Auditor’s Responsibility ​

10. Rule 11(g) casts responsibility on the auditor in terms of reporting on audit trail by making a specific assertion in the audit report under the section ‘Report on Other Legal and Regulatory Requirements’. This has been explained in the paragraph below.

11. To elaborate, in addition to requiring auditor to comment on whether the company is using an accounting software which has a feature of recording audit trail, the auditor is expected to verify the following aspects:

    • whether the audit trail feature is configurable (i.e., if it can be disabled or tampered with)?
    • whether the audit trail feature was enabled/operated throughout the year?
    • whether all transactions recorded in the software are covered in the audit trail feature?
    • whether the audit trail has been preserved as per statutory requirements for record retention?

    It may be noted that any software used to maintain books of account will be covered within the ambit of this Rule. For e.g., if sales are recorded in a standalone software and only consolidated entries are recorded monthly into the software used to maintain the general ledger, the sales software should also have the audit trail feature since sales invoices would be covered under Books of Account as defined under section 2(13) of the Act. Auditors would need to evaluate whether management has also considered such software in their compliance to the Account Rules. Accordingly, any software that maintains records or transactions that fall under the definition of Books of Account as per the section 2(13) of the Act will be considered as accounting software for this purpose.

12. It may be noted that the requirement of the accounting software having a feature of audit trail has been incorporated as a proviso to Rule 3(1) of the Account Rules and have been prescribed only in the context of books of account. This is evidenced by the fact that as per the proviso to the Rule, the accounting software should be capable of creating an edit log of “each change made in books of account.”

    However, Rule 11(g) requires the auditor to comment as to whether the company has used such accounting software for maintaining its books of account which has a feature of recording audit trail (edit log) facility and the same has been operated throughout the year for all transactions recorded in the software and the audit trail feature has not been tampered with and the audit trail has been preserved by the company as per the statutory requirements for record retention.

    By reading of the Account Rules, it may be noted that companies are required to maintain audit trail (edit log) for each change made in the books of account. Accordingly, the term ‘all transactions recorded in the software’ would refer to all transactions that result in change to the books of account.

    For example, creation of a user in the accounting software may be construed as a transaction in the software. However, creating a user account in the accounting software would not change the records of books of account as defined in Section 2(13) of the Act whereas adding a new journal entry or changing an existing journal entry will be construed as a change made in books of account.

13. Giving due cognizance to the definition of “books of account” as envisaged under Section 2(13) of the Act and Rule 3 of the Account Rules which provides for the management responsibilities for maintenance of books of account and other relevant books and papers maintained in electronic mode, the auditor would be expected to check whether the audit trail is enabled for such transactions which result in a change to the books of account.