{"id":8902,"date":"2025-04-07T11:53:31","date_gmt":"2025-04-07T11:53:31","guid":{"rendered":"https:\/\/www.caindelhiindia.com\/blog\/?p=8902"},"modified":"2026-02-15T18:43:04","modified_gmt":"2026-02-15T18:43:04","slug":"audit-mgt-responsibilities-with-expectation-in-audit-trail","status":"publish","type":"post","link":"https:\/\/www.caindelhiindia.com\/blog\/audit-mgt-responsibilities-with-expectation-in-audit-trail\/","title":{"rendered":"Audit &#038; Mgt responsibilities with expectation in Audit Trail"},"content":{"rendered":"<h2><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-5529\" src=\"https:\/\/www.caindelhiindia.com\/blog\/wp-content\/uploads\/2023\/03\/audit-trail-new-.png\" alt=\"audit trail new feature\" width=\"1039\" height=\"472\" srcset=\"https:\/\/www.caindelhiindia.com\/blog\/wp-content\/uploads\/2023\/03\/audit-trail-new-.png 795w, https:\/\/www.caindelhiindia.com\/blog\/wp-content\/uploads\/2023\/03\/audit-trail-new--300x136.png 300w, https:\/\/www.caindelhiindia.com\/blog\/wp-content\/uploads\/2023\/03\/audit-trail-new--768x349.png 768w\" sizes=\"(max-width: 1039px) 100vw, 1039px\" \/><\/h2>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_58 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69dad241b17fa\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69dad241b17fa\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.caindelhiindia.com\/blog\/audit-mgt-responsibilities-with-expectation-in-audit-trail\/#Overview_Audit_responsibilities_Mgt_expectations_in_Audit_Trail\" title=\"Overview Audit responsibilities &amp; Mgt expectations in Audit Trail\">Overview Audit responsibilities &amp; Mgt expectations in Audit Trail<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.caindelhiindia.com\/blog\/audit-mgt-responsibilities-with-expectation-in-audit-trail\/#Auditors_Responsibilities_under_Rule_11g\" title=\"Auditor\u2019s Responsibilities (under Rule 11(g)) : \">Auditor\u2019s Responsibilities (under Rule 11(g)) : <\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.caindelhiindia.com\/blog\/audit-mgt-responsibilities-with-expectation-in-audit-trail\/#Management_Responsibility_on_Audit_Trail_Compliance_Requirements_Under_Companies_Act_2013\" title=\"Management Responsibility on Audit Trail Compliance Requirements Under Companies Act, 2013\">Management Responsibility on Audit Trail Compliance Requirements Under Companies Act, 2013<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.caindelhiindia.com\/blog\/audit-mgt-responsibilities-with-expectation-in-audit-trail\/#Key_responsibility_related_to_audit_trail\" title=\"Key responsibility related to audit trail\u00a0\">Key responsibility related to audit trail\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.caindelhiindia.com\/blog\/audit-mgt-responsibilities-with-expectation-in-audit-trail\/#To_support_the_auditors_reporting_the_management_must_take_primary_responsibility_to\" title=\"To support the auditor\u2019s reporting, the management must take primary responsibility to:\">To support the auditor\u2019s reporting, the management must take primary responsibility to:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.caindelhiindia.com\/blog\/audit-mgt-responsibilities-with-expectation-in-audit-trail\/#Illustrative_Internal_Controls_Expected_by_Auditor\" title=\"Illustrative Internal Controls Expected by Auditor\">Illustrative Internal Controls Expected by Auditor<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.caindelhiindia.com\/blog\/audit-mgt-responsibilities-with-expectation-in-audit-trail\/#About_IFCCL\" title=\"About IFCCL\u00a0\">About IFCCL\u00a0<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Overview_Audit_responsibilities_Mgt_expectations_in_Audit_Trail\"><\/span><span style=\"color: #000080;\"><strong>Overview Audit responsibilities &amp; Mgt expectations in Audit Trail<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><a href=\"https:\/\/carajput.com\/learn\/feature-of-audit-trail-is-now-mandatory-for-accounting-software-of.html\">Audit trail features<\/a> in accounting software, as per amendments to the Companies (Accounts) Rules, 2014 and Companies (Audit and Auditors) Rules, 2014.\u00a0 Auditors\u2019 responsibilities and management\u2019s obligations under the revised Rule 3(1) of the Companies (Accounts) Rules, 2014, and Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014, which came into force on April 1, 2023.<\/p>\n<p>Requirements for Companies (Rule 3(1) Proviso, Companies (Accounts) Rules, 2014): The auditor must comment on the audit trail under the &#8220;Report on Other Legal and Regulatory Requirements&#8221; section of the audit report. Companies must ensure their accounting software complies with audit trail mandates. Auditors must perform procedures to verify effective implementation, consistent operation, and preservation of audit trails and report accordingly. Effective from April 1, 2023, every company using accounting software must ensure the software:<\/p>\n<ul>\n<li>Records an audit trail (edit log) of each and every transaction.<\/li>\n<li>Captures the date and details of each change made in the books of accounts.<\/li>\n<li>Prevents disabling of the audit trail feature.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Auditors_Responsibilities_under_Rule_11g\"><\/span><span style=\"color: #000080;\"><strong>Auditor\u2019s Responsibilities (under Rule 11(g)) :<\/strong> <\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>As per the revised reporting requirement, the auditor must comment on whether:<\/p>\n<ol>\n<li>The company has used accounting software with an audit trail (edit log) feature.<\/li>\n<li>Audit trail feature was enabled and operated throughout the year.<\/li>\n<li>The audit trail feature was not tampered with or disabled during the year.<\/li>\n<li>Audit trails are preserved as per statutory record retention requirements (i.e., 8 years as per Section 128(5)).<\/li>\n<\/ol>\n<h2><span class=\"ez-toc-section\" id=\"Management_Responsibility_on_Audit_Trail_Compliance_Requirements_Under_Companies_Act_2013\"><\/span><span style=\"color: #000080;\"><strong>Management Responsibility on Audit Trail Compliance Requirements Under Companies Act, 2013<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The management is responsible for selecting appropriate software and implementing this feature to comply with statutory requirements (including retention of audit logs). Auditor\u2019s Reporting Obligation (Rule 11(g), Companies (Audit and Auditors) Rules, 2014) : Applicable from the financial year commencing on or after April 1, 2022, auditors must report on whether:<\/p>\n<ul>\n<li>Company used accounting software with an audit trail (edit log) feature.<\/li>\n<li>Feature was operated throughout the year for all transactions.<\/li>\n<li><a href=\"https:\/\/www.caindelhiindia.com\/blog\/compulsory-audit-trail\/\">Audit trail was not tampered with.<\/a><\/li>\n<li>The audit trail was preserved as per statutory record retention norms.<\/li>\n<li>Management must ensure proper software selection, implementation, and maintenance. Auditors must conduct adequate procedures and documentation to validate:\n<ul>\n<li>Software compliance.<\/li>\n<li>End-to-end operation of audit trail.<\/li>\n<li>Retention of edit logs for regulatory reporting<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Key_responsibility_related_to_audit_trail\"><\/span><span style=\"color: #000080;\">Key responsibility related to audit trail\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ol>\n<li>Legal Foundation : Companies (Accounts) Rules, 2014 \u2013 Rule 3(1) (Proviso)<\/li>\n<\/ol>\n<ul>\n<li>From April 1, 2023, every company using accounting software must ensure:\n<ul>\n<li>Software records an audit trail (edit log) of every transaction.<\/li>\n<li>Each change in books of account is date-stamped.<\/li>\n<li>The audit trail feature cannot be disabled.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"padding-left: 40px;\">\ud83d\udd39 Companies (Audit and Auditors) Rules, 2014 \u2013 Rule 11(g) : From April 1, 2022, auditors must report whether:<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>The company used software with audit trail.<\/li>\n<li>Audit trail was operated throughout the year.<\/li>\n<li>The audit trail was not tampered with.<\/li>\n<li>Audit trail was preserved as per statutory record retention.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ol start=\"2\">\n<li>Auditor&#8217;s Verification Checklist<\/li>\n<\/ol>\n<p>Auditors are expected to verify the following:<\/p>\n<table style=\"height: 338px;\" width=\"936\">\n<thead>\n<tr>\n<td>Requirement<\/td>\n<td>Auditor\u2019s Responsibility<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u00a0Configurability<\/td>\n<td>Confirm whether the audit trail can be disabled or tampered with.<\/td>\n<\/tr>\n<tr>\n<td>Continuous Operation<\/td>\n<td>Check if audit trail was enabled throughout the year.<\/td>\n<\/tr>\n<tr>\n<td>Transaction Coverage<\/td>\n<td>Ensure all transactions affecting books of account are recorded in the audit trail.<\/td>\n<\/tr>\n<tr>\n<td>Preservation<\/td>\n<td>Verify that audit trails are preserved for minimum 8 years, in line with Section 128(5).<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<ol start=\"3\">\n<li>Clarification on Software Scope<\/li>\n<\/ol>\n<ul>\n<li>Any software involved in recording data that forms part of the \u201cbooks of account\u201d (as per Section 2(13)) is within the scope of audit trail requirements.\u00a0 Example:\n<ul>\n<li>A sales system generating invoices must have audit trail, even if only monthly summaries are posted to the general ledger.<\/li>\n<li>Creating a user in accounting software is not covered, as it doesn\u2019t impact the books of account.<\/li>\n<li>Editing journal entries, sales, purchases, etc. are covered, as they change financial records.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ol start=\"4\">\n<li>Preservation of <a href=\"https:\/\/carajput.com\/learn\/feature-of-audit-trail-is-now-mandatory-for-accounting-software-of.html\">Audit Trails<\/a> : Under Section 128(5) of the Companies Act:<\/li>\n<\/ol>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Books of account (and thus audit trails) must be retained for at least 8 years.<\/li>\n<li>For audit trails, the 8-year requirement starts from April 1, 2023, i.e., retention must be ensured until at least FY 2030\u201331.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"To_support_the_auditors_reporting_the_management_must_take_primary_responsibility_to\"><\/span><span style=\"color: #000080;\"><strong>To support the auditor\u2019s reporting, the management must take primary responsibility to:<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ol>\n<li>Identify records and systems that constitute or impact &#8220;Books of Account&#8221; as defined in Section 2(13) \u2014 including subsidiary ledgers like billing software or CRM if they record financial transactions.<\/li>\n<li>Identify all IT systems used for maintaining such records \u2014 including ERP systems, databases, interfaces, data lakes, and cloud platforms.<\/li>\n<li>Ensure the software has audit trail features capturing:\n<ol>\n<li>What was changed<\/li>\n<li>When it was changed<\/li>\n<li>Who changed it<\/li>\n<\/ol>\n<\/li>\n<li>Ensure audit trail cannot be disabled, or if configurable, that strong controls exist to monitor and log changes to its configuration.<\/li>\n<li>Enable audit trail at the database level if any manual data alterations are possible.<\/li>\n<li>Protect audit trails from unauthorized access or modification.<\/li>\n<li>Preserve audit trails for a minimum of 8 years starting from April 1, 2023.<\/li>\n<li>Design and operate effective IT General Controls (ITGCs) and Application Controls to ensure audit trail integrity and availability throughout the reporting period. <strong>Key Points to Remember<\/strong><\/li>\n<\/ol>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Even non-GL software that records financial transactions (like POS or invoice generation tools) are considered part of the accounting ecosystem and must have audit trails enabled.<\/li>\n<li>Only changes that affect books of account need to be covered in the audit trail. For example:\n<ul>\n<li>\u2705 Change in journal entry \u2192 covered<\/li>\n<li>\u274c Creation of user account \u2192 not necessarily covered<\/li>\n<\/ul>\n<\/li>\n<li>Auditors will test:\n<ul>\n<li>The effectiveness of internal controls over audit trails<\/li>\n<li>Whether access and configuration controls were properly implemented<\/li>\n<li>Evidence that audit trails were functional and retained<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Illustrative_Internal_Controls_Expected_by_Auditor\"><\/span><span style=\"color: #000080;\"><strong>Illustrative Internal Controls Expected by Auditor<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<table style=\"height: 480px;\" width=\"942\">\n<thead>\n<tr>\n<td>Control Objective<\/td>\n<td>Example Control<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Prevent deactivation of audit trail<\/td>\n<td>Config lock or alert system on audit trail settings<\/td>\n<\/tr>\n<tr>\n<td>Ensure individual accountability<\/td>\n<td>Unique, non-shareable User IDs for all users<\/td>\n<\/tr>\n<tr>\n<td>Authorize changes to audit settings<\/td>\n<td>Approval workflows for config changes + logs maintained<\/td>\n<\/tr>\n<tr>\n<td>Restrict access to audit trails<\/td>\n<td>Role-based access; monitor who views\/exports logs<\/td>\n<\/tr>\n<tr>\n<td>Maintain audit trail backups<\/td>\n<td>Scheduled backups; long-term archive retention policy<\/td>\n<\/tr>\n<tr>\n<td>Detect unauthorized changes<\/td>\n<td>Periodic reconciliation of logs with journal entries<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Pros :<\/p>\n<ul>\n<li>It helps in keeping track of who made changes, when they were made, and what was changed. This can be crucial for regulatory compliance and for maintaining accountability within an organization.<\/li>\n<li>By tracking all changes, it can help identify unauthorized or suspicious activity, thereby enhancing the security of the system.<\/li>\n<li>If any fraudulent activity occurs, the audit trail can help identify the source and prevent further occurrences.<\/li>\n<\/ul>\n<p>Cons:<\/p>\n<ul>\n<li>Implementing and maintaining audit trails can be expensive. Depending on the system\u2019s complexity, it could require substantial setup, storage, and management resources.<\/li>\n<li>Audit trails can sometimes slow down business processes, especially if they are not properly optimized<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"About_IFCCL\"><\/span><span style=\"color: #000080;\"><strong>About IFCCL\u00a0<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div>IFCCL delivers comprehensive support for businesses through its specialised accounting and bookkeeping services, ensuring accurate records, seamless compliance, and reliable financial reporting. As a trusted partner for new entrepreneurs, IFCCL also offers end\u2011to\u2011end startup advisory services, helping founders structure their business, choose the right entity type, and navigate regulatory requirements with ease. Our team provides strategic financial planning and advisory solutions to help businesses optimise cash flow, manage growth, and strengthen long-term financial stability. Additionally, IFCCL simplifies the entire business registration process handling documentation, compliance, and procedural formalities\u2014so that businesses can launch quickly and focus on expansion. With IFCCL, companies gain a reliable financial and compliance partner for every stage of their journey. Contact us at 9555 555 480 or Singh@carajput.com\/singh@caindelhindia.com<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Overview Audit responsibilities &amp; Mgt expectations in Audit Trail Audit trail features in accounting software, as per amendments to the Companies (Accounts) Rules, 2014 and Companies (Audit and Auditors) Rules, 2014.\u00a0 Auditors\u2019 responsibilities and management\u2019s obligations under the revised Rule 3(1) of the Companies (Accounts) Rules, 2014, and Rule 11(g) of the Companies (Audit and &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[632],"tags":[1049],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.caindelhiindia.com\/blog\/wp-json\/wp\/v2\/posts\/8902"}],"collection":[{"href":"https:\/\/www.caindelhiindia.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.caindelhiindia.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.caindelhiindia.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.caindelhiindia.com\/blog\/wp-json\/wp\/v2\/comments?post=8902"}],"version-history":[{"count":4,"href":"https:\/\/www.caindelhiindia.com\/blog\/wp-json\/wp\/v2\/posts\/8902\/revisions"}],"predecessor-version":[{"id":10128,"href":"https:\/\/www.caindelhiindia.com\/blog\/wp-json\/wp\/v2\/posts\/8902\/revisions\/10128"}],"wp:attachment":[{"href":"https:\/\/www.caindelhiindia.com\/blog\/wp-json\/wp\/v2\/media?parent=8902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.caindelhiindia.com\/blog\/wp-json\/wp\/v2\/categories?post=8902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.caindelhiindia.com\/blog\/wp-json\/wp\/v2\/tags?post=8902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}