Indian Ministry of Corporate Affairs(MCA) Update: Mandatory use of audit trails for SAP Users from 01 April 2021
Are you compliant with the new amendments this financial year?
From the Source: The Indian Ministry of Corporate Affairs issued a notification dated March 24, 2021, under the Companies (Accounts) Amendment Rules, 2021 stating that for the financial year commencing on or after April 1, 2021, companies that use accounting software for maintaining their books must use software that allows it to record an audit trail of every transaction.
To reflect a laudable intent of the government to bring in more transparency and improve compliance, the MCA started this financial year with a big announcement which has four major aspects;
- Companies must have compulsorily audit trails and transaction logs in their accounting software from the 1st of April 2021.
- Any edit made in the books must be recorded by the date.
- Companies must ensure that the audit trail is not disabled.
- Companies are required to maintain the logs throughout the financial year.
What is an Audit Trail?
Audit trails are nothing but the process of recording the user transactions either manually or electronically. However, audit trails are more effective if they are electronic and real-time as it provides a “baseline” for analysis or an audit when initiating an investigation. These transactions are recorded chronologically with the proper edit log of any modifications made in the books. In the absence of logging and monitoring of user activities, vulnerabilities will occur if the critical risk events are not logged off properly and the systems are not under monitoring. Moreover, lack of logging and monitoring makes the process to detect malicious activities harder and may result in revenue losses.
What does this Amendment promise?
The new rules require auditors to play a stronger role in assessing how companies maintain their books of accounts. Experts say the move will help curb back-dating of transactions and will position the auditors in a much stronger role with the responsibility to review and report the controls. The amendment was brought to existence for the following reasons;
- System Transparency: The audit trail will bring transparency in transactions and will create a surge in tax revenue collection. This will boost the economy and significantly reduce the possibilities of the parallel black economy.
- User Accountability: Appropriate user behavior can be expected after implementing audit trails as the user knows that their actions are automatically recorded and tied to their unique identity.
- Reconstruction of Events: When an investigation is warranted or triggered, the first step to remediate a problem is knowing the "when,” “how," and "what". Visibility into this information can aid in problem detection and prevent future occurrences of things such as unauthorized access, frauds, SOD Conflicts, or corruption of information.
- Intrusion Detection: Unauthorized access is a serious problem for most systems and audit trails aid in identifying suspicious behavior or actions.
- Minimizing Fraud: With the launch of GST e-invoicing for businesses and this new rule about accounting software having an audit trail, the government has shown it is serious about minimizing fraud. This will also mitigate the risks arising from unverifiable transactions and help the government protect its own revenues.
- Other Problem Identification: Real-time monitoring can be used to automate audit logs and identify problems that indicate system implementation issues, operational issues, unusual or suspicious activities, or system and operator errors.
Challenges the companies will face?
Many companies are considering this change as the impact on their compliance cost. Others are worried about how they can address this on such short notice. Following are some of the common concerns companies might consider during this transition are;
- While the audit trail aims to track, penalize, and discourage fraudulent changes in accounting entries, it is important to note that there is an aspect of ‘human error’ also involved in this subject.
- Although from an accounting and control perspective, audit trail has existed for decades, businessmen, as well as the accounting community supporting them, do not fully understand the same.
- The order mandates an implementation from the 1st of April 2021, which is less than a week from when the order was announced. Such rushed enforcement can trigger panic, mistrust, and resistance from businesses.
- This shall certainly increase the cost of compliance and pressure on the accountants’ community.
- To make the whole ecosystem ready and prepare all layers of professions for a successful and collaborative implementation of the audit trail in the Indian business community will need time.
Security Weaver to the Rescue
Security Weaver's Transaction Archive has it all. Security Weaver understands that the ability to follow records back to their origin provides numerous benefits, including transparency and data security for compliance, record integrity and accuracy, protection against unauthorized access, and security of sensitive or vital information. Our Transaction Archive is an intelligently designed software module that can be deployed in a couple of days and can maintain a flawless audit trail of every transaction any user makes in SAP. With Transaction Archive, customers can reap the following features;
- Detailed User Analytics Report
- Effective and Cost-Efficient Compliance
- Data Compression Architecture
- RFC Monitoring and Analytics
- Role Efficiency Reports
- Customizable reports and data files
- Identification of SOD Conflicts
Reference & Source Links: