Self-audit principle and document retention standards
The self-audit principle is a section that is often missing from most Procurement Policies because very few people recognize its importance or even consider its existence.
Just like most modern urinals have an automated flush system that releases water into the bowl every few minutes (even without being used), it is standard practice for procurement policies to contain self-audit requirements, and processes that allow them to run violation reports, and sense check those same guidelines periodically.
The perception of the procurement function is only further clouded by damaging audit reports. These reports come as a shock to the business and give the impression that someone has been caught doing something wrong. Now, what if you could have “arrested” yourself and fixed the issues long before the audit? There is a verse in the Holy Scriptures that says, “make peace with your adversary while you are on your way to court.” This puts further emphasis on doing self-checks and course corrections long before an audit is conducted.
Every good procurement policy should contain a procedure for self-audits, and procurement leaders must have a process for conducting these periodically. Possible violations are detected early, and updates are made to the policy to prevent future incidents or to redesign defective procedures.
Procurement documents contain commercial transactions but are also legal in nature. Purchase Orders, Terms and Conditions, Contracts, Non-Disclosure Agreements, Memoranda of Understanding, Letters of Intent, etc. When there are disputes over the fulfilment of obligations, these documents are used for reference by courts and investigating bodies to determine what rights pertain to either party or to prove that the correct processes were followed in reaching a decision.
It is always embarrassing to Senior Management when procurement teams cannot produce such documents or spend so much time searching through disorganized computer folders and physical cabinets.
Twice in my career, I have had to pull out documents from my personal archives in response to an enquiry that had legal implications. A few months after I had resigned from a previous company, I got a call regarding a transaction that I had managed while I was there. As part of my handover tasks, I had ensured that all hard and soft copies of transactions were in the care of my successor. Unfortunately, he also left the organisation, and this created a gap. When I got the call asking if I had copies of these documents, I simply accessed my archived folders and sent the files to my former Boss.
The lesson here is this; every procurement policy must have clear guidelines for document retention.
What documents should be retained? Where or how should they be stored? How long should they be in storage? Some organizations go as far as storing sensitive documents at an off-site location. This is done as part of a Business Continuity Plan and ensures that such documents can be retrieved in the event that the office premises are affected by some unforeseen disaster.
Under the Nigerian Data Protection law, certain transaction records are required to be stored for up to 10 years, and in the case of police incident reports, permanently. Now you see why this is not just a policy decision, it’s a matter that has legal implications.
Harold Nwariaku, FCIPS, is the branch chair of the Chartered Institute of Procurement and Supply Nigeria and lead consultant, Harold & Co Procurement & Supply Chain Consulting