Ministry of Corporate Affairs (MCA) has recently amended the Companies (Accounts) Rules, 2014 to strengthen the manner of keeping books of accounts in electronic mode. One of the key changes is the mandating of the maintenance of an audit trail.
An audit trail is a record of all changes made to a company’s electronic books of accounts. This includes changes made to the data, as well as changes made to the metadata, such as the date and time of the change, the user who made the change, and the reason for the change.
The purpose of an audit trail is to ensure the integrity of a company’s electronic books of accounts. By tracking all changes made to the data, an audit trail can help to identify errors and fraud, and it can also be used to reconstruct the history of a transaction.
The MCA’s amendments to the Companies (Accounts) Rules, 2014 require companies to maintain an audit trail for all electronic books of accounts. The audit trail must be able to track all changes made to the data, and it must be accessible to auditors.
The Companies (Accounts) Second Amendment Rules, 2021 originally stipulated that the amendment introduced in the provisions relating to the manner of keeping books of accounts in electronic mode would be implemented on April 1, 2021. However, the effective date was later extended to April 1, 2022 through a notification dated April 1, 2021.
The effective date was further extended to April 1, 2023 through a notification dated March 31, 2022. This means that companies are now required to comply with the amendment by April 1, 2023.
The amendments require every company that uses an accounting software to use such software that has a feature of audit trail which cannot be disabled. The management has a responsibility for effective implementation of the requirements prescribed by account rules i.e., every company which uses an accounting software for maintaining its books of account, should use only such accounting software which has the following features:
- Records an audit trail of each and every transaction, creating an edit log of each change made in the books of account along with the date when such changes were made; and
- Ensuring that audit trail is not disabled.
AUDITORS’ RESPONSIBILITY RELATED TO AUDIT TRAIL
The Companies (Audit and Auditors) Amendment Rules, 2021 place responsibility on auditors to report on audit trail in their audit reports. Specifically, auditors are required to comment on whether the company is using an accounting software that has a feature of recording audit trail, and to verify the following aspects:
- Whether the audit trail feature is configurable (i.e., if it can be disabled or tampered with).
- Whether the audit trail feature was enabled/operated throughout the year.
- Whether all transactions recorded in the software are covered in the audit trail feature.
- Whether the audit trail has been preserved as per statutory requirements for record retention.
- The auditor’s responsibility in relation to audit trail is to ensure that the audit trail is reliable and that it can be used to verify the accuracy and completeness of the financial statements. The auditor should also ensure that the audit trail is not tampered with or altered in any way. The auditor’s report on audit trail should be included in the section of the audit report titled “Report on Other Legal and Regulatory Requirements”. The report should state whether the auditor has observed any matters that have caused them to believe that the audit trail is not reliable or that it has been tampered with.