Audit Trail in Accounting Software

Introduction

Accounting or book-keeping is undoubtedly one of the critical functions of any business. The history of accounting systems dates back to more than 7000 years when accounting records were merely stone carvings or writings on a wall. We had come a long way from then, where the accounting records were maintained in hard-bound ledger books using the double-entry accounting system. But, the 21st century digital revolution has transformed the accounting process completely with the advent of accounting software.

Audit was prevalent when the accounting records were manually maintained, and the concept hasn't changed with the digitization of accounting records. However, the challenge is to perform audit through the computer system. Hence, the requirement of audit trail in accounting software.

The Ministry of Corporate Affairs in one of its recent amendment notifications (Gazette notification no. GSR 205(E) dated 24^th March 2021) stated that for companies maintaining their books of accounts using accounting software, should use only such accounting software which has the feature of recording audit trail for each and every transaction w.e.f. 1^st April 2021.

What is Audit Trail?

Audit trails are records (manual or electronic) that chronologically catalogue events to provide supporting documentation used to establish authentication and integrity of a transaction.

Many critical computer systems keep a record of the activities performed by its users like -

• At what time the user logged in to the system?
• Which entries were made by the user and at what time?
• Which entries were modified by the user and at what time?
• Which entries were approved by the user and at what time?
• At what time the user logged out of the system?
• No. of failed login attempts by the user?

Such record of system activities is called system log. These logs help in fixing the accountability to individual users for the activities performed by them in the computer system. Also, the system auditors use these logs to reconstruct and examine the sequence of events occurring in a computer system to identify any unauthorised change or access. Hence, in a IT environment, such logs form the audit trail.

As per the amendments by MCA, the minimum requirements in an accounting software in respect of audit trail are -

• Audit trail should be for each and every transaction.
• Edit log should be generated for each change made in book of accounts.
• The log should contain date stamp for each change.
• Audit trail cannot be disabled.

Audit Feature in Tally.ERP9

Tally.ERP9 is one of the most widely used accounting software in India by both businesses and professionals alike. Tally.ERP9 has its in-built audit feature known as Tally Audit. This feature is also present in the Tally Prime, the latest offering from Tally.

The first step towards maintaining audit trail in any accounting software is creation of users.

To use Tally Audit, enable the feature during Company Creation. In case of an existing company, it can be enabled by altering Company Info (Gateway of Tally > Alt+F3 > Alter). Tally will require an Administrator account and password to enable the Tally Audit feature. The Tally Administrator is a superuser account which has full access to all the modules in Tally, including the system administration functionalities.

After enabling the Tally Audit feature, use the Administrator account to define the roles of various system users (Gateway of Tally > Alt+F3 > Security Control > Types of Security) and tag these roles to the various user accounts (Gateway of Tally > Alt+F3 > Security Control > Users and Passwords)

Apart from the Administrator, there are primarily two types of user roles in Tally.ERP9 - Owner & Data Entry - each of these roles have their predefined settings. However, custom roles can also be created to complement the organization structure. Owner is a predefined role for data owners having full access to all data, reports, etc. Data Entry is a predefined role for accounting clerks or data entry operators having access usually restricted to voucher entry or alteration.

Once a transaction is entered, and such transaction is accepted/approved by the Owner or Administrator, any changes after such acceptance/approval will appear under Audit Statistics (Gateway of Tally > Display > Statements of Accounts > Tally Audit > Voucher Types) showing the name of the user who made the change along with the date on which the change was done.

There are three major drawbacks of Tally.ERP9

• In the original entry, the posting/effective date of transaction is recorded, but not the date on which the entry was done. Thus, it doesn't help in identifying back-dated vouchers. This can be remedied by using the following means:
  • Using effective dates for vouchers (Gateway of Tally > Accounts Info > Voucher Types > Alter)
  • Disallow back-dated vouchers by altering the Data Entry user role in Security Control (Gateway of Tally > Alt+F3 > Security Control > Types of Security). However, back-dated vouchers cannot be disallowed for Owner and Administrator user accounts.
• Once the change is accepted by the Owner or Administrator user, the trail disappears from Audit Statistics. So, to preserve the audit trail, it has to be printed or exported.
• The Tally Audit feature may be turned off by the Administrator, hence there is no apparent safeguard against disabling the audit trail.

Hence, unless new updates are released, it is difficult to maintain an audit trail as per the MCA requirements in the existing Tally ERP.9 or Tally Prime. However, there are TDL Add-ons available from various Tally Developers providing the feature of tracking voucher alteration history, and these add-ons can counter most of the drawbacks explained above.

The author is a practicing chartered accountant with expertise in GST, International Taxation, Ind-AS and Company law.

References

• https://www.smartsheet.com/audit-trails-and-logs
• https://en.wikipedia.org/wiki/History_of_accounting