Accounting and Audit News

Basics to implementing audit trail features in your ERP

Earlier this year the Ministry of Corporate Affairs made it mandatory for each company to use such accounting software to maintain its accounts which has a feature of recording audit trail (edit log). Subsequently, the ministry deferred the date for implementation of this rule to 1 April 2022. These rules are aligned with the ministry’s vision of promoting greater digitalisation of corporate processes in order to bring more accountability and transparency in financial reporting and related compliances.

Audit trail means the ability to track a transaction right from its origin and hence a record will have to be maintained for each and every transaction with details regarding the creation, updation, deletion and user data details etc. The auditors will have to report on following attributes of the audit trail features which are pertinent to be noted by the corporates:

audit trails and edit logs should have been maintained for all transactions recorded throughout the year
ensuring that the audit trail cannot be tampered with or disabled
ensuring the audit trails are preserved as per statutory requirements for record retention

With less than 6 months at hand to ensure compliance with the said rule, this issue of our newsletter lays down the basics that each company should consider while activating audit trail features in their organisation.

1. Defining proper user-role and access to ERP

Each individual user’s access rights and roles in ERP should be defined based on the work profile and area of responsibilities. Four-eye principle should be implemented in areas where master data of customers, vendors, tax rates etc is maintained and can be extended to accounting functions as well. Further, User-ID of auditors should be separate and must only contain review rights. Company should prepare a User matrix which can be provided to auditor at the time of audit for verification.

2. Closure of accounting periods

Each month post closure of reporting activities, the accounting periods in ERPs should be locked and access / editing rights of all users should be disabled. Such controls ensure that trail balances are frozen and cannot be changed once a month’s figures have been reported to the management.

Locking the closed months will minimise the possibilities of human error or any un-authorized user-access/changes and will also ensure compliance with the audit trail requirements proposed.

3. Dry test-run of audit trail feature

Once you activate the feature of audit trail in your ERP or wherein the feature is in-built; company should check the dry test-run of reports generated by the system such as modified, cancelled, deleted vouchers, voucher/entries statistics, user report etc for the test period to ensure that there are no technical errors.

The key responsible person should ensure that the audit trail functionality cannot be tampered with and is not disabled at any time.

This article provides a glimpse into the salient requirements of the audit trail process and procedures. In case the ERP doesn’t have the feature of audit trail or extracting of such data is not feasible; companies should start exploring alternate options. Company should also consider support from experts on the process to be implemented and verification of reports generated from ERP.