Importance Of Audit Trail In Audit Report

We will delve into the topic of the Audit Trail in audit report and uncover all the crucial details in this intriguing article. Recently, the Ministry of Corporate Affairs released a notification on March 24, 2021, introducing the Companies (Audit and Auditors) Amendment Rules, 2021. These updates made significant revisions to Rule 11 of the Companies (Audit and Auditors) Rules, 2014.

What is Audit Trail?

An audit trail is like a detailed timeline of every change made to financial transactions in a computer system. Its job is to keep financial records accurate and reliable. Interestingly, the concept of audit trails was first introduced in India, and globally, there’s no similar obligation for auditors.

It is step-by-step diary of everything that happens in a computer system. From creating, modifying, or deleting files to system events like backups, it records it all. This helps trace any errors or issues back to their source.

In short, Audit trails are a chronological record of the changes that have been made to the data. Any change to data including creating new data, updating or deleting data that must be recorded.

The Triple ‘W’ Approach

Basically, Audit trail is based on Triple ‘W’ Approach (When, Who and What)

When: The date and time of each change (like a digital time stamp).
Who: The user responsible for the change, identified by their user ID.
What: Details about what was changed, including transaction references and whether it was successful or not.

Who is Responsible: The management is responsible to implement Audit trail and the auditor is responsible to check and verify the effective implementation.

Audit Trail Applicability

The initial requirement was set to apply for the 2021-2022 financial year through notification G.S.R. 206(E) on March 24, 2021. However, the implementation had been postponed until the following financial year, as stated in the MCA notification G.S.R. 248(E) issued on April 1, 2021. Despite being deferred twice, this requirement ultimately came into effect on April 1, 2023.

Time Limit to Maintain Audit Trail Records

According to Section 128(5) of the Company Act, companies are required to keep their books of account for eight years. This means that the company must maintain an audit trail for at least eight years, starting from the date when the Account Rules come into effect (i.e., April 1, 2023, onwards).

Applicability of Audit Trail on Software

This rule applies to all types of software used for bookkeeping. As per section 2(13) of the Act, any software that records transactions or maintains records that are considered Books of Account will fall under this rule. For example, if sales are recorded in a separate software and then consolidated into a general ledger software on a monthly basis, the sales software must also have an audit trail feature as sales invoices are classified as Books of Account according to section 2(13) of the Act.

Accounting Software With No Modification

Even if the accounting software prohibits modifications to transactions or journal entries, it is still required to have an activated audit trail feature, according to the Companies (Accounts) Rules of 2014.

Place To Maintain Software of Audit Trail

This audit trail capability can be maintained in various ways, such as through hosting and management in India or abroad, on-premise or on the cloud, or through a subscription to Software as a Service (SaaS). Companies may also utilize software maintained by a service organization, such as a shared service center handling payroll processes, which may use their own specialized software to manage a company’s payroll.

Dealing with Technical Issue in Accounting Software

When faced with a technical issue in your accounting software, it is essential to keep in mind that management cannot shirk their responsibility of maintaining accurate audit trails. Auditors must adjust their comments accordingly, even in the face of technical Issues.

Use of IT Professional by Auditors

To ensure proper handling of the audit trail feature, auditors have the choice to seek the assistance of IT professionals to review management controls and software configurations. However, it is important to note that while IT experts can provide support, the ultimate accountability for reporting on the audit trail feature falls on the shoulders of the auditor.

Audit Trail in Audit Report

When it comes to reporting on the audit trail, auditors aren’t just interested in the big stuff. They should cover every change a company makes, not just the major ones. All transactions, big or small, deserve a spot in the audit trail report

Requirement to Report on Audit Trail

For listed companies, there’s currently no specific demand for auditors to spill the beans on the audit trail feature in their limited review report. But here’s the catch – companies still need to play by the rules and make sure they’re following the audit trail requirements.

Rely on Information System Audit Reports

Auditors have a handy ally – independent information system audit reports like SOC 2 reports. These reports can be relied upon to ensure compliance with audit trail requirements. But, of course, auditors must stick to their own set of auditing standards.

No Adverse Findings on FS

Even if everything looks rosy in the financial statements, there’s a crucial detail to check. If your accounting software isn’t equipped with an audit trail, auditors need to tweak their comments under Rule 11(g), regardless of how smooth the financial sailing seems.

Exemption for Small and Medium Companies

Small and medium companies, listen up! There’s no escaping the need to keep proper books of account with an audit trail feature. Everyone, big or small, has to play by the rules laid out in Section 128(1) of the Companies Act, 2013.

Conclusion

Imagine an audit trail as a virtual diary housed within a company’s sophisticated audit software. It serves as a powerful tool, chronicling modifications and the complete history of each transaction. Made mandatory by the Ministry of Corporate Affairs, it’s crucial to never deactivate the audit trail feature. The responsibility falls on management to ensure this valuable feature remains activated in the accounting software.

Frequently Asked Questions (FAQ)

Why is an audit trail in audit report important?

An audit trail acts as a powerful tool, much like a superhero’s cape, in ensuring that financial transactions are conducted with complete transparency and accountability. An audit trail allows auditors to delve into the history of changes, detect errors or fraudulent activity, and ultimately hold all involved parties accountable.

What should an audit trail in include?

Think of it as a detailed receipt that documents every financial change. It should capture the date, time, user, and specific details of the change, as well as any additional information or notes.

Is it mandatory for companies to maintain an audit trail?

According to Rule 3(1) of the Companies (Accounts) Rules, 2014, maintaining an audit trail is indeed mandatory for companies. This means that the audit trail feature must be consistently and reliably present in a company’s accounting software.

Is it necessary for auditors to comment on the details of audit trail logs?

Not necessarily. Rule 11(g) targets specific areas that require attention.

What happens if the audit trail is not maintained for the entire reporting period?

If there are gaps in the audit trail during the reporting period, auditors must adjust their comments in accordance with Rule 11(g).

Is Audit Trail applicable on the LLP?

The Audit Trail requirement only applies to Companies and does not extend to other entities such as LLPs, sole proprietorships, or partnerships.

Are the banks and NBFCs exempt from the audit trail applicability?

No, all companies, including banks and NBFCs, are subject to the requirement for an Audit Trail.