Scott A. Goffstein & Associates, LLP, your privacy is important
to us. While information is the cornerstone of our ability to
offer excellent service, Scott A. Goffstein & Associates, LLP
recognizes our most important asset is our customers trust.
We are particularly concerned about the privacy of our individual
customers who obtain financial services from us for personal, family,
or household purposes ("you"). This notice provides
you with our privacy policies and practices with respect to the disclosure
of nonpublic information about you.
Information We May Collect
In providing you with financial services, we collect nonpublic
personal information* about you from the following sources:
||Information we receive from you on applications, tax returns,
net worth statements, or other forms
||Information about your transactions with us or others
||Information we receive from a consumer-reporting agency.
*Nonpublic personal information means personally identifiable financial
information that is not publicly available.
Information We May Disclose And To Whom We May Disclose
We do not disclose any nonpublic personal information about you
to anyone, except as permitted by law.
Under Massachusetts law, if you provide us with information which
you identify as confidential pursuant to a professional engagement
with us, we are not permitted to disclose that information without
your consent, except in response to a court proceeding, to the Massachusetts
Board of Public Accountancy, or in the course of quality reviews
of our firm.
If you decide to close your account(s) or become an inactive customer,
we will adhere to the privacy policies and practices as described
in this notice as well as the Firm's Record Retention and Destruction
We restrict access to your personal and account information to
those employees who need to know that information to provide services
to you. We maintain physical, electronic, and procedural safeguards
that comply with federal regulations to guard your nonpublic personal
individuals who obtain financial services primarily for personal,
family or household purposes.
these policies described above, at any time.
Return to Top
Record Retention and Destruction Policy
Scott A. Goffstein & Associates, LLP, recognizes that the firm's
engagement and administrative files are critical assets. As such,
the firm has established this formal written policy for record retention
and destruction in accordance with applicable state and federal
laws. Compliance with this policy is mandatory for all employees.
Engagement files are defined, for the purposes of this policy, as all records related to the engagement, including workpapers and other documents that form the basis of services rendered by the firm, such as, all documentation reflecting the procedures applied, evidence obtained, and conclusions reached in the engagement. In order to adequately address the needs of the firm and meet the current regulatory requirements established by the profession and the regulatory agencies, this policy will address separately the document retention requirements for engagement files by the categories indicated below. Unless otherwise notified by the Managing Partner, Scott A. Goffstein, or mandated by state or federal law, Scott A. Goffstein & Associates, LLP, will follow the recommended record retention periods specified in the attached Exhibit A.
Scott A. Goffstein & Associates, LLP, will retain all records related
to the audit, review or compilation (including electronic records)
for a period of seven years from the conclusion of the audit, review,
or compilation that meet the following two criteria:
1. The records have been created, sent or received
in connection with the audit, review, or compilation;
2. The records contain conclusions, opinions, analysis, financial data related to the audit, review, or compilation or, significant information that is inconsistent with the final conclusions, opinions or analysis (e.g., significant differences in professional opinions on issues that are material to the financial statements or to the final conclusions).
Records for purposes of this subsection include workpapers and
other documents that form the basis of the financial statement engagement,
and memoranda, correspondence, communications, and other documents
and records that meet both of the criteria stated above.
It is the firm's position that all documents (whether hardcopy or electronic) which do not meet the criteria listed above (numbers 1 and 2) would not be considered substantive in nature and thus would not be retained in accordance with this policy. The Firm, however, acknowledges the following exception to this rule:
All significant information that is inconsistent with the final conclusions, opinions, or analysis (e.g., significant differences in professional judgment or differences of opinion on issues that are material to the financial statements or to the final conclusions) will be considered substantive in nature and appropriately retained in accordance with the policy.
Although this list is not meant to be all inclusive, the following are examples of those items that generally would not meet the criteria for retention and should be destroyed at the completion of the engagement:
HOWEVER, if any of the documents listed above DO include information
that contains either (a) conclusions, opinions, analysis, or financial
data related to the audit, review, or compilation or, (b) significant
information that is inconsistent with the final conclusions, opinions,
or analysis, they will be subject to the retention periods for such
information in accordance with the terms of this policy as outlined
in attached Exhibit A.
- Superseded drafts of memoranda, financial statements, or regulatory filings
- Notes on superseded drafts of memoranda, financial statements, or regulatory filings that reflect incomplete or preliminary thinking
- Duplicates of documents
- Copies of client records (Unless the client records contain evidence of audit or other procedures applied by the Firm.)
- Review notes
- To do lists (which have been completed)
- Documents that contain typographical errors or other minor errors that result from the normal business/learning process or from preliminary views based on incomplete information or data
- Voice-mail messages. (It is the firm's policy that all significant voice-mail messages that would record or support the Firm's professional services should be documented as a memo to file and retained in accordance with the terms of this policy.)
Questions arising in connection with applying
the rules set forth in this section should be referred immediately
to the partner on the engagement. The Managing Partner, Scott A. Goffstein,
must approve any exceptions to this policy.
Scott A. Goffstein & Associates, LLP, will retain sufficient
records (whether hardcopy or electronic) to reflect services performed
by and substantive information provided to the firm for seven
years after it completes such services. Records,
for the purposes of this sub-section, mean final workpapers and any
other documents, including correspondence and copies of client records,
that are necessary for a reasonable person to understand the services
performed by and substantive information provided to Scott A. Goffstein
& Associates, LLP, for the engagement.
(Includes Tax and Consulting Services)
Refer to the attached Exhibit
A should you have any questions regarding the period of retention
for a particular type of document.
It is the firm's policy that all administrative files (including, but not limited,
to billing and collecting activities, accounts payable, loans, leases,
fixed assets, and personnel files) will be maintained for no less
than the current legal or regulatory requirements for such items (no
less than seven years for accounting records) or longer if
they serve a useful purpose as determined by the Managing Partner,
Scott A. Goffstein. For example, in accordance with the recommended
records retention period outlined in the attached Exhibit
A, legal documents and contracts, including, but not limited
to, articles of incorporation, corporate stock records, company minutes
and by-laws, service and lease agreements, promissory notes, and legal
correspondence, will be retained permanently, unless otherwise determined
by the Managing Partner, Scott A. Goffstein. Refer to the attached
Exhibit A should you have any questions regarding the period of retention
for a particular type of document.
The Designated Administrative Personnel will be responsible
for maintaining and annually updating a summary of the legal and regulatory
requirements for all administrative files and keeping the Managing
Partner, Scott A. Goffstein, updated of any changes to such requirements.
Physical Security It is company protocol to protect all hardcopy files,
electronic files, computer hardware, software, data and documentation
from misuse, theft, unauthorized access, and environmental hazards.
As such, the firm has adopted procedures for information maintained
in both hardcopy and electronic form to ensure physicals security.
In the event Scott A. Goffstein & Associates, LLP, uses third-party
vendors to store, maintain, and/or destroy records (whether hardcopy
or electronic), the firm will obtain client consent before transmitting
the client's records to such a third-party vendor. Refer to the attached
Exhibit B for sample language use as an addendum to an engagement
- The firm will store all of its on-site hardcopy
client files in file cabinets. File cabinets are stored in a separate
file room and are restricted to those employees authorized to have
such access. The Designated Administrative Personnel has the responsibility for managing
the access control of the file room and for reporting any potential
breaches in security to the Managing Partner, Scott A. Goffstein.
- The Designated Administrative Personnel will have the responsibility for establishing
filing procedures to ensure that files can be easily located and retrieved
- The firm has established back-up procedures
on electronic files to minimize the risk that data may be destroyed,
modified, or disclosed without authorization. These procedures include,
but are not limited to, the following:
- The Designated Administrative Personnel will be
responsible for ensuring that all data files will be backed up daily
by the firm's IT service provider.
- The Designated Administrative Personnel will
be responsible for ensuring also that all software applications used
in creating the work or in archiving or storing the files are retained
or available (including all updated or superseded applications) so
that the electronic files can continue to be accessed for the retention
periods stated in this policy.
- Access controls have been established
to maintain the confidentiality and integrity of data stored on the
firm's computer systems. Access shall be restricted to only those
actions that are appropriate to each employee's specific job duties.
The Designated Administrative Personnel will have the responsibility for the administration
of access controls and will ensure that all additions, deletions and/or
changes are processed appropriately upon written request from the
firm administrator, applicable supervisor, and/or partner. Employees
will have individual access codes and passwords to the firm's computer
network systems. These systems are accessible at all times by the
firm and the Designated Administrative Personnel will maintain a complete list of access
codes and passwords in a secured place. Employees are prohibited from
the unauthorized use of the access codes and passwords belonging to
All of the documents and records relating to clients are the property
and proprietary interest of Scott A. Goffstein & Associates, LLP,
to the extent it is consistent with applicable laws. All original
documents are the property of the client and should be returned
to the client upon request. The firm's documents and records relating
to its clients are confidential and may not be disclosed without
express written permission from the client or unless required by
law. All employees of the firm must ensure that privacy will be
maintained for client information. In consideration of the firm's
size and complexity, the nature and scope of the professional services
we render to our clients, and the sensitivity of the information
we collect, the firm has determined that compliance with this policy
appears to satisfy the current regulatory requirements under the
Federal Trade Commission Safeguards Rule.
Destruction of Records
The Designated Administrative Personnel has the responsibility for ensuring compliance
with this policy for the destruction of records, files and electronic
data. It is the firm's policy that all engagement letters issued
on or after the effective date of this policy should contain language
regarding the firm's applicable record retention periods.
will conduct on an annual basis an inventory of all records, files
and electronic data subject to destruction based on the recommended
retention periods outlined in the attached Exhibit A. The Designated Administrative Personnel will review this list with the Managing Partner, Scott A.
Goffstein, for approval prior to the actual destruction of such
IMPORTANT NOTICE TO ALL EMPLOYEES
Under NO CIRCUMSTANCES will any records, files or electronic data
be destroyed, regardless of the retention periods identified in
this policy, if there is any pending regulatory investigation, disciplinary
action, legal action, or if the firm has any knowledge of the intent
by a regulatory agency to launch an inquiry or knowledge of a potential
Recommended Record Retention Periods for
Documents Related to Accounting Services
|Description of Records
||Recommended Record Retention Period**
|Audit/Review/Compilation working papers*
|Audit/Review/Compilation Statements and Reports
|Tax Return work papers
All Other Services not specified above
*Audit/Review/Compilation working papers are defined as those records which have been created, sent, or received with the audit, review, or compilation, as well as those which contain the conclusions, opinions, analyses, or financial data related to the review or compilation or, significant information that is inconsistent with the financial conclusions, opinions or analyses. See 17 C.F.R. § 210.2-06.
** These are minimum recommended periods of retention that comply with applicable federal and state law. Further, notwithstanding the recommended retention period set forth above, any claim for credit, abatement, or refund and any material relating, concerning, or referring to the subject of any pending or ongoing litigation MUST be kept until such matter is resolved. See Sarbanes-Oxley Act of 2002, sections 802 and 811; 820 CMR 62C.25.1(3); Treas. Reg. 1.6001-1.
***For tax years commencing after 1996, 7 years prior to that date.
Unless you indicate otherwise, our firm may transmit confidential information you provided to us to third parties in order to facilitate the delivery of our services to you.
Sample Client Disclosure Language
Re: Third-Party Vendors
For example, such transmissions might include, but not be limited to: scanning of client records (whether electronic or hardcopy) by an outside, unaffiliated vendor; dissemination of client records to an outside, unaffiliated vendor for purposes of storage; destruction of client records (whether electronic or hardcopy) by an outside, unaffiliated vendor; or, use of an outside tax processing service to assist in preparing tax returns.
Please feel free to inquire if you would like additional information regarding the transmission of confidential information to entities outside the firm.
____ I/We do consent to the firm using third-parties, including outside processing services, when providing services to me/us.
____ I/We do not want your firm to use third-parties, including outside processing services, when providing services to me/us. I/We consent to the additional fees (charged at the firm's regular hourly rates), which may arise.
Signature: ______________________________ Date: _________________
[Additional section to use if confidential information will be transmitted outside the United States.]
Additionally, some of the transmissions of confidential information described above may be to persons or entities outside the United States.
____ I/We do consent to the transmissions of confidential information to persons or entities outside the United States in order to facilitate your firm providing me/us services.
____ I/We do not consent to the transmissions of confidential information to persons or entities outside the United States in order to facilitate your firm providing me/us services. I/We consent to the additional fees (charged at the firm's regular hourly rates), which may arise.
Signature: ______________________________ Date: _________________
Return to Top