Record Retention Guidelines for E-billing
Record Retention Guidelines for E-billing details FDIC requirements concerning record retention for E-billing by Outside Counsel.
PDF Help - Information on downloading and using the PDF reader.
The FDIC Legal Division has established E-billing guidelines for FDIC Outside Counsel, consistent with the FDIC Office of Inspector General’s audit requirements and the capabilities of commercially available time, billing and accounting software systems increasingly utilized by law firms.
Audits of Outside Counsel have been an integral part of the Legal Division’s internal control and risk management program. Beginning in 1999, the Legal Division recognized the need for a program of independent post-payment fee bill reviews to be conducted by an organization within the Legal Division. To that end, the Risk Management Group (RMG) was tasked with implementing the Legal Division’s Post-Payment Review (PPR) Program to enhance the Legal Division’s internal controls over payments made to Outside Counsel and legal support services providers. The Legal Division also determined that the RMG could effectively fulfill this Outside Counsel audit function by examining e-invoices and corresponding back-up documentation retained by Outside Counsel to ensure compliance with the Legal Division’s policies and procedures.
To facilitate such audit activities, you are required to:
- Retain all E-invoice files, original underlying support documentation for expenses, subcontractor invoices, original or electronic time sheets, and time and expense adjustment records, for at least three years after final payment under the legal referral.
- Retain signed copies of all budget and amended budget forms, as well as signed copies of the Legal Services Agreement (LSA) and Amendments to the LSA.
The Legal Division has also concluded that time billing and accounting software available to the legal profession is able to provide basic internal control features that are consistent with generally accepted auditing standards. Controls deemed to be critical include the following:
(1) unique identifiers (user identification) and/or passwords for
each user of the system;
(2) an access profile for controlling user access to each application;
(3) identification of the individual who entered, changed or deleted data;
(4) an audit trail that identifies dates of entry, change, or deletion;
(5) information that shows the extent of the change or the reason for the deletion; and
(6) provisions for a user identification code or other certification when an E-invoice file is uploaded to the E-billing service provider. These critical internal controls are present in varying degrees in available software packages and formats, but particular weaknesses may exist regarding items (3) and (4) above.
To address these weaknesses and weaknesses created where otherwise adequate internal controls provided in the software are modified or not implemented, Outside Counsel may need to consider appropriate upgrading, supplementation or modification of the software or maintenance of alternative manual documentation as backup, in order to minimize or avoid significant questioned fees and expenses. The Legal Division reserves the right, should there be substantial questioned costs raised on audit based on deficiencies identified in a firm’s electronic timekeeping system, to impose additional documentation requirements to correct these deficiencies. These may include, without limitation, requirements to add specific internal controls through upgrades, supplemental programs, program modifications, or maintenance of alternative manual documentation as backup.
These guidelines are effective for legal fees and expenses incurred on or after August 10, 2009, and are incorporated in the E-billing Deskbook