Thursday, May 23, 2024

Ensuring Transparency and Accountability in Financial Records: A Guide to Compliance with Audit Trail Requirements

"In the world of finance, transparency and accountability are the cornerstones of trust"

Objective:
This guide aims to help companies and auditors understand and comply with the audit trail requirements as stipulated in the Proviso to Rule 3(1) of the Companies (Accounts) Rules 2014, ensuring robust financial record-keeping and reporting practices.

Key Rule:

Starting April 1, 2023, all companies using accounting software must ensure the software can:

  • Record an audit trail of every transaction.
  • Create an edit log of each change with the date of the change.
  • Ensure the audit trail cannot be disabled.

Purpose:

This rule enhances transparency and accountability in financial record-keeping, allowing auditors to verify the integrity of the company’s accounts.

Auditor's Reporting Requirements

Auditors need to verify and report the following:

  1. Rule 11(g) of the Companies (Audit and Auditor) Rules 2014:

    • Confirm if the company used accounting software with an audit trail feature.
    • Check if this feature was operational throughout the year and wasn't tampered with.
    • Ensure the audit trail is preserved according to statutory record retention requirements.
  2. Section 143(3)(b) of the Companies Act 2013:

    • Verify if proper books of account were kept as required by law.
  3. Section 143(3)(h) of the Companies Act 2013:

    • Note any issues with maintaining accounts or related matters.

Tips and Cautions to Avoid Defaults

Implementation and Operation:

  1. Early Adoption:

    • Implement the audit trail feature well before the deadline to allow time for troubleshooting and adjustments.
    • Conduct regular checks to ensure the audit trail is functioning correctly throughout the year.
  2. Staff Training:

    • Train staff on the importance of the audit trail feature and how to use it correctly.
    • Establish protocols for logging and reporting any issues with the audit trail functionality.
  3. Regular Audits:

    • Perform internal audits periodically to check the integrity of the audit trail.
    • Ensure any discrepancies are documented and rectified promptly.
  4. Software Updates:

    • Keep accounting software updated to the latest version to benefit from security patches and feature enhancements.
    • Verify that updates do not disrupt the audit trail functionality.
  5. Backup and Preservation:

    • Ensure regular backups of the audit trail data.
    • Store backups securely to prevent data loss or tampering.
  6. Third-Party Management:

    • If using third-party software, ensure there are stringent controls and agreements in place regarding the audit trail feature.
    • Regularly review third-party performance and compliance.

Reporting and Documentation:

  1. Comprehensive Documentation:

    • Maintain detailed records of all transactions and any changes made.
    • Ensure documentation includes dates and reasons for changes to support the audit trail.
  2. Transparency in Reporting:

    • Be transparent in audit reports about the functionality and any issues related to the audit trail feature.
    • Provide clear explanations and justifications for any deviations or problems encountered.

Reporting Formats

Unmodified Reporting:

If the company meets the audit trail requirements:

  • Rule 11(g):
    "Based on our examination, the company used accounting software with an audit trail feature that worked throughout the year. We found no instances of tampering."

  • Preservation of Edit Log:
    (Optional for the first year)
    "As the rule started on April 1, 2023, preserving the audit trail isn’t applicable for the year ending March 31, 2024."

  • Manual Books of Account:
    "The company maintained its books manually, so Rule 11(g) doesn’t apply."

No further reporting under sections 143(3)(b) and 143(3)(h) if everything is in order.

Modified Reporting:

If there are issues, the auditor needs to specify them. Examples include:

SituationReporting Under Rule 11(g)Reporting Under Section 143(3)(b)Reporting Under Section 143(3)(h)
Audit trail feature was disabled/not enabled for some records/software."Based on our examination, except for the following, the company used accounting software with an audit trail feature all year. The PPE software didn’t have this feature, so no audit trail for those transactions.""Proper books kept except for issues in Rule 11(g).""Issues in maintenance as stated in Rule 11(g)."
No audit trail enabled."The company used accounting software without an audit trail feature, so we can’t comment on it.""Proper books kept except for issues in Rule 11(g).""Issues in maintenance as stated in Rule 11(g)."
Audit trail not enabled for the full audit period."The company’s accounting software had an audit trail feature from June 1, 2023, to March 31, 2024. No tampering detected during this period.""Proper books kept except for issues in Rule 11(g).""Issues in maintenance as stated in Rule 11(g)."
Audit trail not enabled for certain transactions."Audit trail not enabled for payroll and some accounting software fields from April 1, 2023, to August 20, 2023, and PPE transactions from April 1, 2023, to July 12, 2023.""Proper books kept except for issues in Rule 11(g).""Issues in maintenance as stated in Rule 11(g)."
Audit trail not working effectively."The software had an audit trail feature, but it didn’t work well, so we couldn’t verify the audit trail’s integrity all year.""Proper books kept except for issues in Rule 11(g).""Issues in maintenance as stated in Rule 11(g)."
Accounting software managed by a third party."The software is managed by a third party, so we can’t confirm if the audit trail feature was enabled and used correctly.""Proper books kept except for issues in Rule 11(g).""Issues in maintenance as stated in Rule 11(g)."
Migration to new software during the year."The company migrated to new software during the year and is still setting up audit trail controls. We can’t comment on the audit trail feature.""Proper books kept except for issues in Rule 11(g).""Issues in maintenance as stated in Rule 11(g)."
Audit trail was tampered with."We found five instances of tampering in the PPE software’s audit trail feature.""Proper books kept except for issues in Rule 11(g).""Issues in maintenance as stated in Rule 11(g)."

Auditor's Guide

Auditors should follow the guidelines in the "Implementation Guide on Reporting on Audit Trail under Rule 11(g) of the Companies (Audit and Auditors) Rules 2014 (Revised 2024 Edition)" issued by ICAI.

By adhering to these guidelines, companies can ensure compliance with the audit trail requirements, and auditors can accurately report on the integrity and functionality of the company’s accounting software, fostering greater transparency and accountability in financial reporting.