Preserving Accounting Records for Closures, Acquisitions, and Audits

When a business closes, changes hands, or faces an audit, the accounting records become evidence — and the standards shift from "we have them somewhere" to "we can prove what they said and that they haven't been altered." This guide covers what authorities and counterparties actually need, how long records have to survive, and what a defensible archive looks like.

← All Guides

Most accounting records spend their lives in motion — invoices entered, payments applied, bank feeds reconciled, statements run, books closed for the month. The data is alive, changing daily, and the version that matters is the current one.

Three kinds of events break that pattern. Each one freezes the records at a specific point in time and gives them a job they didn't have before: defending themselves to someone other than the people who created them.

  • A business closure. The doors close, the entity dissolves, but the records have to remain answerable to tax authorities, lenders, former partners, and litigation that may not surface for years.
  • A business sale or acquisition. The buyer needs to verify what they're getting. The seller needs to demonstrate what was on the books at the moment of the transaction. Both parties need a record neither side can later modify.
  • An audit. An auditor — IRS, state, lender, regulator — needs to work from a fixed view of the books at a specific date, not from whatever the live system happens to look like the day they arrive.

Each of these events shares a structural property: the records need to prove themselves later, often years after the people who created them have moved on. This guide walks through what that requirement actually means, how long records need to survive in different scenarios, and what discipline turns ordinary accounting data into evidence that holds up.

Related situations covered separately: If your situation is specifically a QuickBooks Desktop sunset migration, see What Happens to Your Accounting Records When QuickBooks Desktop Sunsets. If you're inheriting a QuickBooks file you didn't create, see Inheriting a QuickBooks File: A Guide for Executors, Buyers, and New Bookkeepers.

Closing a Business

The end of operations is not the end of the records' obligations. When a business closes, the records continue to face demands from authorities and counterparties for years — often decades — after the last invoice was written. The closure itself doesn't extinguish those obligations. It just removes the people and infrastructure that were maintaining them.

What can still come back

The most common post-closure events that demand the records:

  • IRS examination. The IRS can audit a return up to three years after filing as a matter of course, six years if substantial omissions are suspected, and indefinitely if fraud is alleged. The fact that the entity no longer exists doesn't stop the audit — it just shifts who responds to it (typically the former owner or executor).
  • State tax authority claims. States have their own statutes of limitations, often longer than federal. California's franchise tax board requires records be kept for at least eight years for businesses subject to its rules. Some states have indefinite retention requirements for specific record types.
  • Payroll tax inquiries. Federal employment tax records must be kept for at least four years after the tax becomes due or is paid, whichever is later. State unemployment and workers' compensation authorities have their own retention windows.
  • Litigation from former employees, customers, or vendors. Wage-and-hour claims, consumer protection actions, breach-of-contract disputes — none of these are extinguished by the business closing. Statutes of limitation run from the underlying event, not from closure.
  • Personal liability for the former owner. In sole proprietorships and many LLCs, the former owner's personal records have to substantiate business-related deductions and income reported on personal returns. Closure of the entity doesn't reduce personal record-keeping obligations.
  • PPP, EIDL, and pandemic-loan compliance. Businesses that received forgiven SBA loans during 2020-2022 have ongoing record-retention obligations under loan terms — typically four years after forgiveness, sometimes longer.

The retention period question

"How long do I have to keep records?" doesn't have a single answer. It depends on the record type, the jurisdiction, the underlying event, and what was reported on which return. The IRS publishes a general retention table:

PeriodApplies to
3 years The default. Records that support an ordinary return, where no fraud or substantial omission is involved.
4 years Employment tax records, after the tax becomes due or is paid.
6 years Returns where more than 25% of gross income was not reported. The IRS gets the longer window when substantial income is omitted.
7 years Returns claiming a loss from worthless securities or a bad-debt deduction.
Indefinite If no return was filed, or if a fraudulent return was filed. No statute of limitations applies.

State retention requirements add their own layer. The conservative practice — and the one most CPAs and attorneys actually recommend for closures — is seven years from the closure date, treating that as the minimum window that covers the broadest set of possible inquiries.

For businesses with PPP/EIDL exposure, regulated industries, real estate transactions, or pending litigation, longer windows are common. Some attorneys advise retaining closure records indefinitely.

What the records actually need to do

The work of post-closure records isn't to be readable — it's to be defensible. There's a difference. A box of receipts in an attic is readable. It is not defensible against a sophisticated audit that asks: "How do we know these are the original records, and not something you assembled three years later when you got the IRS notice?"

Defensibility has three components, and "we have them" only addresses the first:

  • Existence. The records are physically (or digitally) available when asked. This is the easy part. Most closures handle this.
  • Integrity. The records demonstrably haven't been altered since the closure date. This is where a backup file in a drawer falls short — there is no way to prove that the file is the original closing version rather than a later edit. Cryptographic hashing at closure solves this. A printed PDF doesn't.
  • Accessibility. The records can be read and queried by the person who needs to see them — typically not the original owner — using tools they have available. A backup file that requires an obsolete version of QuickBooks to open is technically preserved but practically unusable.
The closure-day decision: The records you keep at closure are the records you'll have to defend years later, when you may no longer remember what was in the books or have access to the tools that created them. The discipline you apply on the day of closure is the discipline a future auditor or attorney will be testing.

What to actually do at closure

A defensible closure record-keeping process, ordered by what actually matters:

  1. Complete a final reconciliation. Every bank account, every credit card, every loan balance reconciled through the closure date. Unreconciled accounts are open questions in any future review.
  2. Run a complete set of period-end reports. Final balance sheet, income statement, cash flow, AR and AP aging, inventory if applicable. Save to PDF for human readability and to native export format (Excel, CSV) for machine readability.
  3. Extract the underlying transaction data. Reports show summaries. The defensible record is the underlying journal-line detail — every transaction, every account, every dollar movement that produced the closing balances. Export this in a queryable, open format.
  4. Capture the chart of accounts and supporting lists. Customer list, vendor list, item list, payroll item list, all with the values they held at closure.
  5. Seal the result. A cryptographic hash of the captured data, with the hash held independently of the data itself (with your attorney, your CPA, and a cloud backup is the standard pattern). The hash is the difference between "we have records" and "we can prove our records weren't modified."
  6. Document the closure process itself. Who closed the books, on what date, with what tools, against what bank statements. The process documentation defends the records when someone later asks how they were produced.

Step five — the seal — is the step most closures skip and the one that creates the most leverage years later. It's also the cheapest and fastest of the six. The cost asymmetry is real: the seal costs almost nothing at closure, and it can be the difference between a clean response to a 2031 audit notice and a multi-thousand-dollar reconstruction project.

Buying or Selling a Business

A business sale is structurally a record-handoff event. The buyer is taking possession of historical accounting data they didn't create and didn't watch being created. The seller is releasing records they have to be able to stand behind, sometimes for years after the deal closes. Both parties have an interest in a clean, fixed-point-in-time version of the books that neither side can later dispute or modify.

That mutual interest is often handled informally — a copy of QuickBooks data emailed to the buyer's accountant, a folder of PDFs in a data room, a backup file on a thumb drive. These approaches work for the small transaction where both sides trust each other. They fall apart when the deal is contested, when post-closing adjustments are disputed, or when the buyer discovers something months later that they want to renegotiate.

Why two-party custody matters

The structural weakness of most M&A record-handoffs is that one party controls the canonical version. The seller hands the buyer "the books." The buyer takes possession. If a dispute arises later about what the books said at the moment of sale, the parties are arguing about which version is authoritative — typically the version each side happened to hold or modify after the closing.

A sealed archive solves this differently. The same data, cryptographically hashed at the closing date, is held by both parties. Neither side can modify their copy without the hash mismatching the other side's copy. Disputes shift from "whose version is correct" (unanswerable, since both sides have their own version) to "what does the data actually show" (tractable, since both sides have the same data).

The custody property: Two parties hold matching sealed archives. Neither can dispute the records without disputing themselves. The hash held independently of both archives proves which version is authentic if it ever becomes contested.

This pattern is borrowed from how serious litigation discovery has worked for decades. Document preservation in federal litigation requires that produced documents be demonstrably unmodified from the moment of production — typically with chain-of-custody documentation and hash verification. The same discipline applied to business sale transactions costs almost nothing at the deal table and prevents an entire category of post-closing disputes.

What the buyer typically wants

A buyer's diligence team or post-acquisition integration manager is looking for:

  • Complete transaction history with no gaps
  • Audit-trail visibility — who entered what, when, and with what offsetting entries
  • The ability to query the historical data independently, without dependency on the seller's tools or staff
  • A defensible baseline against which to measure post-closing performance and identify undisclosed liabilities
  • A record they can later use to defend their own decisions if regulators or counterparties question the acquisition

A QuickBooks backup file hands the buyer the data but doesn't satisfy any of these except the first. They have to install the right version of QuickBooks to read it, take the seller's word that the file is complete, and trust that nothing was modified between the closing date and the handoff. The buyer's accountant typically asks for additional formats — Excel exports, PDF reports, sometimes raw database access — to get the verifiability the QBB file alone doesn't provide.

What the seller typically wants

The seller's interest is symmetric and often underappreciated:

  • Proof of what was on the books at closing, so post-closing claims about undisclosed issues can be tested against the actual record
  • Documentation that survives independent of whether the buyer continues to use the same accounting software
  • A defensible record for their own tax obligations on the sale (basis calculations, gain recognition, allocations across asset categories)
  • Protection against accusations of fraudulent transfer or misrepresentation that may surface years after the transaction

The seller often needs the records more than the buyer does. The buyer gets the going-concern business and its forward-looking value. The seller gets the cash and walks away — but also retains all the personal liability for what was represented at the closing table. A sealed archive is, in effect, the seller's defense file.

What to actually do at the transaction

  1. Agree in advance on the closing data extraction. Both parties' counsel should specify what data, in what format, sealed how, held by whom. This is a single paragraph in the closing documents but it prevents months of dispute later.
  2. Run the seal on the closing date. Not a week before, not the day after — the closing date itself, after final closing entries are posted. The hash becomes a fixed reference to the books as they stood at the moment of transfer.
  3. Verify the seal with both parties present (or with both parties' representatives). Both sides confirm the hash matches before the deal funds. Disputes after this point are about substance, not authenticity.
  4. Each party retains their own copy. Buyer keeps one, seller keeps one. The hash is held independently (typically with both parties' attorneys and a cloud archive).
  5. Specify retention periods in the closing documents. How long each party agrees to maintain access to their copy. Typical: seven years matching IRS audit windows. Some deals specify longer for indemnification windows.

This adds a few hours of work to the closing process. It avoids the standard post-closing scenario where one side accuses the other of misrepresenting the books and the parties spend tens of thousands of dollars on forensic accountants to reconstruct what should have been a simple reference point.

Preparing for an Audit

An audit — IRS, state, lender, financial-statement, regulatory — is the canonical case where accounting records become evidence. The auditor's job is to assess what the records say and whether the records can be trusted. Most of the value at stake in an audit isn't in the underlying numbers; it's in whether the auditor accepts the records as authoritative or treats them as a starting point for additional inquiry.

The structural problem most small businesses face when preparing for an audit is the same problem that makes closures hard: the records are alive. Books continue to change after the audit period closes. By the time the auditor arrives, the live system shows the current state, not the state at the audit-period close. The auditor wants the latter. The business has to reconstruct it.

What auditors actually want

A typical small-business audit — whether routine IRS examination, financial-statement review, or lender due diligence — works from these inputs:

  • Period-end financial statements (balance sheet, income statement, cash flow)
  • Supporting transaction detail for any line items the auditor questions
  • Reconciliations of major accounts to external sources (bank statements, loan statements, AR/AP aging)
  • Documentation of accounting policies and any judgments made (revenue recognition, inventory valuation, depreciation methods)
  • Evidence that the records existed at the period-end in the form presented — not a reconstruction made just for the audit

The last item is the one that creates the most friction. If the auditor suspects the records were reconstructed or modified after the period-end date — either to fix errors or to support a particular tax position — they shift from accepting the records to investigating them. That shift is what turns a routine audit into an expensive one.

The fixed-point-in-time requirement

The technical name for what auditors want is "contemporaneous records." Records produced in the ordinary course of business, dated when the underlying transactions occurred, unmodified since. Contemporaneous records are trusted at a different level than reconstructed records, even when the reconstructed records show identical numbers.

The challenge for a small business is that the accounting system itself doesn't preserve contemporaneity by default. A transaction entered in March can be modified in November without leaving a clear audit trail. Account balances at year-end can shift months later if anyone corrects an old entry. By the time the auditor asks for the year-end balance sheet, it may not be the same balance sheet that existed on January 5th when the books were originally closed.

What this means in practice: Most accounting systems can produce a balance sheet for any past date. Few can demonstrate that the balance sheet is identical to what would have been produced on that date. A sealed archive captured at period-end fixes the records at that moment — anyone can verify years later that the archive matches the books as they stood at the audit period close.

When to seal for audit purposes

The most useful sealing pattern for audit preparation is annual: at fiscal year-end, after the books are closed and final adjusting entries are posted, the records are sealed into an archive that can be referenced for any audit involving that year.

This pattern has several practical advantages over reactive sealing (sealing only when an audit is announced):

  • The records are sealed at their cleanest moment — just after close, before the noise of the next year's activity
  • The seal date itself is a defensible signal of when the books were considered complete
  • If an audit is announced two or three years later, the records are already in defensible form — no reconstruction needed
  • Annual sealing creates a record series that can demonstrate consistent practice, which is itself a positive audit signal

What about audits already underway

If the audit notice has already arrived, sealing the records as they currently exist still adds value, but it serves a different purpose. The seal doesn't make the records contemporaneous (that ship has sailed) — it documents that no further modifications were made after the notice was received. This matters because modifications after notice can be characterized as obstruction or evidence destruction depending on the audit type.

For audits in progress, the typical pattern:

  1. Seal the current state of the books immediately upon receiving notice — this fixes the record of "what existed when the auditor showed up"
  2. Reconstruct, to the extent possible, the period-end version of the records the auditor is asking about
  3. Document the differences between the current state and the reconstructed period-end state — what changed, when, why
  4. Provide the auditor with both versions, plus the seal, plus the documentation of differences

This is more work than handing over a clean year-end seal that was made at the time. It's still substantially better than handing over only the current live version of the books, which gives the auditor nothing to anchor against and invites questions about what changed between period-end and audit.

What Makes an Archive Defensible

Across all three scenarios — closures, M&A transactions, audits — the same five properties separate a defensible archive from a folder of PDFs:

1. Open, queryable format

The archive must be readable by someone other than the person who made it, using tools they have available. A QuickBooks backup file requires QuickBooks to read. A proprietary accounting export requires the original software. A SQLite database with a documented schema can be queried by any analyst with SQL access — your CPA, the buyer's diligence team, the auditor, opposing counsel, your future self in 2031. The open format is what makes the archive useful when the original software is gone, the original vendor is out of business, or the records need to be reviewed by someone unfamiliar with your specific tools.

2. Cryptographic hash, held independently

The hash is what proves the archive hasn't been modified since sealing. The hash being held independently of the archive — typically by your attorney, your CPA, and at least one third location — is what proves the hash itself hasn't been modified. A hash stored alongside the archive proves nothing, because anyone who could modify the archive could also update the hash to match.

3. Trusted timestamp

The hash combined with a trusted timestamp (a third-party-issued time-stamp using a standard like RFC 3161) is what proves when the seal was made. Without the timestamp, the seal proves only that the data hasn't changed since the hash was generated — but the hash itself could have been generated last week. With the timestamp, the seal proves the data was in its current form at a specific moment that a third party can independently verify.

4. Documented schema

The archive is only useful if someone can read it. A documented schema means the table structures, column meanings, and relationships are explicit and published. Anyone with the schema can write queries against the archive. This matters because the people who will need to query the archive years from now — auditors, attorneys, the buyer's team — won't be the same people who created it. The documentation has to be self-contained.

5. Non-custodial storage

The archive is yours. It lives in your possession, not on a vendor's servers. The vendor that produced the seal — whether that's Sealed Ledger, a forensic accounting firm, or an enterprise litigation-support platform — should be irrelevant to whether you can read your own archive in 2031. If accessing your records requires the vendor's continued existence, you have a custody arrangement, not a preservation arrangement.

The test question: "Will I be able to open and query this archive in seven years without depending on the firm that produced it being in business?" If the answer is no, the archive is storage at a vendor, not preservation. Preservation has to survive the original producer.

What To Do Next

The right next step depends on where you actually are:

If you're closing a business

Don't wait until the closure date to think about records. The cleanest seal is one made before operations wind down, while the data is still being entered cleanly and the people who know the books are still engaged. The week of closure is the right window: final reconciliations done, all entries posted, books closed, then the seal made before the entity dissolves.

If you're selling a business

Raise the closing-data seal during deal negotiation, before letter of intent. It's a single paragraph in the LOI specifying that closing data will be sealed at the transaction date, with both parties holding copies. Adding it later, after deal terms are agreed, often gets pushed off as "we'll handle it informally" — which is how the disputes that the seal would prevent get created.

If you're buying a business

Request the seal as part of standard due diligence. The seller almost always benefits from the same arrangement they may not have thought to ask for. Frame it as protection for both parties, not as distrust of the seller. The seller often welcomes it once they understand the symmetric protection.

If you're facing an audit (notice not yet received)

Seal annually. Build it into the year-end close process the same way bank reconciliations and tax-return preparation are built in. The cost is small. The defensive value is large. The seal is most useful when you don't yet know which year will be audited.

If the audit notice has already arrived

Seal the current state of the books immediately upon receipt of notice, then work backward to reconstruct the period-end version the auditor is asking about. The immediate seal documents that no further modifications happened after notice. The reconstruction gives the auditor what they came for. Both pieces, together, defend against the questions a less-prepared response would invite.

If you don't know which situation you're in

The discipline scales down to the simplest case. If the records matter at all and you're not sure when they'll matter, sealing them at any clean point creates a defensible reference for any future event. The seal is cheap. The reconstruction it prevents is not.

Sources

This article relies on the following authoritative sources. Each is publicly accessible and independently verifiable.

IRS recordkeeping requirements

State retention requirements

SBA loan record retention (PPP/EIDL)

  • U.S. Small Business Administration, PPP Loan Forgiveness — retention requirements for forgiven PPP loans (four years for employment records, three years for other records).

RFC 3161 trusted timestamping standard

Federal litigation discovery standards (cited as the model for two-party custody)

All sources verified as of May 18, 2026.

If You Want a Second Opinion

Sealed Ledger is built for exactly the situations this article describes — businesses where a closure, transaction, or audit creates a moment when the records need to defend themselves later. We don't do live bookkeeping or tax filing. We produce the seal, hand over the archive, and step out. The archive is yours and remains yours.

If you're at one of these inflection points and aren't sure whether what we do is a fit, the right next step is a short conversation. Tell us where you're stuck and we'll tell you honestly whether a sealed archive helps your situation. If it doesn't, we'll say so.

Last updated: May 18, 2026.