Legal / Statutory Backing
Rule 3(1) of the Companies (Accounts) Rules, 2014
Rule 3 of the Companies (Accounts) Rules, 2014, deals with the maintenance of books of accounts in electronic form. The proviso to this rule, applicable from FY 2023-24 onwards, requires that companies maintaining their accounts using accounting software must ensure that such software has the following mandatory features:
- Audit Trail (Edit Log): Recording a complete audit trail of every transaction.
- Change Tracking: Creating an edit log of each modification in the books of accounts, along with the date of such change.
- Non-Disabling Mechanism: Ensuring that the audit trail functionality cannot be disabled.
It is thus clear that the maintenance of the above is the responsibility of the Management.
Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014
Rule 11 of the Companies (Audit and Auditors) Rules, 2014, specifies certain “Other Matters” that must be included in the Auditor’s Report. Clause (g) of this rule places a specific obligation on the statutory auditor to report on the company’s use of accounting software with an audit trail (edit log) facility.
The auditor is required to confirm whether:
- The company has used accounting software that includes an audit trail (edit log) feature for maintaining its books of account.
- The audit trail facility was operated throughout the year for all transactions recorded in the software.
- The audit trail feature was not tampered with or disabled at any point.
- The audit trail has been preserved by the company in accordance with statutory record retention requirements.
Thus, Rule 11(g) makes it clear that while management is responsible for implementing audit trail features under Rule 3(1), the auditor is responsible for verifying and reporting on that implementation in the audit report.
Maker & Checker
When it comes to audit trail compliance, the law has effectively created a maker–checker mechanism between the management and the auditor:
- Management as the Maker (Rule 3)
- Auditor as the Checker (Rule 11)
This dual responsibility ensures that there is both accountability (by management) and independent verification (by the auditor), strengthening the reliability of financial reporting.
Do you want to learn more about the reporting by Checker viz., Auditor?
This write-up mainly deals with the background of Audit Trail. If you want to learn more about the reporting by the auditor in different practical scenarios, you may refer to the link by Clicking Here
What world do differently?
India became the first country to introduce such a regulation for audit trail directly into force for all Companies irrespective of their size and sector. Globally, it has been done indirectly through different acts and guidelines as follows:
- USA through the Sarbanes-Oxley Act (SOX, 2002) mainly for IT-related
- European Union, through GDPR, mainly for Data Protection
Practical Use Cases
Multiple Book-keeping / Accounting Software Usage
It might be possible that the company is using a separate software for the generation of invoices (Say, Zoho Invoice & Inventory), and it periodically (say monthly) passes a consolidated monthly entry in the general accounting software (Say Tally Prime), in such case both the softwares must have the features of audit trail in compliance of Rule 3(1) of the Companies (Accounts) Rules 2014
Outsourced Process
It might be possible that the company may have outsourced its payroll processing to a third-party service provider who either uses its own software or uses some other software for such process of payroll for the company. In this case, an audit trail should also be enabled in the software that is being used for the process of the company.
Conclusion
The audit trail requirement under the Companies Act, 2013 establishes a strong maker–checker framework — with management responsible for implementing and maintaining audit trail features in accounting software (Rule 3), and auditors responsible for independently verifying and reporting on their use (Rule 11). By ensuring transparency, preventing tampering, and preserving records, the audit trail strengthens corporate governance and financial integrity. Non-compliance not only undermines accountability but may also attract penalties under the provisions of the Act, making it essential for companies to treat audit trail compliance as a cornerstone of trustworthy reporting.
FAQ
Are small companies exempt from the provisions of the audit trail?
The reporting requirements have been prescribed for the audit of financial statements prepared under the Act, and there is no specific exemption for small companies; therefore, small companies are also required to comply with the requirements of Rule 3(1) of the Companies (Accounts) Rules 2014 by having an audit trail enabled.
Are Section 8 companies exempt from the provisions of the audit trail?
The reporting requirements have been prescribed for the audit of financial statements prepared under the Act, and there is no specific exemption for section 8 companies. Accordingly, auditors of all classes of companies, including section 8 companies, would be required to report on these matters.
Are Foreign Companies having local offices in India exempt from the provisions of the audit trail?
As per the Companies (Registration of Foreign Companies) Rules, 2014, the provisions of “Chapter X of the Act: Audit and Auditors” and Rules made thereunder apply, mutatis mutandis, to a foreign company as defined in the Act. Accordingly, the above reporting requirements would be applicable to the auditors of such foreign companies as well.
If a company maintains its books of account entirely in manual form (physical registers), does the audit trail requirement under Rule 3(1) and Rule 11(g) still apply?
No. The requirements of the audit trail apply only where books of account are maintained electronically using accounting software. If a company maintains its records entirely in manual form, then:
Rule 3(1): There is no obligation to use software with an audit trail feature.
Rule 11(g): The auditor is not required to report on audit trail compliance. Instead, the auditor should simply make a statement of fact in the audit report that the books are maintained manually and, hence, the audit trail requirement is not applicable.
What are the consequences of non-compliance with audit trail requirements?
The first consequence of non-compliance is reporting by the auditor, which can be referred to by Clicking Here
The other consequences of the same are in the form of a penalty. While there is no separate penalty under Rule 3 or Rule 11, non-compliance may be treated as a violation of the Books of Accounts provisions under Section 128 and auditor reporting obligations under Section 143, attracting penalties on both the company and officers in default.
Which accounting software provides audit trail features?
Most leading accounting software now provides audit trail functionality, including TallyPrime, Zoho Books, Busy, SAP, QuickBooks, Marg ERP, etc. Companies should confirm and ensure the feature is enabled and cannot be disabled.
You can comment to ask your question………
Pingback: Audit Trail Observations and Qualifications CA Perspective