Audit Trail Applicability: Date, Turnover Limit, Penalty, Best Practices, Example

The Ministry of Corporate Affairs (MCA) recently released a notice (Companies (Accounts) Amendment Rules, 2021) mandating that companies using accounting software must choose platforms equipped with a feature recording an audit trail for every transaction.

The updated audit trail rule in accounting software has taken effect from last year. Originally scheduled for implementation in 2021, the effective audit trail applicability date was subsequently moved to April 1, 2023.

The new rule is intended to ensure that companies are open about their actions and do not manipulate data. It means that every accounting software must have an Audit Trail feature.

But what exactly is an audit trail? And why is it important? Please read this article to learn more about it, from audit trail applicability examples to best practices you can follow.

What is an Audit Trail?

An audit trail refers to a detailed, chronological record of the adjustments, details, and other financial data related to transactions within an accounting system. Simply put, it provides a complete history of a transaction, as well as easy tracking and traceability back to the origin.

Thus, it offers proof of compliance with industry standards, such as financial regulations, data protection laws, and healthcare regulatory requirements. Essential components of audit trail features include:

• Time stamps: Each recorded event has a time stamp showing when it happened.
• User identification: It captures the identity of the user or entity involved in each event, including approvals and authorisations given.
• Event descriptions: Detailed explanations of what happened during events are included.
• System information: Technical details about the event, such as its location, source, and type of activity, are also mentioned.

What is the Purpose of an Audit Trail?

A typical audit trail contains essential information to review past events and identify the individuals involved. It is crucial evidence that helps validate management statements and claims.

Audit trails can comprise various areas such as financial information, IT processes, HR records, or operational procedures. The primary purposes of an audit trail include:

1. User accountability: Employing audit trails supports companies in holding individuals accountable for their actions within a system. One can track user activity to learn who made changes to data or accessed sensitive information.

2. Regulatory compliance: Many regulatory requirements necessitate industries to implement detailed record-keeping. Audit trails enable companies to showcase compliance with these regulations and minimise the risk of penalties for non-compliance.

3. Enhanced security measures: Companies can identify and respond to security incidents by monitoring user activity and system events. It allows the detection of unauthorised access and facilitates quick action against data breaches.

4. Issue identification and resolution: Audit trails serve as valuable tools for identifying the source of problems or errors within a system. It enables the reconstruction of events through the review of system logs and can precisely pinpoint the cause of issues and take corrective action to address concerns.

Need and Applicability for an Audit Trail

Maintaining a comprehensive and complete audit trail is crucial for businesses. This ensures the ability to trace any irregularities and identify process breakdowns if and when they occur.

Further, it is worth noting that the audit trail applicability is not a mandatory requirement for all businesses. It is specifically for companies all companies registered under the Companies Act 2013, including:

• All public and private limited companies
• One Person Companies (OPCs)
• Companies owned by the Government of India
• State government companies
• Not-for-profit companies/organisations
• Nidhi companies, and
• Foreign companies

Audit Trail Checklist

The Companies Act 2013 mandates every company keep accurate records of its transactions. These records should create a clear audit trail for each transaction, including essential details such as:

• Transaction particulars: Date, amount, and nature of each transaction.
• Changes to books of accounts: Date and nature of each alteration.
• Authorisation details: Names of individuals authorising transactions and changes.
• Approval and rejection specifics: Names of those approving or rejecting transactions and changes.
• Access to records: Details of access to records, including the date, time, and names of individuals accessing the books of accounts.
• Backup and restoration activities: Details of all related activities concerning the books of accounts.

Non-compliance with these requirements can lead to a penalty ranging from ₹25,000 to ₹5 lakh, depending on the violation. Further, the company might face legal consequences if the non-compliance is intentional or fraudulent.

Time Period to Maintain and Audit Trail

Section 128(5) of the Companies Act, 2013 requires that books of accounts of a company be retained for a period of not less than eight financial years, immediately preceding a financial year, or all the preceding years together in case the company is younger than eight years old. Further, all vouchers relevant to any entry in such books of account must be kept in order. 

Therefore, the company would also need to maintain an audit trail for a minimum period of eight years.

Best Practices to Maintain an Audit Trail

Here are some of the best best practices to follow to maintain an audit trail :

1. Regular data backups: Regularly backup data to prevent losses in case of system failures or data corruption. Store backups securely to facilitate easy restoration when needed.

2. User authentication: Employ robust user authentication methods to verify the identity of individuals making changes. Implement role-based access controls and data encryption to restrict modification access.

3. Regular audits: Periodically review and audit financial records to detect anomalies or signs of tampering. Independent parties, such as internal or external auditors, should conduct this audit.

4. Automated logging: Use automated systems and software tools to generate and uphold audit trail records. It reduces the risk of human error and ensures consistent logging of all relevant activities.

Example of an Audit Trail

Audit trails can be simple or complicated. Say your company wants to hire someone who will work from home and needs a new laptop. Here is how the laptop purchase process would be tracked:

• The hiring manager initiates a laptop purchase request with the finance department.
• The finance department processes the purchase order, noting cost, shipping details, product specifications, location, and purchase date.
• The mail department logs the received item once the laptop arrives and dispatches it to the hiring manager.
• The hiring manager, in turn, contacts the employee to facilitate laptop delivery.

Each step in this process includes essential details such as the individuals involved, dates, communication methods, cost, and timestamps. In case of any issues, like non-delivery, the finance department can rely on the order confirmation with comprehensive information to communicate with the laptop company.

Audit trails are crucial for ensuring the accuracy of financial statements. They clearly mark the path that transactions have taken and help in creating reliable financial statements. Essentially, audit trails offer concrete evidence for every business action taken. As a result, auditors typically rely on these trails to verify financial statements.