What is Audit Trail and why its Introduced ?
Audit trail is a digital record of all the events that occur in a particular transaction or process. It captures and logs every change made to the transaction or process, including who made the change, what was changed, and when it was changed. It serves as a means of reconstructing the history of the transaction or process, allowing for transparency, accountability, and the ability to detect errors or fraudulent activity. The purpose of maintaining an audit trail is to provide a complete record of all the events that have occurred and to assist in the investigation of any issues or discrepancies that may arise.
The introduction of the audit trail requirement is primarily aimed at enhancing transparency and accountability in financial reporting of companies. With the increasing use of electronic systems for accounting and bookkeeping, there was a need to ensure that such systems were reliable and could be audited effectively. The audit trail requirement helps in ensuring that all transactions are recorded in a systematic manner, which can be traced and verified if required. This enhances the credibility of financial statements and helps in detecting and preventing fraudulent activities. The requirement is also aimed at aligning the Indian audit standards with international audit standards and best practices.
The Companies (Accounts) Rules, 2014 were amended by the Ministry of Corporate Affairs to enhance the reliability of financial reporting. The amendment requires companies to ensure that their accounting software has certain features and attributes, which include recording audit trails for each and every transaction, logging edits made to the books of accounts with the date of such edits, and ensuring that the audit trail cannot be disabled. This amendment was made effective from 1st April 2021 initially through addition of proviso in Rule 3(1) of the Accounts Rules and further amendment came through which its postponed and it is now applicable from the financial year commencing on or after 1st April 2023.
By implementing these requirements, companies can improve the accuracy and transparency of their financial reporting and provide greater confidence to stakeholders, including investors, lenders, and regulators.
Implementing an audit trail in a company can be done by following these steps:-
1.Choose an accounting software that has an audit trail feature: Look for accounting software that has the capability to record every transaction and change made in the books of account.
2.Enable audit trail feature: Once you have chosen the accounting software, ensure that the audit trail feature is enabled. This can typically be done by going to the settings or preferences section of the software.
3.Monitor the audit trail: Assign a responsible person to monitor the audit trail regularly to ensure that all transactions and changes made in the books of account are being recorded properly. This can help to identify any unauthorized changes made to the books of account.
4.Retain the audit trail: Make sure to retain the audit trail for the period as statutorily prescribed, which is currently for a period of 8 years from the end of the financial year to which such records pertain.
Applicability –
The requirement to maintain an audit trail of every transaction and edit log in accounting software applies only to companies that maintain their books of accounts using electronic accounting software. If a company maintains its books of accounts entirely manually, then the auditor will not be required to report on the audit trail under Rule 11(g). In such cases, the auditor would simply need to report the fact that the books of accounts are being maintained manually. However, the auditor would still need to verify and report on the accuracy and completeness of the books of accounts maintained manually, in accordance with the applicable auditing standards.
1.Management of the Company under Proviso to Rule 3(1) of the Companies (Accounts) Rules, 2014 from 1st day of April 2023
The requirement for companies to use accounting software that has a feature of recording audit trails and other related features was initially introduced by the Companies (Accounts) Amendment Rules, 2021 with effect from 1st April 2021.
Although, this date was subsequently changed twice. First, it was substituted for 1st April 2022 by the Companies (Accounts) Second Amendment Rules, 2021, vide notification G.S.R. 247(E) dated 1st April 2021. Thereafter, it was substituted again for the 1st day of April 2023 by the Companies (Accounts) Second Amendment Rules, 2022, vide notification G.S.R. 235(E) dated 31st March 2022. It is important for companies to keep track of these changes and ensure that they comply with the latest requirements as applicable.
The requirement for companies to use accounting software with the specified features was initially supposed to come into effect from 1st April 2021, but it was deferred twice. The requirement is now finally applicable from 1st April 2023, as per the latest amendment made to the Companies (Accounts) Rules, 2014. Companies should ensure that they are using compliant accounting software by the deadline to avoid any penalties or non-compliance issues.
2.Statutory Auditor of the Company under Rule 11(g) of Companies (Audit and Auditors) Rules, 2014 from 1st day of April 2022
Companies (Accounts) Amendment Rules, 2021 were initially supposed to come into effect from the financial year commencing on or after 1st April 2021, as per notification G.S.R. 206(E) dated 24th March 2021. However, the applicability of the amendment was subsequently deferred to the financial year commencing on or after 1st April 2022, as per MCA notification G.S.R. 248(E) dated 1st April 2021.
The requirement has been deferred again, and it is now applicable from the financial year commencing on or after 1st April 2023, as per the latest amendment made to the Companies (Accounts) Rules, 2014, vide notification G.S.R. 235(E) dated 31st March 2022.
Entities where Audit Trail is applicable-
The reporting requirements with respect to the use of accounting software with specified features apply to all companies registered under the Companies Act, 2013, including –
»Public And Private Limited Companies,
»One-Person Companies,
»Companies Owned By The Government Of India, State Government Companies,
»Not-For-Profit Companies/Organizations (Such As Section 8 Companies), And
»Nidhi Companies.
The Companies Act, 2013 also applies to foreign companies registered in India, and as such, the reporting requirements would be applicable to the auditors of such foreign companies as well. The reporting requirements apply to the auditors of these companies, who are required to report on whether the accounting software used by the company being audited has the specified features and whether the audit trail feature was operational throughout the financial year and has not been tampered with.
Exception to use Audit Trail-
The audit trail requirements under the Companies Act, 2013 are applicable only to companies registered under the Act and their auditors. Hence, entities such as
» Individuals,
» Proprietorship Concerns,
» Partnership Firms,
» Limited Liability Partnerships (Llps),
» Hindu Undivided Families (Hufs),
» Association Of Persons (Aops),
» Body of Individuals (Boi),
» Cooperative Societies, Societies Registered Under The Societies Act, 1860, And
» Trusts Are Not Required To Comply With These Requirements.
Although, above cited entities may still be subject to other reporting and compliance requirements under other applicable laws or regulations.
What changes comes under Accounting software ?
Through amendment to Rule 3(1) of the Companies (Accounts) Rules, 2014, from the financial year commencing on or after the 1st day of April 2023, every company that uses accounting software to maintain its books of accounts must use software that has specific feature which includes recording an audit trail for every transaction, creating an edit log of every change made in the books of accounts along with the date when such changes were made, and ensuring that the audit trail cannot be disabled.
By doing this, aimed for strengthening the integrity of financial reporting and ensuring that companies use robust and reliable accounting software that provides transparency and accuracy in their financial statements. Companies should take note of this provision and ensure that they are using compliant accounting software by the deadline.
Auditors Report 2023-
The Companies (Audit and Auditors) Rules, 2014 have also been correspondingly modified to align with the amendments made to the Companies (Accounts) Rules, 2014. Clause (g) was inserted to Rule 11 of the Audit Rules, which requires auditors to report on Whether –
Auditors Report 2023-
» the accounting software used by the audited company has the feature of recording audit trails (edit logs),
» the audit trail feature was operational throughout the financial year, and
» such audit trails have been retained for the prescribed period.
This information is required to be included in the auditor's report. The amendment was made effective from 1st April 2021, and Rule 11(g) as inserted by the Companies (Audit and Auditors) Second Amendment Rules, 2021-
“Whether the company” has used such accounting software for maintaining its books of account which has a feature of recording audit trail (edit log) facility and the same has been operated throughout the year for all transactions recorded in the software and the audit trail feature has not been tampered with and the audit trail has been preserved by the company as per the statutory requirements for a period of at least eight financial years.
ICAI Guideline on Reporting under Rule 11(g) for the requirements of audit trail
The Implementation Guide on Reporting under Rule 11(g) issued by Auditing and Assurance Standards Board of the Institute of Chartered Accountants of India provides further clarifications on the requirements of audit trail. According to the guide, the expression 'all transactions recorded in the software' refers to all transactions that result in a change to the books of account. This includes adding a new journal entry or changing an existing journal entry, but not creating a user account in the accounting software.
The auditor is expected to check whether the audit trail is enabled for transactions that result in a change to the books of account, in accordance with the definition of "books of account" under Section 2(13) of the Companies Act 2013 and Rule 3 of the Account Rules which provides for the management responsibilities for maintenance of books of account and other relevant books and papers maintained in electronic mode.
Benefits of implementing an audit trail in a company include:-
1.Improved accuracy: An audit trail can help to identify errors and inconsistencies in the books of account and allow for them to be corrected promptly.
2.Increased transparency: An audit trail can provide transparency and accountability, allowing stakeholders to see who made what changes and when.
3.Enhanced security: An audit trail can help to prevent fraud and unauthorized changes by creating a clear record of all activity in the books of account.
4.Regulatory compliance: Compliance with the Companies Act 2013, as well as other applicable laws and regulations, can be achieved through the implementation of an audit trail.
Consequences for not maintaining the audit trail
The consequences for not maintaining the audit trail can vary depending on the severity of the non-compliance and the decision of the regulatory authorities. The following are some potential consequences for not maintaining the audit trail:-
1.Non-compliance: Failure to maintain the audit trail may result in non-compliance with the provisions of the Companies Act 2013 and the Companies (Accounts) Rules 2014.
2.Penalty: The regulatory authorities may impose a penalty on the company for non-compliance. The penalty can range from a monetary fine to imprisonment of the directors.
3.Rejection of financial statements: In case of non-compliance with the audit trail requirement, the financial statements of the company may be rejected by the regulatory authorities. This can impact the reputation of the company and result in adverse effects on the company's operations.
4.Qualified Auditors Report: auditors may have to qualify their audit reports or provide an adverse opinion, which would indicate to stakeholders that there are material weaknesses in the company's accounting practices. This could lead to a loss of investor confidence, difficulty in raising capital, and potential negative impact on the company's share price. Therefore, it is important for companies to comply with the audit trail requirements to avoid these consequences and maintain good corporate governance practices.
5.Legal action: Non-compliance with the audit trail requirement can result in legal action against the company and its directors. The regulatory authorities may initiate prosecution proceedings against the company and its directors.
Conclusion: By maintaining an audit trail, the company ensures that all the financial transactions are accurately recorded, and there is complete transparency in the accounting process. This helps to build trust among stakeholders, such as investors, lenders, customers, and regulatory authorities, which in turn can help the company to grow its business and can help the company to identify potential fraud, errors, and other irregularities, which can help to mitigate risks. By identifying and addressing risks early, the company can minimize the impact of any negative events and avoid potential losses. We at Compliance Calendar suggests to all Companies Registered under the Companies Act 2013, ensure compliance with the audit trail requirement to avoid any adverse consequences.