It has been just over 9 months since we shared our initial insights on the requirements for maintaining an audit trail (these are accessible by clicking on LINK). After assisting several companies in India in meeting the audit trail requirements, we are pleased to offer some essential insights with best practices that Indian companies can implement this year.

What is an audit trail & why is it significant?


An audit trail is a detailed record of system activities, enhancing fraud prevention, data integrity & the efficiency of audits. In terms of background - the Ministry of Corporate Affairs ('MCA') of the Government of India had released a notification relating to the Companies (Accounts) Amendment Rules, 2021. According to this notification, Indian companies utilizing accounting software were required to adopt systems that could maintain an audit trail for every transaction. Although initially set for 2021, the enforcement of the updated audit trail regulations in accounting software began for the fiscal year ending on March 31, 2024.

The requirement


The MCA has underscored the importance of audit trails by mandating their use for companies registered under the Companies Act 2013 ('the Act'). Effective April 1, 2023, companies needed to maintain an audit trail throughout the year for all transactions impacting the books of accounts. This requirement required every transaction to be documented, to address the risk of data manipulation. Companies were also required to create edit logs of each change made in their accounts with proper dates. Additionally, audit trails could not be disabled and the statutory auditors were required to report any non-compliance with this mandate.


Key provisions


The Proviso to Rule 3(1) and Rule 11(g) of the Companies (Accounts) Rules, 2014 mandates that all companies, including public, private, one-person, government-owned, and not-for-profits, must use accounting software with an audit trail feature if maintaining electronic records. If records are kept entirely manually, the audit trail requirements do not apply under Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014 and the statutory auditor should report this as a factual statement.


Failure to comply with these requirements can lead to penalties ranging from ₹25,000 to ₹5 lakh, with further legal consequences if non-compliance is intentional or fraudulent.

Responsibilities of the management


  • Identify the records & transactions that constitute books of account under section 2(13) of the Act.
  • Identify the applications (such as web-portals, databases, interfaces, data warehouses, data lakes, cloud infrastructure, or any other IT component used for processing and or storing data for creation and maintenance of books of account) that require the audit trail functionality.
  • Determine the specific records and transactions that need to be tracked.
  • Regularly monitor & report any anomalies or exceptions.
  • Control access permissions & conduct periodic backups to safeguard data.
  • Ensure that the audit trail is retained as per statutory requirements for record retention.
  • Ensure that controls over maintenance and monitoring of audit trail & its features are designed & operating effectively throughout the period of reporting. 

Challenges


In addition to requiring auditors to comment on the use of accounting software with an audit trail feature, they are also expected to verify if the audit trail is configurable, ensure it was operational throughout the year, confirm that it covers all transactions & check if the audit trail has been preserved according to statutory record retention requirements. Statutory auditors have expressed concerns about many companies not employing software with audit trail capabilities. Furthermore, confirming the integrity of unaltered entries has posed significant challenges during audits.


The main specific challenges faced by companies in implementation were:

  • Identifying applications & transactions that are covered by the requirement.
  • Identifying, designing & institutionalizing controls over maintenance & monitoring of audit trail.
  • Ensuring additional & adequate storage requirements with supporting infrastructure.
  • Renegotiating complex contracts with third-party vendors.
  • Managing log tables without editing or disabling them.
  • Controlling and overseeing admin privilege usage.

Best practices


  1. Raise awareness | Start by sharing the detailed requirements for maintaining an audit trail with members of your finance & accounting team & identifying specific changes that need to be made within your company's accounting systems & practices.
  2. Review internal policies | Assess existing policies to determine how the requirements for audit trails can be integrated into current processes.
  3. Identify critical systems | Focus on systems requiring audit trail implementation, such as ERP and CRM software.
  4. Design and implement specific internal controls (predominantly IT controls) | The necessary internal controls for implementation and operation include: (a) ensuring the audit trail feature remains active and has not been disabled; (b) assigning unique user IDs to each individual to prevent sharing; (c) authorizing changes to audit trail configurations & maintaining change logs; (d) restricting access to the audit trail & its backups, along with maintaining access logs; and (e) conducting periodic backups of the audit trails and archiving them according to the statutory period outlined in Section 128 of the Act.
  5. Choose the right tools | Choose software that includes built-in audit trail capabilities, or tailor current systems to fulfill compliance requirements.
  6. Revisit user access controls | Restrict audit trail access to authorized personnel only.
  7. Undertake regular audits | Conduct periodic reviews to ensure that audit trails remain accurate & comprehensive.

Final thoughts


In an era of heightened regulatory scrutiny and evolving security threats, audit trails have become a cornerstone of corporate governance. By implementing robust audit trails, organizations not only ensure compliance but also build a foundation of trust, accountability and operational excellence. The MCA’s mandate signals a new era in corporate transparency and governance, placing audit trails at the heart of this transformation.


As businesses continue to adapt to these changes, staying ahead of regulatory requirements and adopting best practices is key to sustaining growth and maintaining integrity in today’s fast-paced business environment.


If you need any clarifications or support in establishing best practices that are in keeping with the nature, size and complexity of your organization's requirements, please do not hesitate to contact us at contactus@mgcglobal.co.in and we will be happy to assist.


Best Regards,

Markets Team

MGC Global Risk Advisory

About MGC Global Risk Advisory 

Recognized as one of the '10 most promising risk advisory services firms' in 2017, as the 'Company of the Year' in 2018 &, 2019 (both in the category of risk advisory services), one of the 'Top Exceptional Companies to Work For' in 2020, amongst the 'Top 25 Customer Centric Companies' in 2020, 'The Consultant of the year' in 2021 (in the category of risk advisory services), 'Top Exceptional Leaders in Risk Advisory Services' in 2023 and 'Best place to work' in 2024; MGC Global is an independent member firm of Allinial Global.

 

MGC Global provides services in the areas of enterprise-wide risk management, forensic, internal audits, control assessments (SOC, IFCR & SOX), process re-engineering, governance frameworks, privacy & data protection (including GDPR & DPDP), IT risk advisory, GDPR, VAPT, ISO readiness, cyber security, vCISO, accounting advisory, forensic, ESG & CSR services.


Our firm has the capabilities to service its clients through its offices in Bengaluru, Mumbai, NCR; and has service arrangements with associate firms in all major cities in India.

About Allinial Global

Allinial Global (formerly PKF North America) is currently the world's second-largest member-based association.


With collective revenues over US$ 6 billion, Allinial Global has dedicated itself to the success of independent accounting and consulting firms since its founding in 1969. It currently has member firms in over 109 countries, who have over 28,000 professional staff and over 6,000 partners operating from nearly 700 offices across the globe.

 

Allinial Global provides its member firms with a broad array of resources and support that benefit both its member firms & their clients in key areas of learning & development, human resources, international outreach, technical support, knowledge-sharing through its specialized communities of practice, information technology & practice management. 
Web  Facebook  LinkedIn

MGC Global Risk Advisory LLP | MGC Global House, No.1 Cariappa Marg, Sainik Farms | New Delhi, DL 110 062 IN

Unsubscribe | Update Profile | Constant Contact Data Notice

Constant Contact