Sarbanes-Oxley Act (SOX): Section 802 mandates specific requirements for record retention and includes criminal penalties for altering or destroying audit records
SEC Rules: Securities and Exchange Commission regulations governing audit documentation and retention requirements for public companies
IRS Requirements: Internal Revenue Service mandates retention periods of 3-7 years for tax-related audit records and supporting documentation
FDIC Requirements: Federal Deposit Insurance Corporation guidelines for audit record retention in financial institutions
HIPAA: Healthcare Insurance Portability and Accountability Act requirements for healthcare-related audit documentation and retention
Federal Reserve Requirements: Banking regulations specific to audit retention for financial institutions under Federal Reserve oversight
CMS Requirements: Centers for Medicare & Medicaid Services specific requirements for healthcare audit retention
Federal Acquisition Regulation (FAR): Government contracting requirements for audit documentation and retention periods
State Record Retention Laws: Various state-specific requirements for maintaining audit records and documentation
AICPA Guidelines: American Institute of CPAs professional standards for audit documentation and retention
GAAS: Generally Accepted Auditing Standards requirements for audit documentation and retention
PCAOB Requirements: Public Company Accounting Oversight Board standards for audit documentation and retention
IFRS Requirements: International Financial Reporting Standards guidelines for audit documentation if dealing with international operations
FCPA: Foreign Corrupt Practices Act requirements for maintaining audit records related to international business transactions
GDPR: European Union's General Data Protection Regulation requirements for handling and retaining audit data involving EU subjects
CCPA: California Consumer Privacy Act requirements for audit data retention involving California residents' personal information
