R.

Sogani & Associates

Chartered Accountants

SOP for Audit Trail Implementation

With effect from 1 April 2023, the Ministry of Corporate Affairs (MCA) has made it
mandatory for companies to maintain an audit trail throughout the year for
transactions impacting books of accounts. While the circular dated 24 March 2021
laid out the requirement for management to enable the “audit trail feature”, this
was deferred twice, with the requirement now finally being applicable with effect
from 1 April 2023.

S Head Action to be taken Client Audit Workin

N Respons Observatio g Paper
o e n Numbe
r
1 Selection of Tally, ZOHO, SAP, Busy etc.,
Accounting which fulfill the following
Software to be features-
termed as  Audit Trail of each
Books of and every transaction,
Account as per  Creating an edit log of
Section 2(13) of each change made in
the Companies books of account
Act, 2013 and along with the date
compatible with when such changes
the feature of were made.
Audit Trail  Ensuring that the
audit trail cannot be
disabled.
2 Need of Audit  Tally books or any
Trail on various other software used
areas and for accounting.
instances  Stores Accounting
 Fixed Assets
 Bio Metric Attendance
/ Payroll Software
 All other softwares
used by the company
for its books of
account.
3 All entries All Cash book, bank book,
should be journals, master charts,
covered under groups, ledgers etc. should
Audit Trail be covered under Audit Trail.
Any change made in it will be
shown under Altered column
in Edit Log.
4 Disabling of Cannot be accepted and
Audit Trail such books will not be
feature in treated as Books of Account
accounting u/r 3(1) of the Companies
software (Accounts) Rules, 2014.
Verify this feature in all
software and at all database
level
5 Tampering with Access for configuration

1|Page
 R. Sogani & Associates
Chartered Accountants

the Accounting should only be with

software in authorized person and the
respect of Audit feature cannot be disabled.
Trail. Mention the instances of
likely tempering done in
software and internal control
required to be installed to
control such that to be
verified.
6 In case, Assessment needs to be
Accounting done whether feature of
software is Audit Trail is implemented or
maintained by not and whether it can be
third party disabled during the reporting
period.
Make list of these software
7 Implementation For effective implementation
of Internal of Internal Controls,
controls Company would have to
design and implement
specific internal controls.
Refer illustrative list –
(Annexure – 1)
8 Review / For effective internal
Testing by controls, it is the
management responsibility of
management to periodically
review the functioning of the
software.
9 Real- time basis The audit trail (edit log)
accounting should record the details of
actions performed in the
system on real-time basis
i.e., there should be a
standard, during which
backdated entry can be
passed
For eg- 7 days for which
backdated entry can be
passed, beyond which
approval is required for
passing such entries.
10 List of person One person should only be
to whom with authorized person who
access of Audit is at senior level. Any
Trail is given changes or modification
should be done only after
having written approval of
transaction from the
authorized person.
(Annexure 2)
11 Retention of It is the responsibility of
Audit Trail management to preserve
audit trail for 8 years as per
the statutory requirement for

2|Page
 R. Sogani & Associates
Chartered Accountants

record retention.
12 Recording of Log of following need to be
Changes to maintained-
Books of  When were the
Account changes made
 Who made the
changes
 What was the change
made
(Annexure 3)
13 Make a list of a. Edit log feature not
instances which implemented
attract b. Edit log feature can be
qualification in disabled from software
Independent c. Edit log feature are not
Audit Report, applied on Payroll, Sales,
CARO and IFC. Stores, Fixed Asset Register
Few of software
illustrative d. One login ID will be used
instances are by multiusers hence person
as under: can not be identified who
made changes
e. Backup of software
including audit trail is not
taken on daily basis
f. Instances where manual
books of account are
maintained and modifications
are being made which are
not identified
g. Instances where changes
have been made in the
consumption of stores item
and Inward and outward
quantity, consumption, input-
output ratio/wastage
percentage and closing
quantity.
h. Instances where changes
have been made in the
Inventory and their valuation
i. Instances where there is
delay in recording of
expenses on which TDS is
applicable - Check interest
for delay in deduction and
delay in deposit have been
deposit or not.
j. Instances which are
attracting the avoidance of
deemed dividend liability due
to debit balance of
Directors/Shareholders
k. Instances where receipt
and payment entries shifted

3|Page
 R. Sogani & Associates
Chartered Accountants

from original account to

another account
l. Instance where write off
and write back has been
done on backdated and
reason thereof.
m. Verify specifically the
instances of expense
appearing in edit log having
appropriate and sufficient
audit evidences
n. Verify specifically the
instances of adjustment in
unsecured loan account and
verify the reason thereof and
it is compliance of law or not
o. Physical server not
maintained
p. Daily back up not taken
14 Physical Server
exist or not
15 Physical server
of back up
including audit
trail has been
maintained in
registered
office or not
16 Back up of
software
including audit
trail maintained
on which
computer as
prescribed by
the law
17 That computer
should be
accessible on
any time

Obtain management representation on above checklist.

Annexures
Annexure – 1:

In order to demonstrate that the audit trail feature was functional, operated and was not
disabled, a company would have to design and implement specific Internal Controls
(predominantly IT controls) which in turn, would be evaluated by the auditors, as
appropriate. An illustrative list of internal controls which may be required to be implemented
and operated are given below:

S.No. Action to be taken Client Audit Working

Respo observation paper

4|Page
 R. Sogani & Associates
Chartered Accountants

nse number
 Controls to ensure
that the audit trail
feature has not been
disabled or
deactivated.
 Controls to ensure
that User IDs are
assigned to each
individual and that
User IDs are not
shared. Also, need to
ensure password
resetting of such IDs
periodically.
 Controls to ensure
that changes to the
configurations of the
audit trail are
authorized and logs
of such changes are
maintained.
 Controls to ensure
that access to the
audit trail (and
backups) is disabled
or restricted and
access logs,
whenever the audit
trails have been
accessed, are
maintained.
 Controls to ensure
that daily backups of
the audit trails are
taken and archived as
per the statutory
period specified
under Section 128 of
the Act.
 Audit of Audit Trail
should also be
performed by Internal
and Statutory auditor
of the company.
Additionally, In –
house Audit of Audit
trail should also be
conducted, the
frequency of which
could be weekly or
fortnightly as decided
by the management.
 Edit log should be
reviewed by

5|Page
 R. Sogani & Associates
Chartered Accountants

Management weekly /
fortnightly basis and
reviewed and
enclosed in separate
file along with the
specific reason of
changes having
financial impact of
Books of account in
terms of amount,
recognition,
presentation. It will
be verified by the
Auditors during the
audit and make a
detailed audit
observation on this.
 Right of changes in
any of the
CCOUNTING ENTRY
should be restricted
and allowed after
receiving the list of
changes to be made
duly reviewed by the
management.
 Pass Resolution to
appoint authorized
person who will be
responsible for
configuration of
accounting software
and continuous
working of Audi Trail
feature.

Annexure – 2:

S No Transaction Details Date Reasons for Signature of

Modification Authorized person

Annexure – 3:

S Date Who What Signature of Impact on

No Authorized Books of
person Account

6|Page