Procedural documentation for document management

The task of procedural documentation is to describe the target state of all organizational and technical processes and measures that are relevant for document management. This relates to the capture, and if necessary the transformation (e.g. from paper to electronic form), processing (e.g. invoice approval), archiving and reproduction of documents. On this basis, both internal and external audits can be carried out to assess whether the specified processes and measures, as well as the legal requirements, are being complied with in your company. The following core requirements must always be taken into account (see e.g. GoBD):

• Completeness: Complete recording and archiving of documents.
• Order: Documents are clearly indexed and assigned
• Unchangeability: Each document must be archived in an unchangeable form.
• Traceability: All stages through which a document has passed must be documented and traceable.
• Availability: Documents must be available and readable in a timely manner.

In addition, procedural documentation must be meaningful enough to meet the core requirements and be usable for an audit. The GoBD formulates this as follows: "[...] a clearly structured procedural documentation must be available for each DP system, from which the content, structure, process and results of the DP procedure are completely and conclusively evident. [...] The procedural documentation must be comprehensible and thus verifiable by an expert third party within a reasonable period of time." This requirement is subjective and can be assessed differently from auditor to auditor. However, there are core contents that should not be missing from any procedural documentation. One area that is often neglected, both in documentation and in operation, is the internal control system. This is not only about regular quality assurance and reaction to identified errors and deviations, but rather about whether the described procedures are actually lived. This is the only way to successfully demonstrate audit compliance.

The creation and maintenance of procedural documentation is an ongoing process: "The procedural documentation must be versioned in the event of changes and a traceable change history must be maintained. [...] The retention period for the procedural documentation does not expire insofar and as long as the retention period for the documents has not yet expired, for the understanding of which it is required." (GoBD)". However, the investment is well spent, provided that the creation and maintenance of the documentation is approached seriously, i.e., according to the above explanations. In addition, non-existent, insufficient or completely outdated documentation can lead to a fine (see for example AO §146). An annual audit of the DMS and the procedural documentation by a recognized, external specialist expert (certifier) rounds off the whole process and significantly increases audit security. However, the depth and scope of the audit should be chosen appropriately. A superficial audit may be more cost-effective, but will probably not create the desired added value. The review of the procedural documentation and the on-site audit should be documented by a detailed description of the audit results and preferably also stored in the DMS in an audit-proof manner. In this way, even after many years, it can be proven that:

• the DMS corresponded to the respective current state of the art
• the process flows were adhered to and regularly reviewed
• the legal requirements for your company have been met

Because the responsibility for the DMS and the compliance with the legal requirements lies with your company at all times.