Legal Support Services Deskbook
Appendix C - Electronic Billing/Timekeeping
NOTE: These Guidelines were written for outside counsel but
also apply to experts and LSS providers.
NOTE: You are required to retain copies of all invoice packages and original underlying support documentation, including time sheets and time and expense adjustment records, for three years after final payment under the legal referral. (Refer to Chapter 1 and Chapter 6.)
February 15, 1998
The FDIC Legal Division is establishing electronic billing guidelines for FDIC outside counsel, consistent with the FDIC Office of Inspector Generals audit requirements and the capabilities of commercially available time, billing and accounting software systems increasingly utilized by law firms. These guidelines are effective for legal fees incurred on or after February 15, 1998, and are incorporated in the FDIC Outside Counsel Deskbook (Deskbook).
The guidelines were developed as a result of a joint project of the FDICs Legal Division and Office of Inspector General (OIG) under the auspices of the FDICs Audit Committee. As many of you are aware, the OIG conducts audits of fees billed by law firms retained by the FDIC. To facilitate such audit activities, the current Deskbook requires outside counsel to retain copies of all FDIC-related bills and original underlying support documentation, including time sheets and time and expense adjustment records, for at least three years after final payment. On occasion, law firms have maintained that their original time sheet data was available in an electronically archived format. In many instances, however, the OIG determined that the electronic systems in place did not contain adequate internal controls or audit trails to ensure the integrity of the data for audit purposes.
The Legal Division has concluded that time billing and accounting software available to the legal profession is able to provide basic internal control features that are consistent with generally accepted auditing standards. Controls deemed to be critical include the following:
(1) unique identifiers (user identification) and/or passwords for each user of the system;
(2) an access profile for controlling user access to each application;
(3) identification of the individual who entered, changed or deleted data;
(4) an audit trail that identifies dates of entry, change, or deletion;
(5) information that shows the extent of the change or the reason for the deletion; and
(6) provisions for a user identification code or other certification when the information entered is approved and forwarded for processing of the final fee bill.
These critical internal controls are present in varying degrees in available software packages and formats, but particular weaknesses may exist regarding items (3) and (4) above. To address these weaknesses and weaknesses created where otherwise adequate internal controls provided in the software are modified or not implemented, firms may need to consider appropriate upgrading, supplementation or modification of the software or maintenance of alternative manual documentation as backup, in order to minimize or avoid significant questioned fees and costs. The Legal Division reserves the right, should there be substantial questioned costs raised on audit based on deficiencies identified in a firms electronic billing system, to impose additional documentation requirements to correct these deficiencies. These may include, without limitation, requirements to add specific internal controls through upgrades, supplemental programs, program modifications, or maintenance of alternative manual documentation as backup. Regardless of the software used, any OIG audit will include a separate evaluation of the firms software and implementation of internal controls to assess the reliability of the electronic data recorded by the law firm.