Implementation Guide on Reporting under Rule 11(g) of Companies (Audit and Auditors) Rules, 2014
O
b
j
e
c
t
i
v
e
o
f
p
r
o
v
i
s
i
o
n
s
r
e
l
a
t
i
n
g
t
o
A
u
d
i
t
T
r
a
i
l
To Compel Companies to comply with the provisions relating
to maintain proper books of accounts
Important terms and their explanation
3
Important terms and their explanation
4
S
e
c
t
i
o
n
1
2
8
:
B
o
o
k
s
o
f
a
c
c
o
u
n
t
,
e
t
c
.
,
t
o
b
e
k
e
p
t
b
y
c
o
m
p
a
n
y
(
1
) Every company shall prepare and keep at its registered
office
books of account
and other relevant books and
papers and financial statement for every financial
year which give a
true and fair view of the state of the affairs
of the company, including that of its branch office or offices, if
any, and explain the transactions effected both at the
registered office and its branches and such books shall be
kept on accrual basis and according to the double entry
system of accounting:
P
r
o
v
i
d
e
d
t
h
a
t
a
l
l
o
r
a
n
y
o
f
t
h
e
b
o
o
k
s
o
f
a
c
c
o
u
n
t
a
f
o
r
e
s
a
i
d
a
n
d
o
t
h
e
r
r
e
l
e
v
a
n
t
p
a
p
e
r
s
m
a
y
b
e
k
e
p
t
a
t
s
u
c
h
o
t
h
e
r
p
l
a
c
e
i
n
I
n
d
i
a
a
s
t
h
e
B
o
a
r
d
o
f
D
i
r
e
c
t
o
r
s
m
a
y
d
e
c
i
d
e
a
n
d
w
h
e
r
e
s
u
c
h
a
d
e
c
i
s
i
o
n
i
s
t
a
k
e
n
,
t
h
e
c
o
m
p
a
n
y
s
h
a
l
l
,
w
i
t
h
i
n
s
e
v
e
n
d
a
y
s
t
h
e
r
e
o
f
,
f
i
l
e
w
i
t
h
t
h
e
R
e
g
i
s
t
r
a
r
a
n
o
t
i
c
e
i
n
w
r
i
t
i
n
g
g
i
v
i
n
g
t
h
e
f
u
l
l
a
d
d
r
e
s
s
o
f
t
h
a
t
o
t
h
e
r
p
l
a
c
e
:
P
r
o
v
i
d
e
d
f
u
r
t
h
e
r
t
h
a
t
t
h
e
c
o
m
p
a
n
y
m
a
y
k
e
e
p
s
u
c
h
b
o
o
k
s
o
f
a
c
c
o
u
n
t
o
r
o
t
h
e
r
r
e
l
e
v
a
n
t
p
a
p
e
r
s
i
n
e
l
e
c
t
r
o
n
i
c
m
o
d
e
i
n
s
u
c
h
m
a
n
n
e
r
a
s
m
a
y
b
e
p
r
e
s
c
r
i
b
e
d
.
(
6
)
I
f
t
h
e
m
a
n
a
g
i
n
g
d
i
r
e
c
t
o
r
,
t
h
e
w
h
o
l
e
-
t
i
m
e
d
i
r
e
c
t
o
r
i
n
c
h
a
r
g
e
o
f
f
i
n
a
n
c
e
,
t
h
e
C
h
i
e
f
F
i
n
a
n
c
i
a
l
O
f
f
i
c
e
r
o
r
a
n
y
o
t
h
e
r
p
e
r
s
o
n
o
f
a
c
o
m
p
a
n
y
c
h
a
r
g
e
d
b
y
t
h
e
B
o
a
r
d
w
i
t
h
t
h
e
d
u
t
y
o
f
c
o
m
p
l
y
i
n
g
w
i
t
h
t
h
e
p
r
o
v
i
s
i
o
n
s
o
f
t
h
i
s
s
e
c
t
i
o
n
,
c
o
n
t
r
a
v
e
n
e
s
s
u
c
h
p
r
o
v
i
s
i
o
n
s
,
s
u
c
h
m
a
n
a
g
i
n
g
d
i
r
e
c
t
o
r
,
w
h
o
l
e
-
t
i
m
e
d
i
r
e
c
t
o
r
i
n
c
h
a
r
g
e
o
f
f
i
n
a
n
c
e
,
C
h
i
e
f
F
i
n
a
n
c
i
a
l
o
f
f
i
c
e
r
o
r
s
u
c
h
o
t
h
e
r
p
e
r
s
o
n
o
f
t
h
e
c
o
m
p
a
n
y
s
h
a
l
l
b
e
p
u
n
i
s
h
a
b
l
e
w
i
t
h
f
i
n
e
w
h
i
c
h
s
h
a
l
l
n
o
t
b
e
l
e
s
s
t
h
a
n
f
i
f
t
y
t
h
o
u
s
a
n
d
r
u
p
e
e
s
b
u
t
w
h
i
c
h
m
a
y
e
x
t
e
n
d
t
o
f
i
v
e
l
a
k
h
r
u
p
e
e
s
.
9
.
1
.
3
-
C
o
m
p
a
n
i
e
s
(
A
c
c
o
u
n
t
s
)
R
u
l
e
s
,
2
0
1
4
3. Manner of books of account to be kept in electronic mode.-
(1)
The books of account and other relevant books and papers
maintained in electronic mode shall remain accessible in India, at all times
accessible in India so as to be usable for subsequent reference.
Provided
that for the financial year commencing on or after the 1st day of
April, 2023, every company which uses
accounting software
for
maintaining its books of account, shall use only such accounting software
which has a feature of
recording audit trail
of each and every transaction,
creating an edit log of each change made in books of account along with
the date when such changes were made and ensuring that the audit trail
cannot be disabled.
Requirement for Auditors
9
S
e
c
t
i
o
n
1
4
3
(
3
)
o
f
C
o
m
p
a
n
i
e
s
A
c
t
,
2
0
1
3
(
“
t
h
e
A
c
t
”
)
p
r
o
v
i
d
e
s
v
a
r
i
o
u
s
m
a
t
t
e
r
s
o
n
w
h
i
c
h
a
u
d
i
t
o
r
s
a
r
e
r
e
q
u
i
r
e
d
t
o
r
e
p
o
r
t
.
C
l
a
u
s
e
(
j
)
o
f
S
e
c
t
i
o
n
1
4
3
(
3
)
s
t
a
t
e
s
t
h
a
t
a
u
d
i
t
o
r
’
s
r
e
p
o
r
t
s
h
a
l
l
a
l
s
o
s
t
a
t
e
s
u
c
h
o
t
h
e
r
m
a
t
t
e
r
s
a
s
m
a
y
b
e
p
r
e
s
c
r
i
b
e
d
.
T
h
e
s
e
m
a
t
t
e
r
s
a
r
e
p
r
e
s
c
r
i
b
e
d
u
n
d
e
r
R
u
l
e
1
1
o
f
t
h
e
C
o
m
p
a
n
i
e
s
(
A
u
d
i
t
a
n
d
A
u
d
i
t
o
r
s
)
R
u
l
e
s
,
2
0
1
4
.
M
C
A
v
i
d
e
i
t
s
n
o
t
i
f
i
c
a
t
i
o
n
d
a
t
e
d
M
a
r
c
h
2
4
,
2
0
2
1
h
a
s
i
s
s
u
e
d
‘
C
o
m
p
a
n
i
e
s
(
A
u
d
i
t
a
n
d
A
u
d
i
t
o
r
s
)
A
m
e
n
d
m
e
n
t
R
u
l
e
s
,
2
0
2
1
’
(
“
A
u
d
i
t
R
u
l
e
s
”
)
Audit rules have
introduced new Rule 11(g) in Companies (Audit and Auditors) Rules, 2014
S
e
c
4
5
0
:
P
u
n
i
s
h
m
e
n
t
w
h
e
r
e
n
o
s
p
e
c
i
f
i
c
p
e
n
a
l
t
y
o
r
p
u
n
i
s
h
m
e
n
t
i
s
p
r
o
v
i
d
e
d
:
I
f
a
c
o
m
p
a
n
y
o
r
a
n
y
o
f
f
i
c
e
r
o
f
a
c
o
m
p
a
n
y
o
r
a
n
y
o
t
h
e
r
p
e
r
s
o
n
c
o
n
t
r
a
v
e
n
e
s
a
n
y
o
f
t
h
e
p
r
o
v
i
s
i
o
n
s
o
f
t
h
i
s
A
c
t
o
r
t
h
e
r
u
l
e
s
m
a
d
e
t
h
e
r
e
u
n
d
e
r
,
o
r
a
n
y
c
o
n
d
i
t
i
o
n
,
l
i
m
i
t
a
t
i
o
n
o
r
r
e
s
t
r
i
c
t
i
o
n
s
u
b
j
e
c
t
t
o
w
h
i
c
h
a
n
y
a
p
p
r
o
v
a
l
,
s
a
n
c
t
i
o
n
,
c
o
n
s
e
n
t
,
c
o
n
f
i
r
m
a
t
i
o
n
,
r
e
c
o
g
n
i
t
i
o
n
,
d
i
r
e
c
t
i
o
n
o
r
e
x
e
m
p
t
i
o
n
i
n
r
e
l
a
t
i
o
n
t
o
a
n
y
m
a
t
t
e
r
h
a
s
b
e
e
n
a
c
c
o
r
d
e
d
,
g
i
v
e
n
o
r
g
r
a
n
t
e
d
,
a
n
d
f
o
r
w
h
i
c
h
n
o
p
e
n
a
l
t
y
o
r
p
u
n
i
s
h
m
e
n
t
i
s
p
r
o
v
i
d
e
d
e
l
s
e
w
h
e
r
e
i
n
t
h
i
s
A
c
t
,
t
h
e
c
o
m
p
a
n
y
a
n
d
e
v
e
r
y
o
f
f
i
c
e
r
o
f
t
h
e
c
o
m
p
a
n
y
w
h
o
i
s
i
n
d
e
f
a
u
l
t
o
r
s
u
c
h
o
t
h
e
r
p
e
r
s
o
n
s
h
a
l
l
b
e
p
u
n
i
s
h
a
b
l
e
w
i
t
h
f
i
n
e
w
h
i
c
h
m
a
y
e
x
t
e
n
d
t
o
t
e
n
t
h
o
u
s
a
n
d
r
u
p
e
e
s
,
a
n
d
w
h
e
r
e
t
h
e
c
o
n
t
r
a
v
e
n
t
i
o
n
i
s
c
o
n
t
i
n
u
i
n
g
o
n
e
,
w
i
t
h
a
f
u
r
t
h
e
r
f
i
n
e
w
h
i
c
h
m
a
y
e
x
t
e
n
d
t
o
o
n
e
t
h
o
u
s
a
n
d
r
u
p
e
e
s
f
o
r
e
v
e
r
y
d
a
y
a
f
t
e
r
t
h
e
f
i
r
s
t
d
u
r
i
n
g
w
h
i
c
h
t
h
e
c
o
n
t
r
a
v
e
n
t
i
o
n
c
o
n
t
i
n
u
e
s
.
Requirement of Rule 11(g)
10
Rule 11(g) requires auditors’ report to state whether the company, has used
such
accounting software
for maintaining its
books of account
which has:
Feature of
recording
audit trail
(edit log) facility and
T
he same has been
operated
throughout the year
for all transactions
recorded in the software and
T
he audit trail feature has
not been tampered
with and
T
he audit trail has been
preserved
by the company as per the statutory
requirements for record retention.
C
o
m
m
e
n
t
s
:
M
a
n
u
a
l
,
P
a
r
t
l
y
o
r
f
u
l
l
y
:
N
o
t
A
p
p
l
i
c
a
b
l
e
Requirement of Rule 11(g)
11
The requirement was initially made applicable for financial year commencing
on or after the 1
st
day of April 2021 vide notification dated March 24, 2021.
However the applicability was deferred to financial year commencing on or
after April 1, 2022 vide MCA notification dated April 1, 2021.
Requirement for Companies
12
•
A
n
e
w
r
e
q
u
i
r
e
m
e
n
t
f
o
r
c
o
m
p
a
n
i
e
s
h
a
s
b
e
e
n
p
r
e
s
c
r
i
b
e
d
u
n
d
e
r
t
h
e
p
r
o
v
i
s
o
t
o
R
u
l
e
3
(
1
)
o
f
C
o
m
p
a
n
i
e
s
(
A
c
c
o
u
n
t
s
)
R
u
l
e
s
,
2
0
1
4
(
“
A
c
c
o
u
n
t
R
u
l
e
s
”
)
r
e
q
u
i
r
i
n
g
c
o
m
p
a
n
i
e
s
,
w
h
i
c
h
u
s
e
a
c
c
o
u
n
t
i
n
g
s
o
f
t
w
a
r
e
f
o
r
m
a
i
n
t
a
i
n
i
n
g
t
h
e
i
r
b
o
o
k
s
o
f
a
c
c
o
u
n
t
,
t
o
u
s
e
o
n
l
y
s
u
c
h
s
o
f
t
w
a
r
e
w
h
i
c
h
h
a
s
a
u
d
i
t
t
r
a
i
l
f
e
a
t
u
r
e
.
•
This requirement was initially made applicable for F.Y. commencing on or
after April 1, 2021. However, its applicability has been deferred two times
and this requirement is finally applicable from April 1, 2023.
Scope of Implementation Guide
13
•
The purpose of this Guide is to enable the auditors to comply with the
reporting requirements of Rule 11(g). This Guide provides the principle
based guidance for reporting and auditors are expected to exercise their
professional judgement while reporting on Rule 11(g).
•
This Guide has been developed to provide detailed guidance to auditors
to enable compliance with reporting requirement under Rule 11(g).
What constitutes Books of Account
14
•
For purpose of reporting under Rule 11(g), definition of “books of
account” will be as per definition given in Section 2(13) of the Act.
•
B
o
o
k
s
o
f
A
c
c
o
u
n
t
a
s
p
e
r
S
e
c
t
i
o
n
2
(
1
3
)
o
f
t
h
e
A
c
t
i
n
c
l
u
d
e
s
r
e
c
o
r
d
s
m
a
i
n
t
a
i
n
e
d
i
n
r
e
s
p
e
c
t
o
f
—
(i)
all sums of money received and expended by a company and
matters in relation to which the receipts and expenditure take place;
(ii)
all sales and purchases of goods and services by the company;
(iii)
the assets and liabilities of the company; and
(iv)
the items of cost as may be prescribed under section 148 in the
case of a company which belongs to any class of companies specified
under that section;
What constitutes Books of Account
15
•
Any software
that maintains records or transactions that fall under the
definition of Books of Account as per the section 2(13) of the Act will be
considered as accounting software for purpose of Rule 11(g).
•
Example: i
f sales are recorded in a standalone software and only
consolidated entries are recorded monthly into the software used to
maintain the general ledger, the sales software should also have the
audit trail feature since sales invoices would be covered under Books of
Account.
Which records do not require Audit Trail
16
•
The requirements of audit trail are applicable to the extent a company
maintains its records in electronic form by using an accounting software.
•
T
h
u
s
,
w
h
e
r
e
t
h
e
b
o
o
k
s
o
f
a
c
c
o
u
n
t
a
r
e
e
n
t
i
r
e
l
y
m
a
i
n
t
a
i
n
e
d
m
a
n
u
a
l
l
y
–
t
h
e
a
s
s
e
s
s
m
e
n
t
a
n
d
r
e
p
o
r
t
i
n
g
r
e
s
p
o
n
s
i
b
i
l
i
t
y
u
n
d
e
r
R
u
l
e
1
1
(
g
)
w
i
l
l
n
o
t
b
e
a
p
p
l
i
c
a
b
l
e
a
n
d
a
c
c
o
r
d
i
n
g
l
y
,
s
a
m
e
w
o
u
l
d
n
e
e
d
t
o
b
e
r
e
p
o
r
t
e
d
a
s
s
t
a
t
e
m
e
n
t
o
f
f
a
c
t
b
y
t
h
e
a
u
d
i
t
o
r
a
g
a
i
n
s
t
t
h
i
s
c
l
a
u
s
e
.
Management’s Responsibility
17
Accounts Rules require that
every company which
uses an accounting software
for maintaining its books of account, should use only such accounting software
which has the following features:
Records
an audit trail of each and every transaction,
creating
an edit log of
each change made in the books of account along with the date when such
changes were made; and
Ensuring that audit trail is
not disabled
.
T
h
u
s
,
i
t
i
s
t
h
e
m
a
n
a
g
e
m
e
n
t
,
w
h
o
i
s
p
r
i
m
a
r
i
l
y
r
e
s
p
o
n
s
i
b
l
e
f
o
r
e
n
s
u
r
i
n
g
s
e
l
e
c
t
i
o
n
o
f
t
h
e
a
p
p
r
o
p
r
i
a
t
e
a
c
c
o
u
n
t
i
n
g
s
o
f
t
w
a
r
e
f
o
r
e
n
s
u
r
i
n
g
c
o
m
p
l
i
a
n
c
e
w
i
t
h
a
p
p
l
i
c
a
b
l
e
l
a
w
s
a
n
d
r
e
g
u
l
a
t
i
o
n
s
.
Management’s Responsibility
18
Accounting software may be hosted and maintained in India or outside
India or may be on-premise or on cloud or subscribed to as Software as a
Service (SaaS) software. Further, a company may be using a software
which is maintained at
a service organisation. For example, the company
may have outsourced its payroll processing with a shared service centre
and the shared service centre may use its own software to process payroll
for the company.
Auditor’s Responsibility
19
Rule 11(g) requires auditor to report on audit trail by making a
specific assertion
in audit
report under the section ‘Report on Other Legal and Regulatory Requirements’.
In addition to comment on whether company is using an accounting software which has
a feature of recording audit trail, auditor is expected to
verify
following aspects:
w
h
e
t
h
e
r
a
u
d
i
t
t
r
a
i
l
f
e
a
t
u
r
e
i
s
c
o
n
f
i
g
u
r
a
b
l
e
(
i
.
e
.
,
i
f
i
t
c
a
n
b
e
d
i
s
a
b
l
e
d
o
r
t
a
m
p
e
r
e
d
w
i
t
h
)
?
w
h
e
t
h
e
r
a
u
d
i
t
t
r
a
i
l
f
e
a
t
u
r
e
w
a
s
e
n
a
b
l
e
d
/
o
p
e
r
a
t
e
d
t
h
r
o
u
g
h
o
u
t
t
h
e
y
e
a
r
?
w
h
e
t
h
e
r
a
l
l
t
r
a
n
s
a
c
t
i
o
n
s
r
e
c
o
r
d
e
d
i
n
t
h
e
s
o
f
t
w
a
r
e
a
r
e
c
o
v
e
r
e
d
i
n
a
u
d
i
t
t
r
a
i
l
f
e
a
t
u
r
e
?
w
h
e
t
h
e
r
a
u
d
i
t
t
r
a
i
l
p
r
e
s
e
r
v
e
d
a
s
p
e
r
s
t
a
t
u
t
o
r
y
r
e
q
u
i
r
e
m
e
n
t
s
f
o
r
r
e
c
o
r
d
r
e
t
e
n
t
i
o
n
?
Auditor’s Responsibility
20
Any software used to maintain books of account will be covered within the
ambit of this Rule.
A
ny software
that maintains records or transactions that fall under the
definition of books of account as per section 2(13) of the Act will be
considered as accounting software
for this purpose.
Interplay of Accounts Rules with Audit Rules
21
T
h
e
r
e
q
u
i
r
e
m
e
n
t
o
f
a
c
c
o
u
n
t
i
n
g
s
o
f
t
w
a
r
e
h
a
v
i
n
g
f
e
a
t
u
r
e
o
f
a
u
d
i
t
t
r
a
i
l
h
a
s
b
e
e
n
p
r
e
s
c
r
i
b
e
d
o
n
l
y
i
n
t
h
e
c
o
n
t
e
x
t
o
f
b
o
o
k
s
o
f
a
c
c
o
u
n
t
.
T
h
i
s
i
s
e
v
i
d
e
n
c
e
d
b
y
t
h
e
f
a
c
t
t
h
a
t
a
s
p
e
r
p
r
o
v
i
s
o
t
o
R
u
l
e
,
a
c
c
o
u
n
t
i
n
g
s
o
f
t
w
a
r
e
s
h
o
u
l
d
b
e
c
a
p
a
b
l
e
o
f
c
r
e
a
t
i
n
g
a
n
e
d
i
t
l
o
g
o
f
“
e
a
c
h
c
h
a
n
g
e
m
a
d
e
i
n
b
o
o
k
s
o
f
a
c
c
o
u
n
t
.
”
However, Rule 11(g)
requires auditor to comment as to whether the company has used such
accounting software for maintaining its books of account which has a feature of recording
audit trail (edit log) facility and the same has been operated throughout the year for all
transactions recorded in software and audit trail feature has not been tampered with and audit
trail has been preserved by company as per statutory requirements for record retention.
Therefore, companies are required to maintain audit trail (edit log) for each change made in
the books of account. Accordingly, the term ‘all transactions recorded in the software’ would
refer to all transactions that result in change to the books of account.
Interplay of Accounts Rules with Audit Rules
22
G
i
v
i
n
g
d
u
e
c
o
g
n
i
z
a
n
c
e
t
o
d
e
f
i
n
i
t
i
o
n
o
f
“
b
o
o
k
s
o
f
a
c
c
o
u
n
t
”
a
s
p
e
r
S
e
c
t
i
o
n
2
(
1
3
)
o
f
t
h
e
A
c
t
a
n
d
R
u
l
e
3
o
f
t
h
e
A
c
c
o
u
n
t
R
u
l
e
s
w
h
i
c
h
p
r
o
v
i
d
e
s
f
o
r
t
h
e
m
a
n
a
g
e
m
e
n
t
r
e
s
p
o
n
s
i
b
i
l
i
t
i
e
s
f
o
r
m
a
i
n
t
e
n
a
n
c
e
o
f
b
o
o
k
s
o
f
a
c
c
o
u
n
t
a
n
d
o
t
h
e
r
r
e
l
e
v
a
n
t
b
o
o
k
s
a
n
d
p
a
p
e
r
s
m
a
i
n
t
a
i
n
e
d
i
n
e
l
e
c
t
r
o
n
i
c
m
o
d
e
,
t
h
e
a
u
d
i
t
o
r
w
o
u
l
d
b
e
e
x
p
e
c
t
e
d
t
o
c
h
e
c
k
w
h
e
t
h
e
r
t
h
e
a
u
d
i
t
t
r
a
i
l
i
s
e
n
a
b
l
e
d
f
o
r
s
u
c
h
t
r
a
n
s
a
c
t
i
o
n
s
w
h
i
c
h
r
e
s
u
l
t
i
n
a
c
h
a
n
g
e
t
o
t
h
e
b
o
o
k
s
o
f
a
c
c
o
u
n
t
.
Applicability
23
Considering the applicability date of amended audit rules, it implies that the auditor is
not required to assess appropriateness of audit trail of previous years and the
assessment will be only for prospective financial years.
A
p
p
l
i
c
a
b
i
l
i
t
y
f
o
r
F
Y
2
0
2
2
-
2
3
A
pplicability of
Account Rules
will
commence
on or after
April 1, 2023
. Thus, there is
likely to be a scenario for FY 2022-23 where in absence of compliance requirement
for companies, auditors would
not be able to report under Audit Rules.
Applicability
24
A
u
d
i
t
o
r
s
o
f
a
l
l
c
l
a
s
s
o
f
c
o
m
p
a
n
i
e
s
w
o
u
l
d
b
e
r
e
q
u
i
r
e
d
t
o
r
e
p
o
r
t
o
n
t
h
e
s
e
m
a
t
t
e
r
s
i
n
c
l
u
d
i
n
g
s
e
c
t
i
o
n
8
c
o
m
p
a
n
i
e
s
,
f
o
r
e
i
g
n
c
o
m
p
a
n
i
e
s
.
W
h
e
r
e
t
h
e
b
o
o
k
s
o
f
a
c
c
o
u
n
t
a
r
e
e
n
t
i
r
e
l
y
m
a
i
n
t
a
i
n
e
d
m
a
n
u
a
l
l
y
–
t
h
e
a
s
s
e
s
s
m
e
n
t
a
n
d
r
e
p
o
r
t
i
n
g
r
e
s
p
o
n
s
i
b
i
l
i
t
y
u
n
d
e
r
R
u
l
e
1
1
(
g
)
w
i
l
l
n
o
t
b
e
a
p
p
l
i
c
a
b
l
e
a
n
d
a
c
c
o
r
d
i
n
g
l
y
,
s
a
m
e
w
o
u
l
d
n
e
e
d
t
o
b
e
r
e
p
o
r
t
e
d
a
s
s
t
a
t
e
m
e
n
t
o
f
f
a
c
t
b
y
t
h
e
a
u
d
i
t
o
r
a
g
a
i
n
s
t
t
h
i
s
c
l
a
u
s
e
.
Auditor is required to comment on Rule 11(g) both in case of standalone financial
statements and consolidated financial statements (CFS).
In case of CFS, the principal auditor should apply professional judgment and comply
with applicable Standards on Auditing, in particular, SA 600, “Using the Work of Another
Auditor” while assessing the matters reported by the auditors of components that are
Indian companies.
Preservation of Audit Trails
25
Auditor is required to comment whether the audit trail has been preserved
by the company as per the statutory requirements for record retention.
Section 128(5) of the Act requires books of account to be preserved by
companies for a minimum period of
eight years.
So,
company would need to retain audit trail for a minimum period of eight
years
i.e., effective from the date of applicability of the Account Rules (i.e.,
currently April 1, 2023, onwards).
Audit Approach
26
E
n
s
u
r
i
n
g
m
a
n
a
g
e
m
e
n
t
i
s
a
s
s
u
m
i
n
g
p
r
i
m
a
r
y
r
e
s
p
o
n
s
i
b
i
l
i
t
y
Auditor would need to ensure that management assumes primary responsibility to:
identify records and transactions that constitute books of account under section 2(13)
of the Act
identify accounting software(s) used for creation and maintenance of books of account
ensure such software have audit trail feature
ensure that audit trail captures changes to each and every transaction
ensure that audit trail feature is always enabled
Audit Approach
27
E
nsure that audit trail is enabled at database level for logging any direct data
changes;
ensure that audit trail is appropriately protected from any modification;
ensure that audit trail is retained as per statutory requirements for record retention;
ensure that controls over maintenance and monitoring of audit trail and its feature
are designed and operating effectively throughout period of reporting.
Audit Approach
28
S
p
e
c
i
f
i
c
I
n
t
e
r
n
a
l
C
o
n
t
r
o
l
s
In order to demonstrate that audit trail feature was functional, operated and not disabled,
a company would have to design and implement specific internal controls
(predominantly IT controls) which in turn, would be evaluated by the auditors. Examples:
Controls to ensure that audit trail feature has not been disabled or deactivated.
Controls to ensure that User IDs assigned to each individual and User IDs not shared.
Controls to ensure that changes to configurations of audit trail are authorized and logs
of such changes are maintained.
Controls to ensure that access to audit trail (and backups) is disabled or restricted and
access logs, whenever audit trails have been accessed, are maintained.
Controls to ensure that periodic backups of audit trails are taken and archived as per
the statutory period specified under Section 128 of the Act.
Audit Approach
29
I
d
e
n
t
i
f
i
c
a
t
i
o
n
o
f
r
e
l
e
v
a
n
t
t
r
a
n
s
a
c
t
i
o
n
s
In respect of identification of relevant transactions, auditor may consider performing
following procedures:
Assess management’s identification of records and transactions where audit trail needs
to be captured and verify, on a test basis, whether the audit trail has been configured
and enabled for the identified accounting software.
Evaluate management’s approach regarding identification of accounting software which
have been considered for the purposes of maintenance of audit trail.
Inquire with the management on how they evaluated changes required for the
maintenance of audit trail as part of changes or upgrades to the accounting software.
Where applicable, consider involvement of specialists/experts in field of IT to assist in
evaluation of management controls and configurations in accounting software with
regard to audit trail.
Audit Approach
30
In case accounting software is supported by service providers,
management and auditor may consider using independent auditor’s report
of service organisation e.g. Service Organisation Control Type 2 (SOC 2)/
SAE 3402, “Assurance Reports on Controls At a Service Organization” for
compliance with audit trail requirements.
It is expected that management ensures that the administrative access to
the audit trail is restricted to authorized representatives.
Audit Approach
31
A
s
p
e
c
t
s
o
f
A
c
c
o
u
n
t
i
n
g
S
o
f
t
w
a
r
e
Auditor may consider following aspects of accounting software for the purpose of reporting:
i.
the software configuration that controls enabling or disabling of the audit trail and whether
audit trail was enabled throughout the period.
ii.
the access to such configurations.
iii.
any changes to the audit trail configuration during the period of audit (during the financial
year and also from the date of financial statements but before the date of auditor’s report).
iv.
the periodic review mechanism implemented and operated by management for any changes
to the audit trail configuration.
v.
the completeness and accuracy of audit trail or edit logs that are generated through the
software functionalities or directly recorded in the underlying database
vi.
any testing management has performed to assess completeness and accuracy of audit trail.
Audit Approach
32
I
n
r
e
s
p
e
c
t
o
f
p
r
e
s
e
r
v
a
t
i
o
n
o
f
a
u
d
i
t
t
r
a
i
l
s
:
I
nquire with management to understand the procedures implemented
R
eview, on a sample basis, audit trail records maintained by management
for each applicable year
Unlike reporting on IFC, Rule 11(g) requires auditor to report that the feature of
recording audit trail facility has “operated throughout the year for all
transactions recorded in the accounting software”.
A
uditor is expected to evaluate reporting implications specifically giving due
consideration to SA 250, “Consideration of Laws and Regulations in an Audit
of Financial Statements”.
Audit Approach
33
E
x
p
e
c
t
e
d
S
c
e
n
a
r
i
o
s
In respect of audit trail, following are likely to be expected scenarios:
i.
Management may maintain adequate audit trail as required by Account
Rules.
ii.
Management may not have identified all records/ transactions for which
audit trail should be maintained.
iii.
The accounting software does not have the feature to maintain audit trail,
or it was not enabled throughout the audit period.
Scenarios (ii) and (iii) mentioned above would result in a modified /adverse
reporting under Rule 11(g).
Illustrative reporting: FY 2022-23
34
In respect of financial year 2022-23, where management has not been mandated
to use accounting software with requisite audit trail facility, reporting can be as
illustrated below:
As proviso to rule 3(1) of the Companies (Accounts) Rules, 2014 is applicable for the
company only w.e.f. April 1, 2023, reporting under this clause is not applicable.
Illustrative reporting
: Standalone Financial Statements
35
U
n
m
o
d
i
f
i
e
d
R
e
p
o
r
t
i
n
g
Based on our examination which included test checks, the company has used
an accounting software for maintaining its books of account which has a
feature of recording audit trail
(edit log) facility and the same has operated
throughout the year for all relevant transactions recorded in the software.
Further, during the course of our audit we did not come across any instance of
audit trail feature being
tampered
with. Additionally, the audit trail has been
preserved
by company as per the statutory requirements for record retention.
Illustrative reporting: Consolidated Financial Statements
36
U
n
m
o
d
i
f
i
e
d
R
e
p
o
r
t
i
n
g
Based on our examination which included test checks and that performed by
the respective auditors of the subsidiaries, associates and joint ventures/ joint
operations which are companies incorporated in India whose financial
statements have been audited under the Act, the company, subsidiaries,
associates and joint ventures/ joint operations have used an accounting
software for maintaining its books of account which has a feature of recording
audit trail (edit log) facility and the same has operated throughout the year for
all relevant transactions recorded in the software. Further, during the course of
our audit we did not come across any instance of audit trail feature being
tampered with. Additionally, the audit trail has been preserved by the company
as per the statutory requirements for record retention.
Illustrative reporting: Consolidated Financial Statements
37
M
o
d
i
f
i
e
d
R
e
p
o
r
t
i
n
g
B
a
s
e
d
o
n
o
u
r
e
x
a
m
i
n
a
t
i
o
n
,
w
h
i
c
h
i
n
c
l
u
d
e
d
t
e
s
t
c
h
e
c
k
s
,
a
n
d
t
h
a
t
p
e
r
f
o
r
m
e
d
b
y
t
h
e
r
e
s
p
e
c
t
i
v
e
a
u
d
i
t
o
r
s
o
f
t
h
e
s
u
b
s
i
d
i
a
r
i
e
s
,
a
s
s
o
c
i
a
t
e
s
a
n
d
j
o
i
n
t
v
e
n
t
u
r
e
s
/
j
o
i
n
t
o
p
e
r
a
t
i
o
n
s
w
h
i
c
h
a
r
e
c
o
m
p
a
n
i
e
s
i
n
c
o
r
p
o
r
a
t
e
d
i
n
I
n
d
i
a
w
h
o
s
e
f
i
n
a
n
c
i
a
l
s
t
a
t
e
m
e
n
t
s
h
a
v
e
b
e
e
n
a
u
d
i
t
e
d
u
n
d
e
r
t
h
e
A
c
t
,
e
x
c
e
p
t
f
o
r
t
h
e
i
n
s
t
a
n
c
e
s
m
e
n
t
i
o
n
e
d
b
e
l
o
w
,
t
h
e
c
o
m
p
a
n
y
,
s
u
b
s
i
d
i
a
r
i
e
s
,
a
s
s
o
c
i
a
t
e
s
a
n
d
j
o
i
n
t
v
e
n
t
u
r
e
s
/
j
o
i
n
t
o
p
e
r
a
t
i
o
n
s
h
a
v
e
u
s
e
d
a
n
a
c
c
o
u
n
t
i
n
g
s
o
f
t
w
a
r
e
f
o
r
m
a
i
n
t
a
i
n
i
n
g
i
t
s
b
o
o
k
s
o
f
a
c
c
o
u
n
t
w
h
i
c
h
h
a
s
a
f
e
a
t
u
r
e
o
f
r
e
c
o
r
d
i
n
g
a
u
d
i
t
t
r
a
i
l
(
e
d
i
t
l
o
g
)
f
a
c
i
l
i
t
y
a
n
d
t
h
e
s
a
m
e
h
a
s
o
p
e
r
a
t
e
d
t
h
r
o
u
g
h
o
u
t
t
h
e
y
e
a
r
f
o
r
a
l
l
r
e
l
e
v
a
n
t
t
r
a
n
s
a
c
t
i
o
n
s
r
e
c
o
r
d
e
d
i
n
t
h
e
s
o
f
t
w
a
r
e
.
F
u
r
t
h
e
r
,
d
u
r
i
n
g
t
h
e
c
o
u
r
s
e
o
f
o
u
r
a
u
d
i
t
,
w
e
a
n
d
r
e
s
p
e
c
t
i
v
e
a
u
d
i
t
o
r
s
o
f
t
h
e
a
b
o
v
e
r
e
f
e
r
r
e
d
s
u
b
s
i
d
i
a
r
i
e
s
,
a
s
s
o
c
i
a
t
e
s
a
n
d
j
o
i
n
t
v
e
n
t
u
r
e
s
/
j
o
i
n
t
o
p
e
r
a
t
i
o
n
s
d
i
d
n
o
t
c
o
m
e
a
c
r
o
s
s
a
n
y
i
n
s
t
a
n
c
e
o
f
a
u
d
i
t
t
r
a
i
l
f
e
a
t
u
r
e
b
e
i
n
g
t
a
m
p
e
r
e
d
w
i
t
h
.
A
d
d
i
t
i
o
n
a
l
l
y
,
t
h
e
a
u
d
i
t
t
r
a
i
l
h
a
s
b
e
e
n
p
r
e
s
e
r
v
e
d
b
y
t
h
e
H
o
l
d
i
n
g
C
o
m
p
a
n
y
a
n
d
a
b
o
v
e
r
e
f
e
r
r
e
d
s
u
b
s
i
d
i
a
r
i
e
s
,
a
s
s
o
c
i
a
t
e
s
a
n
d
j
o
i
n
t
v
e
n
t
u
r
e
s
/
j
o
i
n
t
o
p
e
r
a
t
i
o
n
s
a
s
p
e
r
t
h
e
s
t
a
t
u
t
o
r
y
r
e
q
u
i
r
e
m
e
n
t
s
f
o
r
r
e
c
o
r
d
r
e
t
e
n
t
i
o
n
.
Illustrative wordings for modified reporting
38
Reporting under this Rule requires factual reporting. In case a company has exceptions
in complying to Account Rules, auditor may use the language as given in examples
below.
Illustrative wordings for modified reporting
39
Illustrative wordings for modified reporting
40
Special Consideration in case of Fraud Scenarios
41
An auditor may come across a scenario where occurrence of an error/ fraud could not
be established due to lack of maintenance, availability/ retrievability of audit trails.
In evaluating the severity of a deficiency for such instances specifically in cases of
fraud, the auditor should primarily consider two factors
•
the likelihood that the deficiency will result in a material misstatement, and
•
the magnitude of such an outcome.
This scenario would, in essence, call for performing an assessment of risk of material
misstatement due to fraud and would consider both qualitative and quantitative factors
in assessing a deficiency or combination of deficiencies as a significant deficiency or
material weakness.
It
would accordingly require application of professional judgement while linking the
reporting against Rule 11(g) and section 143(12) of the Act/ clause (x) of CARO 2020
(as the case may be).
Reporting under Rule 11(g) vis-à-vis Section 143(3)(i)
42
Section 143(3)(i) of the Act, where applicable, requires the auditor to state in his audit
report whether the company has adequate internal financial controls with reference to
financial statements in place and the operating effectiveness of such controls.
Guidance in this regard has been prescribed vide “Guidance Note on Audit of Internal
Financial Controls Over Financial Reporting (the Guidance Note) issued by ICAI.
Guidance Note does not entail any detailed audit procedures in respect of reporting
against Rule 11(g).
Accordingly, where the feature of audit trail has not operated throughout the year, the
auditor may need to appropriately modify his comment while reporting under Rule
11(g) depending upon the further testing/examination as may be required to conclude
the wider impact on the reporting implication.
Obtaining Written Representation
43
Auditor shall obtain written representations from management on the following aspects:
Acknowledging
management's
responsibility
for establishing and maintaining adequate
controls for identifying, maintaining, controlling, and monitoring of audit trails on a
consistent basis.
Stating that management has performed an evaluation and assessed the adequacy
and effectiveness of the company's
procedures
for complying to the requirements
prescribed for audit trails.
Stating management's
conclusion
, as set forth in its assessment, about the adequacy
and effectiveness of the company's procedures w.r.t. audit trails.
Stating that management has disclosed to the auditor all
deficiencies
in the design or
operation of controls maintained for audit trails identified as part of management's
evaluation.
Obtaining Written Representation
44
Describing instances where identification of fraud, if any, resulting in a material
misstatement to the company's financial statements is identified while reviewing and
testing the samples related to the disablement of audit trail facility of the accounting
software.
Stating whether control deficiencies identified and communicated to the audit
committee in relation to audit trail during previous engagements have been resolved,
and specifically identifying any deficiency that have not been resolved.
Audit Documentation
45
Auditor may document the work performed on audit trail such that it provides:
A sufficient and appropriate record of basis for auditor’s reporting under Rule
11(g); and
evidence
that audit was planned and performed in accordance with this
Implementation Guide, applicable Standards on Auditing and applicable legal
and regulatory requirements.
In this regard, auditor may comply with requirements of SA 230, “Audit
Documentation” to the extent applicable.
P
r
a
c
t
i
c
a
l
T
i
p
s
1)
No accounting entry shall be passed today, relating to
past period, reflecting that it is passed in earlier period.
2)
However, an accounting entry relating to past period can
be passed today, reflecting clearly that it is passed today.
3)
Rectification entries
to be passed for any mistake in any
entry already passed.
4)
If audit trail is not there for
part of year
, qualification is
mandatory.
5)
JV
should be passed for
changes in opening entries
for
next year, if any.
P
r
a
c
t
i
c
a
l
S
i
t
u
a
t
i
o
n
s
1) Cane management software, must have audit trail : Raw
material consumed: monthly
2) Retail: B2C: Inventory management, must have audit trail :
3) Hospital : Operation management software: HMIS
(Hospital management Information system)
4) SAP: Period 13 entries: Adjustment entries
S
u
g
g
e
s
t
i
o
n
s
✓
Ask the client that
internal audit/monthly review
is
practically mandatory.
✓
Do
ABC analysis
of your fees & time involvement.
✓
Increase fees substantially, else
say 'no'.
✓
Even if 70% client increases fees, you will gain.
✓
Even if
30% clients go
, you will gain, as out of this
20% clients will come back with increased fees.
THANKS
This comprehensive guide covers the provisions, objective, and important terms related to reporting under Rule 11(g) of Companies (Audit and Auditors) Rules, 2014. It discusses the importance of maintaining proper books of accounts, introduces the concept of audit trail, explains crucial terms like edit log and accounting software, and highlights the requirements for books of account as per Section 2(13) of the Companies Act, 2013. Additionally, it emphasizes the obligation of every company to prepare and keep accurate financial records as per Section 128.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Implementation Guide on Reporting under Rule 11(g) of Companies (Audit and Auditors) Rules, 2014
Objective of provisions relating to Audit Trail To Compel Companies to comply with the provisions relating to maintain proper books of accounts
Important terms and their explanation Term Explanation Audit trail (Edit log) is a visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source. Audit trails are a chronological record of the changes that have been made to the data. Any change to data including creating new data, updating or deleting data that must be recorded. Audit Trail Accounting Software is a computer program or system that enables recording, maintenance and reporting of books of account and relevant ecosystem applicable to business requirements. The functionality of such accounting software differs from product to product. Every organization today employs multiple software for accounting, its operations and other requirements like consolidation, collection of data. Accounting Software 3
Important terms and their explanation Term Explanation Books of Account as per Section 2(13) of the Companies Act, 2013 includes records maintained in respect of Books of Account (i) all sums of money received and expended by a company and matters in relation to which the receipts and expenditure take place; (ii) all sales and purchases of goods and services by the company; (iii) the assets and liabilities of the company; and (iv) the items of cost as may be prescribed under section 148 in the case of a company which belongs to any class of companies specified under that section; 4
Section 128: Books of account, etc., to be kept by company (1) Every company shall prepare and keep at its registered office books of account and other relevant books and papers and financial statement for every financial year which give a true and fair view of the state of the affairs of the company, including that of its branch office or offices, if any, and explain the transactions effected both at the registered office and its branches and such books shall be kept on accrual basis and according to the double entry system of accounting:
Provided that all or any of the books of account aforesaid and other relevant papers may be kept at such other place in India as the Board of Directors may decide and where such a decision is taken, the company shall, within seven days thereof, file with the Registrar a notice in writing giving the full address of that other place: Provided further that the company may keep such books of account or other relevant papers in electronic mode in such manner as may be prescribed.
(6) If the managing director, the whole-time director in charge of finance, the Chief Financial Officer or any other person of a company charged by the Board with the duty of complying with the provisions of this section, contravenes such provisions, such managing director, whole-time director in charge of finance, Chief Financial officer or such other person of the company shall be punishable with fine which shall not be less than fifty thousand rupees but which may extend to five lakh rupees.
9.1.3-Companies (Accounts) Rules,2014 3. Manner of books of account to be kept in electronic mode.- (1) The books of account and other relevant books and papers maintained in electronic mode shall remain accessible in India, at all times accessible in India so as to be usable for subsequent reference. Provided that for the financial year commencing on or after the 1st day of April, 2023, every company which uses accounting software for maintaining its books of account, shall use only such accounting software which has a feature of recording audit trail of each and every transaction, creating an edit log of each change made in books of account along with the date when such changes were made and ensuring that the audit trail cannot be disabled.
Requirement for Auditors Section 143(3) of Companies Act, 2013 ( theAct ) provides various matters on which auditors are required to report. Clause (j) of Section 143(3) states that auditor s report shall also state such other matters as may be prescribed. These matters are prescribed under Rule 11 of the Companies (Audit and Auditors) Rules, 2014. MCA vide its notification dated March 24, 2021 has issued Companies (Audit and Auditors) Amendment Rules, 2021 ( Audit Rules ) Audit rules have introduced new Rule 11(g) in Companies (Audit and Auditors) Rules, 2014 Sec 450: Punishment where no specific penalty or punishment is provided: If a company or any officer of a company or any other person contravenes any of the provisions of this Act or the rules made thereunder, or any condition, limitation or restriction subject to which any approval, sanction, consent, confirmation, recognition, direction or exemption in relation to any matter has been accorded, given or granted, and for which no penalty or punishment is provided elsewhere in this Act, the company and every officer of the company who is in default or such other person shall be punishable with fine which may extend to ten thousand rupees, and where the contravention is continuing one, with a further fine which may extend to one thousand rupees for every day after the first during which the contravention continues. 9
Requirement of Rule 11(g) Rule 11(g) requires auditors report to state whether the company, has used such accounting software for maintaining its books of account which has: Feature of recording audit trail (edit log) facility and The same has been operated throughout the year for all transactions recorded in the software and The audit trail feature has not been tampered with and The audit trail has been preserved by the company as per the statutory requirements for record retention. Comments: Manual, Partly or fully : Not Applicable 10
Requirement of Rule 11(g) The requirement was initially made applicable for financial year commencing on or after the 1st day of April 2021 vide notification dated March 24, 2021. However the applicability was deferred to financial year commencing on or after April 1, 2022 vide MCA notification dated April 1, 2021. 11
Requirement for Companies A new requirement for companies has been prescribed under the proviso to Rule 3(1) of Companies (Accounts) Rules, 2014 ( AccountRules ) requiring companies, which use accounting software for maintaining their books of account, to use only such software which has audit trail feature. This requirement was initially made applicable for F.Y. commencing on or after April 1, 2021. However, its applicability has been deferred two times and this requirement is finally applicable from April 1, 2023. 12
Scope of Implementation Guide The purpose of this Guide is to enable the auditors to comply with the reporting requirements of Rule 11(g). This Guide provides the principle based guidance for reporting and auditors are expected to exercise their professional judgement while reporting on Rule 11(g). This Guide has been developed to provide detailed guidance to auditors to enable compliance with reporting requirement under Rule 11(g). 13
What constitutes Books of Account For purpose of reporting under Rule 11(g), definition of books of account will be as per definition given in Section 2(13) of the Act. Books of Account as per Section 2(13) of the Act includes records maintained in respect of (i) all sums of money received and expended by a company and matters in relation to which the receipts and expenditure take place; (ii) all sales and purchases of goods and services by the company; (iii) the assets and liabilities of the company; and (iv) the items of cost as may be prescribed under section 148 in the case of a company which belongs to any class of companies specified under that section; 14
What constitutes Books of Account Any software that maintains records or transactions that fall under the definition of Books of Account as per the section 2(13) of the Act will be considered as accounting software for purpose of Rule 11(g). Example: if sales are recorded in a standalone software and only consolidated entries are recorded monthly into the software used to maintain the general ledger, the sales software should also have the audit trail feature since sales invoices would be covered under Books of Account. 15
Which records do not require Audit Trail The requirements of audit trail are applicable to the extent a company maintains its records in electronic form by using an accounting software. Thus, where the books of account are entirely maintained manually the assessment and reporting responsibility under Rule 11(g) will not be applicable and accordingly, same would need to be reported as statement of fact by the auditor against this clause. 16
Managements Responsibility Accounts Rules require that every company which uses an accounting software for maintaining its books of account, should use only such accounting software which has the following features: Records an audit trail of each and every transaction, creating an edit log of each change made in the books of account along with the date when such changes were made; and Ensuring that audit trail is not disabled. Thus, it is the management, who is primarily responsible for ensuring selection of the appropriate accounting software for ensuring compliance with applicable laws and regulations. 17
Managements Responsibility Accounting software may be hosted and maintained in India or outside India or may be on-premise or on cloud or subscribed to as Software as a Service (SaaS) software. Further, a company may be using a software which is maintained at a service organisation. For example, the company may have outsourced its payroll processing with a shared service centre and the shared service centre may use its own software to process payroll for the company. 18
Auditors Responsibility Rule 11(g) requires auditor to report on audit trail by making a specific assertion in audit report under the section Report on Other Legal and Regulatory Requirements . In addition to comment on whether company is using an accounting software which has a feature of recording audit trail, auditor is expected to verify following aspects: whether audit trail feature is configurable (i.e., if it can be disabled or tampered with)? whether audit trail feature was enabled/operated throughout the year? whether all transactions recorded in the software are covered in audit trail feature? whether audit trail preserved as per statutory requirements for record retention? 19
Auditors Responsibility Any software used to maintain books of account will be covered within the ambit of this Rule. Any software that maintains records or transactions that fall under the definition of books of account as per section 2(13) of the Act will be considered as accounting software for this purpose. 20
Interplay of Accounts Rules with Audit Rules The requirement of accounting software having feature of audit trail has been prescribed only in the context of books of account. This is evidenced by the fact that as per proviso to Rule, accounting software should be capable of creating an edit log of each change made in books of account. However, Rule 11(g) requires auditor to comment as to whether the company has used such accounting software for maintaining its books of account which has a feature of recording audit trail (edit log) facility and the same has been operated throughout the year for all transactions recorded in software and audit trail feature has not been tampered with and audit trail has been preserved by company as per statutory requirements for record retention. Therefore, companies are required to maintain audit trail (edit log) for each change made in the books of account. Accordingly, the term all transactions recorded in the software would refer to all transactions that result in change to the books of account. 21
Interplay of Accounts Rules with Audit Rules Giving due cognizance to definition of books of account as per Section 2(13) of the Act and Rule 3 of the Account Rules which provides for the management responsibilities for maintenance of books of account and other relevant books and papers maintained in electronic mode, the auditor would be expected to check whether the audit trail is enabled for such transactions which result in a change to the books of account. 22
Applicability Considering the applicability date of amended audit rules, it implies that the auditor is not required to assess appropriateness of audit trail of previous years and the assessment will be only for prospective financial years. Applicability for FY 2022-23 Applicability of Account Rules will commence on or after April 1, 2023. Thus, there is likely to be a scenario for FY 2022-23 where in absence of compliance requirement for companies, auditors would not be able to report under Audit Rules. 23
Applicability Auditors of all class of companies would be required to report on these matters including section 8 companies, foreign companies. Where the books of account are entirely maintained manually the assessment and reporting responsibility under Rule 11(g) will not be applicable and accordingly, same would need to be reported as statement of fact by the auditor against this clause. Auditor is required to comment on Rule 11(g) both in case of standalone financial statements and consolidated financial statements (CFS). In case of CFS, the principal auditor should apply professional judgment and comply with applicable Standards on Auditing, in particular, SA 600, Using the Work of Another Auditor while assessing the matters reported by the auditors of components that are Indian companies. 24
Preservation of Audit Trails Auditor is required to comment whether the audit trail has been preserved by the company as per the statutory requirements for record retention. Section 128(5) of the Act requires books of account to be preserved by companies for a minimum period of eight years. So, company would need to retain audit trail for a minimum period of eight yearsi.e., effective from the date of applicability of the Account Rules (i.e., currently April 1, 2023, onwards). 25
Audit Approach Ensuring management is assuming primary responsibility Auditor would need to ensure that management assumes primary responsibility to: identify records and transactions that constitute books of account under section 2(13) of the Act identify accounting software(s) used for creation and maintenance of books of account ensure such software have audit trail feature ensure that audit trail captures changes to each and every transaction ensure that audit trail feature is always enabled 26
Audit Approach Ensure that audit trail is enabled at database level for logging any direct data changes; ensure that audit trail is appropriately protected from any modification; ensure that audit trail is retained as per statutory requirements for record retention; ensure that controls over maintenance and monitoring of audit trail and its feature are designed and operating effectively throughout period of reporting. 27
Audit Approach Specific Internal Controls In order to demonstrate that audit trail feature was functional, operated and not disabled, a company would have to design and implement specific internal controls (predominantly IT controls) which in turn, would be evaluated by the auditors. Examples: Controls to ensure that audit trail feature has not been disabled or deactivated. Controls to ensure that User IDs assigned to each individual and User IDs not shared. Controls to ensure that changes to configurations of audit trail are authorized and logs of such changes are maintained. Controls to ensure that access to audit trail (and backups) is disabled or restricted and access logs, whenever audit trails have been accessed, are maintained. Controls to ensure that periodic backups of audit trails are taken and archived as per the statutory period specified under Section 128 of the Act. 28
Audit Approach Identification of relevant transactions In respect of identification of relevant transactions, auditor may consider performing following procedures: Assess management s identification of records and transactions where audit trail needs to be captured and verify, on a test basis, whether the audit trail has been configured and enabled for the identified accounting software. Evaluate management s approach regarding identification of accounting software which have been considered for the purposes of maintenance of audit trail. Inquire with the management on how they evaluated changes required for the maintenance of audit trail as part of changes or upgrades to the accounting software. Where applicable, consider involvement of specialists/experts in field of IT to assist in evaluation of management controls and configurations in accounting software with regard to audit trail. 29
Audit Approach In case accounting software is supported by service providers, management and auditor may consider using independent auditor s report of service organisation e.g. Service Organisation Control Type 2 (SOC 2)/ SAE 3402, Assurance Reports on Controls At a Service Organization for compliance with audit trail requirements. It is expected that management ensures that the administrative access to the audit trail is restricted to authorized representatives. 30
Audit Approach Aspects of Accounting Software Auditor may consider following aspects of accounting software for the purpose of reporting: i. the software configuration that controls enabling or disabling of the audit trail and whether audit trail was enabled throughout the period. ii. the access to such configurations. iii. any changes to the audit trail configuration during the period of audit (during the financial year and also from the date of financial statements but before the date of auditor s report). iv. the periodic review mechanism implemented and operated by management for any changes to the audit trail configuration. v. the completeness and accuracy of audit trail or edit logs that are generated through the software functionalities or directly recorded in the underlying database vi. any testing management has performed to assess completeness and accuracy of audit trail. 31
Audit Approach In respect of preservation of audit trails: Inquire with management to understand the procedures implemented Review, on a sample basis, audit trail records maintained by management for each applicable year Unlike reporting on IFC, Rule 11(g) requires auditor to report that the feature of recording audit trail facility has operated throughout the year for all transactions recorded in the accounting software . Auditor is expected to evaluate reporting implications specifically giving due consideration to SA 250, Consideration of Laws and Regulations in an Audit of Financial Statements . 32
Audit Approach Expected Scenarios In respect of audit trail, following are likely to be expected scenarios: i. Management may maintain adequate audit trail as required by Account Rules. ii. Management may not have identified all records/ transactions for which audit trail should be maintained. iii. The accounting software does not have the feature to maintain audit trail, or it was not enabled throughout the audit period. Scenarios (ii) and (iii) mentioned above would result in a modified /adverse reporting under Rule 11(g). 33
Illustrative reporting: FY 2022-23 In respect of financial year 2022-23, where management has not been mandated to use accounting software with requisite audit trail facility, reporting can be as illustrated below: As proviso to rule 3(1) of the Companies (Accounts) Rules, 2014 is applicable for the company only w.e.f. April 1, 2023, reporting under this clause is not applicable. 34
Illustrative reporting: Standalone Financial Statements Unmodified Reporting Based on our examination which included test checks, the company has used an accounting software for maintaining its books of account which has a feature of recording audit trail (edit log) facility and the same has operated throughout the year for all relevant transactions recorded in the software. Further, during the course of our audit we did not come across any instance of audit trail feature being tampered with. Additionally, the audit trail has been preserved by company as per the statutory requirements for record retention. 35
Illustrative reporting: Consolidated Financial Statements Unmodified Reporting Based on our examination which included test checks and that performed by the respective auditors of the subsidiaries, associates and joint ventures/ joint operations which are companies incorporated in India whose financial statements have been audited under the Act, the company, subsidiaries, associates and joint ventures/ joint operations have used an accounting software for maintaining its books of account which has a feature of recording audit trail (edit log) facility and the same has operated throughout the year for all relevant transactions recorded in the software. Further, during the course of our audit we did not come across any instance of audit trail feature being tampered with. Additionally, the audit trail has been preserved by the company as per the statutory requirements for record retention. 36
Illustrative reporting: Consolidated Financial Statements Modified Reporting Based on our examination, which included test checks, and that performed by the respective auditors of the subsidiaries, associates and joint ventures/ joint operations which are companies incorporated in India whose financial statements have been audited under the Act, except for the instances mentioned below, the company, subsidiaries, associates and joint ventures/ joint operations have used an accounting software for maintaining its books of account which has a feature of recording audit trail (edit log) facility and the same has operated throughout the year for all relevant transactions recorded in the software. Further, during the course of our audit, we and respective auditors of the above referred subsidiaries, associates and joint ventures/ joint operations did not come across any instance of audit trail feature being tampered with. Additionally, the audit trail has been preserved by the Holding Company and above referred subsidiaries, associates and joint ventures/joint operations as per the statutory requirements for record retention. 37
Illustrative wordings for modified reporting Reporting under this Rule requires factual reporting. In case a company has exceptions in complying to Account Rules, auditor may use the language as given in examples below. Nature of exception Illustrative wordings 1. Audit trail feature was disabled for one of the books of account/ records or for an accounting software - (e.g., fixed asset software did not have audit trail) Based on our examination, the company, has used accounting software for maintaining its books of account which has a feature of recording audit trail (edit log) facility except in respect of maintenance of fixed asset records wherein the accounting software did not have the audit trail feature enabled throughout the year. Further, the audit trail facility has been operating throughout the year for all relevant transactions recorded in the software except for the instances reported below ... Further, during the course of our audit we did not come across any instance of audit trail feature being tampered with.. 38
Illustrative wordings for modified reporting Nature of exception. Illustrative wordings 2. Audit Trail feature is not operating effectively during the reporting period except that the audit trail feature of YYY software used by the company to maintain payroll records did not operate throughout the year .. ..except that no audit trail enabled at the database level for accounting software AAA (database SQL) and BBB (database db2) to log any direct data changes 3. maintained by third party and auditor is unable to assess whether audit trail feature can be disabled during the reporting period Accounting software is Based on our examination, the company, has used an accounting software ABC which is operated by a third party software service provider, for maintaining its books of account and in absence of [state the type of control report] we are unable to comment whether audit trail feature of the said software was enabled and operated throughout the year for all relevant transactions recorded in the software or whether there were any instances of the audit trail feature been tampered with. 39
Illustrative wordings for modified reporting Nature of exception. Illustrative wordings 4. The audit trail has not been preserved by the company as per the statutory requirements for record retention. .the audit trail has not been preserved by the company as per the statutory requirements for record retention Note: This illustration is relevant from 2nd year of reporting and onwards 5. Migration from one software to the other happened during the year or higher version of software installed and auditor is unable to obtain sufficient and appropriate evidence The Company has migrated to [name of the software] from [old software/ manual] during the year and is in the process of establishing necessary controls and documentations regarding audit trail. Consequently, we are unable to comment on audit trail feature of the said software. 40
Special Consideration in case of Fraud Scenarios An auditor may come across a scenario where occurrence of an error/ fraud could not be established due to lack of maintenance, availability/ retrievability of audit trails. In evaluating the severity of a deficiency for such instances specifically in cases of fraud, the auditor should primarily consider two factors the likelihood that the deficiency will result in a material misstatement, and the magnitude of such an outcome. This scenario would, in essence, call for performing an assessment of risk of material misstatement due to fraud and would consider both qualitative and quantitative factors in assessing a deficiency or combination of deficiencies as a significant deficiency or material weakness. It would accordingly require application of professional judgement while linking the reporting against Rule 11(g) and section 143(12) of the Act/ clause (x) of CARO 2020 (as the case may be). 41
Reporting under Rule 11(g) vis--vis Section 143(3)(i) Section 143(3)(i) of the Act, where applicable, requires the auditor to state in his audit report whether the company has adequate internal financial controls with reference to financial statements in place and the operating effectiveness of such controls. Guidance in this regard has been prescribed vide Guidance Note on Audit of Internal Financial Controls Over Financial Reporting (the Guidance Note) issued by ICAI. Guidance Note does not entail any detailed audit procedures in respect of reporting against Rule 11(g). Accordingly, where the feature of audit trail has not operated throughout the year, the auditor may need to appropriately modify his comment while reporting under Rule 11(g) depending upon the further testing/examination as may be required to conclude the wider impact on the reporting implication. 42
Obtaining Written Representation Auditor shall obtain written representations from management on the following aspects: Acknowledging management's responsibility for establishing and maintaining adequate controls for identifying, maintaining, controlling, and monitoring of audit trails on a consistent basis. Stating that management has performed an evaluation and assessed the adequacy and effectiveness of the company's procedures for complying to the requirements prescribed for audit trails. Stating management's conclusion, as set forth in its assessment, about the adequacy and effectiveness of the company's procedures w.r.t. audit trails. Stating that management has disclosed to the auditor all deficiencies in the design or operation of controls maintained for audit trails identified as part of management's evaluation. 43
Obtaining Written Representation Describing instances where identification of fraud, if any, resulting in a material misstatement to the company's financial statements is identified while reviewing and testing the samples related to the disablement of audit trail facility of the accounting software. Stating whether control deficiencies identified and communicated to the audit committee in relation to audit trail during previous engagements have been resolved, and specifically identifying any deficiency that have not been resolved. 44
Audit Documentation Auditor may document the work performed on audit trail such that it provides: A sufficient and appropriate record of basis for auditor s reporting under Rule 11(g); and evidence that audit was planned and performed in accordance with this Implementation Guide, applicable Standards on Auditing and applicable legal and regulatory requirements. In this regard, auditor may comply with requirements of SA 230, Audit Documentation to the extent applicable. 45
Practical Tips 1) No accounting entry shall be passed today, relating to past period, reflecting that it is passed in earlier period. 2) However, an accounting entry relating to past period can be passed today, reflecting clearly that it is passed today. 3) Rectification entries to be passed for any mistake in any entry already passed. 4) If audit trail is not there for part of year, qualification is mandatory. 5) JV should be passed for changes in opening entries for next year, if any.
Practical Situations 1) Cane management software, must have audit trail : Raw material consumed: monthly 2) Retail: B2C: Inventory management, must have audit trail : 3) Hospital : Operation management software: HMIS (Hospital management Information system) 4) SAP: Period 13 entries: Adjustment entries
Suggestions Ask the client that internal audit/monthly review is practically mandatory. Do ABC analysis of your fees & time involvement. Increase fees substantially, else say 'no'. Even if 70% client increases fees, you will gain. Even if 30% clients go, you will gain, as out of this 20% clients will come back with increased fees.
