How to Protect Yourself in the 21st Century: Documentation and Going Electronic

Presenters:Pamela Baker-Webber, Sponsored Research Officer, Harvard

University, Faculty of Arts and Sciences

Elizabeth Lennox, Assistant Dean for Research Administration, Harvard University, Faculty of Arts and Sciences

Session Objectives: • Define current federal requirements for documentation (NSF, NIH)•Outline current challenges and areas of concern in documentation requirements•Define who is responsible for what•Examples of best practices and tools•Next Steps?

A Few Definitions: NIH•http://grants.nih.gov/grants/policy/nihgps_2012/nihgps_ch8.htm#_Record_Retention_and•Grantees generally must retain financial and programmatic records, supporting documents, statistical records, and all other records that are required by the terms of a grant, or may reasonably be considered pertinent to a grant. •Keep all materials for an entire competitive segment for a period of 3 years from the from the date the FFR for the entire competitive segment is submitted• Exceptions and qualifications to the 3-year retention requirement include any litigation, claim, financial management review, or audit is started before the expiration of the 3-year period, the records must be retained until all litigation, claims, or audit findings involving the records have been resolved and final action taken. •Policy also pertains to grant-related records, including F&A cost proposals and property records. See 45 CFR parts 74.48 and 92.36 for record retention and access requirements for contracts under grants.•These record retention policies apply to both paper and electronic storage of applicable information, including electronic storage of faxes, copies of paper document, images, and other electronic media.

A Few Definitions: NSF

•http://www.nsf.gov/pubs/manuals/gpm05_131/gpm3.jsp#350

•Financial records, supporting documents, statistical records and other records pertinent to a grant will be retained by the grantee for a period of three years from submission of the Final Project Report•Exceptions are records related to audits, appeals, litigation or the settlement of claims arising out of the performance of the project will be retained until such audits, appeals, litigation or claims have been disposed of•records related to projects subject to special program income provisions (GPM 753, "NSF Policy") will be retained for three years beyond the end of the award period.

What About Internal Requirements??• Example - Harvard University Research Record Retention Policy:

Research Records should be retained, generally, for a period of no fewer than seven (7) years after the end of a research project or activity. For this purpose, a research project or activity should be regarded as having ended after (a) final reporting to the research sponsor, (b) final financial close-out of a sponsored research award, or (c) final publication of research results, whichever is later.

Major Considerations:1. Know your federal requirements2. Know your internal policy and how they do/do not overlap; which is stricter3. Know sponsor and/or award specific requirements4. Who owns what? Who is the keeper of record?

How to Manage?? Challenges and Concerns

How to Manage?? Challenges and Concerns

• What to keep?• Who owns what?• Where is everything?• What about off site research and records?• Who has the space?• Electronic vs. paper• Data security and the “cloud”• What is auditable? (hint….everything available)• Where to start?

Your Responsibilities• What to keep? 1. Research Data

Lab resultsRaw dataAnalysisResearch Notebooks (check to see if your university has a policy around these)

2. Financial/Admin Data Proposal and Award documentation, all originals and updates (what internal

policy documentation is needed?)A/P transactions (esp. justification for non standard grant charges)Payroll Effort CertificationPersonnel files (check to see if your university has a policy around these)Conflict of Interest Data

Your Responsibilities• Who Owns What? 1. Research Data

Lab results, Raw data, Analysis and Research Notebooks: All PI2. Financial/Admin Data

Proposal and Award documentation, all originals and updates – Central submitting office, with department back up

A/P transactions – Central A/P office (check to make sure they keep data per sponsor agreements), justification for charges with departmentPayroll - Central PayrollEffort Certification – Central Office, with departmental back upPersonnel files – Central HR, many local units own part of this as wellConflict of Interest Data – per university policy and procedures

Your Responsibilities• Where is Everything? 1. Research Data (electronic or paper)

Lab results – local to labRaw data – could be anywhereAnalysis – could be anywhereResearch Notebooks – central depository (hopefully)

2. Financial/Admin Data (electronic or paper) Proposal and Award documentation, all originals and updates – Central submitting

office, with department back upA/P transactions – Central A/P office (check to make sure they keep data per sponsor agreements), department back upPayroll - Central PayrollEffort Certification – Central Office, with departmental back upPersonnel files – Central HR, many local units own part of this as wellConflict of Interest Data – per university policy and procedures

Your Responsibilities• What about Off Site Research?

1. Falls under ALL THE SAME REQUIREMENTS2. Get as much on site as possible!3. Identify off site projects and appoint data management lead4. Inform PI of requirements5. Foreign sites can and will be audited6. Train local staff in requirements and record management

basics7. Define where “official” documents will be held

Your Responsibilities• Who Has the Space?1. Consider what you have in duplicate/triplicate2. Go electronic early in the project life3. Carefully consider scanning “old” documents (this is not always the

cheapest option)4. Meet requirements and ditch the rest5. Do multiple people have a different pieces of the info?6. Yearly clean outs and reassess often

Your Responsibilities• Electronic vs. Paper: The BIG Switch1. Utilize ALL electronic systems to their fullest to eliminate paper:

A/P systems, financial systems, proposal preparation and submittal systems (know the “official holder” of record and do not store back ups- shadow files are open to audits too)

2. Scanning and archiving can be very expensive. Do you homework first and the decide best way to store files

3. Develop naming conventions and standards for file storage when possible for ease of look up

4. Decide when electronic copies are “good enough” and eliminate the need for hard copy when at all possible

Your Responsibilities• Data Security and the “cloud”1. Some research projects contain “protected” subject data and

require specific security levels for the research data as part of the agreement

2. Know what is truly secured and what is not3. Know what can be sent along open lines and what should be sent

securely4. Generally, using “cloud” options does not meet “secure” data

requirements5. Proprietary data needs protection too6. Staff identifiers and info should carefully stored

What is Auditable?? Where to Start??

• Everything you have available is auditable• Electronic and paper records are both auditable• Shadow files are auditable• If you have them, old records are fair game

• Start where you can; most likely with the administrative aspects• Inform PI and team of requirements and remind them often• If not currently, start doing as much electronically as possible and

keep it organized

Best Practices and ToolsCase Study: Harvard GMAS (Grants Management Application

Suite)• Provides broad user interface for grant

management and submission across university platform; houses fCOI and Participation Agreement information; tiered access for PIs and Administrators

Best Practices and ToolsCase Study: Harvard HCOM (Harvard Crimson Online

Marketplace)• Provides university wide purchasing and

vendor management system; houses historical purchasing data and backup; can upload documents to HCOM for electronic record; lifecycle system from order through payment

Best Practices and ToolsConversations with PIs and Administrators

When to take the conversations off-lineWhen and how to document

Best Practices and Tools

Your examples????