Appendix
C - Electronic Billing / Timekeeping
NOTE: You
are required to retain copies of all invoice packages and original
underlying support documentation, including time sheets and time
and expense adjustment records, for three years after final payment
under the legal referral. (Refer to Chapter
1 and Chapter 7.)
February
15, 1998
Electronic
Billing Guidelines
The
FDIC Legal Division is establishing electronic billing guidelines
for FDIC
outside counsel, consistent with the FDIC Office of Inspector
General’s audit requirements and the capabilities of commercially
available time, billing and accounting software systems increasingly
utilized by law firms. These guidelines are effective for legal
fees incurred on or after February 15, 1998, and are incorporated
in the FDIC Outside Counsel Deskbook (Deskbook).
The guidelines
were developed as a result of a joint project of the FDIC’s Legal
Division and Office of Inspector General (OIG) under the auspices
of the FDIC’s Audit Committee. As many of you are aware, the
OIG conducts audits of fees billed by law firms retained by the
FDIC. To facilitate such audit activities, the current Deskbook
requires outside counsel to retain copies of all FDIC-related
bills and original underlying support documentation, including
time sheets and time and expense adjustment records, for at least
three years after final payment. On occasion, law firms have
maintained that their original time sheet data was available
in an electronically archived format. In many instances, however,
the OIG determined that the electronic systems in place did not
contain adequate internal controls or audit trails to ensure
the integrity of the data for audit purposes.
Guidelines
The
Legal Division has concluded that time billing and accounting software
available to the legal profession is able to provide basic internal
control features that are consistent with generally accepted auditing
standards. Controls deemed to be critical include the following:
(1) unique identifiers
(user identification) and/or passwords for each user of the system;
(2) an access
profile for controlling user access to each application;
(3) identification
of the individual who entered, changed or deleted data;
(4) an audit
trail that identifies dates of entry, change, or deletion;
(5) information
that shows the extent of the change or the reason for the deletion;
and
(6) provisions
for a user identification code or other certification when the
information entered is approved and forwarded for processing
of the final fee bill.
These critical
internal controls are present in varying degrees in available
software packages and formats, but particular weaknesses may
exist regarding items (3) and (4) above. To address these weaknesses
and weaknesses created where otherwise adequate internal controls
provided in the software are modified or not implemented, firms
may need to consider appropriate upgrading, supplementation or
modification of the software or maintenance of alternative manual
documentation as backup, in order to minimize or avoid significant
questioned fees and costs. The Legal Division reserves the right,
should there be substantial questioned costs raised on audit
based on deficiencies identified in a firm’s electronic billing
system, to impose additional documentation requirements to correct
these deficiencies. These may include, without limitation, requirements
to add specific internal controls through upgrades, supplemental
programs, program modifications, or maintenance of alternative
manual documentation as backup. Regardless of the software used,
any OIG audit will include a separate evaluation of the firm’s
software and implementation of internal controls to assess the
reliability of the electronic data recorded by the law firm.