See the section: What documents does my organisation
have to keep?). If the donations are tax-deductible there are additional requirements. (See the
section: What taxation records do we need to keep?). If the total gross receipts from any single
fund-raising appeal are not less than $1 million the institution of a public character must —
Total expenses incurred on public fund-raising appeals in a financial year must not exceed 30%
of total donations collected through the public appeals in that year.
Typically an action can be brought against a person or entity within 6 years of the cause of
action, for example a breach of contract or an act of negligence. Any legal documents that may
be relevant if legal action was to be taken (but is not actual or threatened), for example contracts,
should be kept for atleast 6 years.
If the document, record or information is required by law to be retained in its original form, they
can be retained in the form of an electronic record if the following conditions are satisfied:
there exists a reliable assurance as to the integrity of the information contained in the
electronic record from the time the document, record or information was first made in its
final form, whether as a document in writing or as an electronic record;
integrity is assessed by whether the information has remained complete and unaltered,
apart from the introduction of any changes that arise in the normal course of
communication, storage and display in the light of the purpose for which the information
was generated and the relevant circumstances;
if the document, record or information is to be provided to a person, the electronic record
that is provided to the person is capable of being displayed to the person; and
any additional requirements relating to the provision or retention of such electronic
records specified by the public agency which has supervision over the requirement for the
provision or retention of such records are complied with.
Documents
Document control is core to ISO 9001, and is common to all the other management standards.
It is one of the six procedures that you must document in ISO 9001:2008.
In the new version, ISO 9001:2015, there’s no longer a requirement to document the procedure,
but the requirements regarding control are much the same. The other difference is that
‘documents’ is now broadened to ‘documented information’, which includes what used to be
called ‘records’.
Writing down what you do will make it much easier to train new staff and to audit the process, so
even though it’s no longer a required procedure in ISO 9001:2015, we’d recommend you still
document the process.
So
what
are
the
“controls
needed”?
Answer these questions in your documented procedure and you’ll satisfy the requirements for
ISO 9001 Document Control:
When a new document is found, or is created, how is it approved for release? – who reviews
and approves them? How will I know a document has been approved?
How is documented information identified? – Do you specify titles, numbering, dates? Can a
document be referred to without any confusion?
How will you provide access to released documents everywhere it’s needed? – Can everyone
to get them from the server? What about workers on the shop floor, out on site, on the road? Will
they need hard copies, or some other offline distribution method?
How do you protect the documented information from unauthorised changes, or loss? –
Can anyone edit and delete the files? Do you have master copies stored safely? What about
backups?
When changes are made, how do you identify them? – How will people know if they do, or
don’t, have the updated information? How will I know what has changed between this version
and the latest release? How do I know what version my copy is, or the version of this paper copy
I found?
How do you review, update and re-approve documents? – Do you review on a regular basis
to make sure the information is still correct? Who does the review? How often? Who is
responsible for making changes? How is an updated version approved?
How do you find and control documents from external sources? – e.g. relevant standards,
legislation, supplier product specifications. ‘Control’ being all the previous questions on
approval, review, updates, access…
How do you prevent the use of obsolete documents? – How will you make sure that ONLY
current documents are in use? Are there hard copies to update? How do you keep track of them?
Will you make end users responsible for checking the status of their hard copies before each use?
Will you delete/destroy old documents? How will you identify/segregate/archive obsolete
documents you might want to keep?
Enough
with
the
questions
–
how
about
some
answers!
So what do you need to do, in a practical sense, to control documents?
#1 – put some control information on the document itself – on every controlled document.
Some information will go at the front of the document, and some needs to be on every page
(usually in the footer),
Status Released
This header shows what document I’m looking at (‘4.2.3 Control of Documents’), and answers
the questions on how to tell this document has been approved (‘Released’), and the version (‘3
March 2012’), who is responsible for approving it (‘Management Representative’), and where to
find it (‘Quality Systems Toolbox’)
Here’s an example footer showing information that should be on each page of the document:
the number/name of the document – so you know what it is and can find the master copy, even
if the first page is missing. Some people use the file path or URL of the master copy. e.g.
“G:\Documents\ControlDocuments.doc”, or
“https://demo.qualitysystems.com/documents/control-of-documents”
the revision date or number – so you can easily check to see whether the copy you have is the
latest, even if the first page is missing, or your different (paper) versions get mixed up.
page numbering “page x of y” – so it is easy to see if you are missing a page
In the past, this would have been paper master copies kept in the office, or on the document
controller’s hard drive. Access to the documents was through a ‘gate keeper’ person. More
commonly now it is a file server, or online (e.g., for Quality Systems Toolbox) and access is
granted through user accounts, permissions and passwords.
The documents register is simply a list of all the documents you control. You’ll need one to keep
track of all your management system documents and it helps you to know what needs to be
reviewed. Ideally the register will include the title, revision info (date or number or both), status
(draft, released, etc.) and who is responsible for the document (a name and/or a job title).
e.g.,
POL-03 Health and Safety Policy 3.0 22 June 2011 WHSO Released
POL-04 Drugs and Alcohol Policy 0.6 5 May 2013 Michael Draft
Paper-based registers are hard work – each time you update a document you must also update the
register – often striking out the old line and adding a new line. Spreadsheet based registers are
not much easier to maintain but at least they allow sorting and searching. Online database
document systems are easier, since updating the information stored with the document itself
should flow through to the register, and sorting documents, searching and creating custom lists
(e.g. show all ‘forms’) are usually possible.
Approval: Approving new and edited procedures is best spread around, and approval by the
process owner makes the most sense – e.g. the Sales Manager will approve sales related
processes. Management system documents (like the procedure for document control), will be the
responsibility of the Management Representative. The actual editing of the document may be
delegated to someone else.
The process of releasing a new document or update can be as simple as making the document
available at the designated central location – either adding it to the repository or changing the
permissions to make it available. Notification of the new release to relevant people is usually a
good idea, but be wary of sending every new document notification to everyone in your
organisation – too many notifications means they will all be ignored.
It is good practice to have some indication on the document itself so that the status of hard copies
can be easily determined, e.g. ‘Released’ in the header example above, an approval signature and
date added to the footer of a master paper copy.
Review: You need to review documents regularly to make sure they are up-to-date, suitable and
still reflect your practices. If the practice has changed (for the better) then the document should
be updated, rather than enforcing the old practices from the out-of-date document. Your review
will include checking for changes in standards, regulations, specifications and other external
documents. How often will depend on the process – how important it is and also how new and
changeable it is. Some documents have regulations stipulating how often they must be reviewed
e.g. MSDS must be less than 5 years old. Some of this will be incorporated into Internal Auditing
and Management Review, but make sure all your documents are covered (check the document
register).
Changes: In file-server and paper-based management systems, changes are usually tracked in a
table on the document itself. Sometimes this can be stored external to the document in the
register. Document Management software will usually store the change information in the
database, and a changes table is not required on the document itself.
The document itself should indicate it’s revision status (on the hard copy).
Access: These days, access is usually via logging on to the file server or online document
repository. However, don’t assume this is enough for all situations. The practicalities of
accessing the computer may be difficult/impossible for some locations or some personnel and
you may have to distribute hard copies in these cases. Keep track of where hard copies go for
future reference when updates need to go out and you need to remove the obsolete versions.
External Documents: Finding new external documents required for your business will come
about during normal operations as well as through management review. Control processes are the
same as for internal documents.
Obsolete documents: Keeping a distribution list for hard copies will help you track down the
old copies that must be removed. It’s also common to put the onus on the end user to check their
version against the version shown in the document register or the current version in the central
repository.
Resources
ISO 9001 Timeline - Implementation and Ongoing Management
Non-conformance
Corrective Action
Preventive Action
History of ISO 9001
The six required procedures of ISO 9001
Records required by ISO 9001
Using Process Maps
Supplier Management
Control of Documents
Environmental Management Accounting
Training, Awareness, and Competence
Hierarchy of Controls
Integrate Quality and Safety Management
Problem solving with the '5 Why 1 How' technique
Records for Safety Management
Risk Management
Management Review
Meeting Tactics
Planning for Quality - System
Business Planning techniques
Planning for Quality - Product / Service
Calibration
Internal Audits
Process Improvement - 5S
Inspection and Test Plans
Managing Legal and Regulatory Requirements
Zero to 9001
o Zero to 9001 - the pathway to ISO 9001 accreditation
o 1. Just thinking about ISO 9001
o 2. I need some more info on ISO 9001 - costs, time, resources.
o 3. Getting Started with your ISO 9001 Quality Management System
o 4. Managing people, competencies, and training needs.
o 5. Managing Customer Requirements
o 6. Plan Logistics
o 7. Managing Production or Service Delivery Processes
o 8. Corrective and Preventive Action
o 9. Auditing
o 10. Management Review
o 11. Call in the External Auditor
Management Review
Cost of Quality
o Cost of Quality
o Cost of Poor Quality
o Cost of Good Quality
o Hiring a full-time Quality Manager
o Quality Management Systems - Paper versus Web
Jump to:
ISO 9001:2015
Take a look at our Toolbox, a complete online Quality Management System - no more
paperwork !!
The
six
required
procedures
of
ISO
9001
ISO 9001:2008 requires “documented procedures” for the following six activities:
Of course, these documented procedures will have to be controlled according to the first
procedure listed (Control of Documents).
Any more is up to you. You must determine what further documentation is required in your
company for your Quality Management System to function effectively.
ISO
9001:2015
ISO 9001:2015 does not require any documented procedures, and there are only three pieces of
required documented information that must be “maintained”:
So it’s up to you work out what is needed and how you want to document it.
On the other hand, there is still plenty of documented information that must be “retained” (i.e.
records).
This is part of proving that you ‘do what you say’. These records are also important for making
fact-based decisions on issues in your company.
Like a product inspection, an audit simply compares how things actually are, to how we think
they are and how they ought to be.
Audits help uncover areas that are in need of attention and they can be an opportunity to draw
back from the day-to-day details and to take look at the whole process with fresh eyes. Despite
being such a (potentially) positive tool in the management system toolkit, audits often induce the
same kind of stress as end of year exams!
Obviously a great deal rides on a successful external audit so some anxiety is expected.
However, a good Internal Audit process can reduce the stress, since you can uncover the
problems yourself and resolve them before the external auditor begins.
We suggest you enrol in a professional development course before jumping into the role of
Auditor. An alternative is to use an external consultant to perform your internal audits for you.
Quality, safety and environmental management standards all require audits to monitor and report
on the effectiveness of the management system. This process is also one of the six documented
procedures required by ISO 9001:2008.
A documented procedure shall be established to define the responsibilities and requirements for
planning and conducting audits, establishing records and reporting results.
What
does
an
internal
audit
process
look
like?
Each company will have their own particular method, but it will generally follow the same
process.
Plan
your
Audit
Programme
Internal Audits need to be scheduled at planned intervals to check that the quality system
conforms to requirements and that the system is effective. ‘Requirements’ include the standard
itself, as well as the company’s own requirements (i.e., it’s own procedures and policies).
You don’t need to audit every process all at one time. The External Audit may be like this, but
internal audits can be spread out with different processes audited at different times – a series of
‘mini-audits’.
The standard does not set out a required audit frequency. Instead, it recommends that you
consider how important the processes are, their risks, their prior history of problems, and also
your quality objectives. With a series of ‘mini-audits’ you can set different audit frequencies for
different processes.
If you are implementing a new management system, we recommend that you should have
audited all the processes identified in your management system at least once prior to the initial
Certification Audit.
Work
out
who
will
audit.
An auditor should be objective and impartial. You cannot audit processes that you manage /
control yourself. This means you will need to have at least two internal auditors trained and
available. However, due to lack of resources, or sometimes with the crossover of responsibilities
that is common in small businesses, having two impartial auditors may not be possible. In this
case, you may need to consider using an external resource.
Define
the
requirements
for
each
audit.
The plan already identifies the area you will audit, now you need to define what criteria you will
audit against. Sometimes this takes the form of a formal checklist with a pre-determined list of
questions. You can also use a copy of the procedure being audited and mark this up with
questions and points to verify. You’ll need to identify what records should be checked to verify
the process.
Any previous findings or issues related to the audit area should also be checked.
Even with pre-defined questions, an auditor will still need to ‘follow their nose’ if something is
not quite right.
You can define the criteria for the audit prior to each audit rather than having to set this up at the
planning stage.
These requirements (checklists, documents, records, etc) should be communicated to the auditee
some time prior to the actual audit taking place. (Specify the time in your audit procedure – a
week is reasonable)
Conduct
the
audit
An audit usually starts with an opening meeting where the auditor meets the auditee(s), sets the
expected timetable and out how the audit will be conducted.
During the audit, the auditor will work systematically through the checklist or procedure,
examining evidence that the process meets the criteria. It’s common to markup the checklist with
notes and a quick finding result, e.g.,
C = compliant,
NI – needs improvement,
NC – non-conformance,
When recording the audit, it is important to write down exactly what evidence was examined to
establish the finding – regardless of the finding. e.g. auditing employee training records the
auditor writes:
Usually the auditor will discuss the finding with the auditee before recording it. This is to ensure
the finding is understood and to confirm there is actually a problem, e.g. the auditee above may
reveal that Joe Bloggs’ personnel folder includes a separate safety briefing record with the
required signature. This can sometimes negate the finding, or just change it – i.e. the signature is
there, but it is not following the procedure. In this example, the consequences of not following
the procedure are minor and the audit finding should reflect that.
The audit will finish with a closing meeting where the lead auditor gives an overall summary of
the audit and discusses each audit finding to ensure they are understood.
Document
the
Audit
findings
An external certification auditor will submit a formal written report on the audit to management
several days later and it’s common for an internal auditor to do the same. However, there’s no
requirement in the standard for a formal audit report. You simply need to ensure the findings are
recorded and communicated to management. You could just record the findings and their details
in your non-conformance form & register (or as an ‘Issue’ in QSToolbox).
You will need to retain records of the audit which will typically include:
Take
Action
on
those
findings!
Findings raised at both Internal and External Audits need to be addressed with corrective actions.
If the audit reveals that we don’t do as we say, then we either change what we do, or change
what we say…
At the next audit, the auditor will verify that the corrective actions taken were effective in
bringing the management system into compliance.
More
info…
Have a look at the auditing process using QSToolbox.
The ISO Standard ISO 19011 has guidance on auditing. It sets out requirements on training and
experience for auditors, and requirements for how audits should planned, conducted and
recorded.