The Ministry of Corporate Affairs (MCA) amended the Companies (Accounts) Rules, 2014 to require that all companies (except OPCs and small companies below certain thresholds) use accounting software that maintains an audit trail — a feature-level requirement that most off-the-shelf software either does not support or has disabled by default.
The requirement came into full effect from April 1, 2023 and applies for financial statements from FY 2023-24 onward. Auditors must report on audit trail compliance in their statutory audit report.
What Is an Audit Trail?
Under Rule 11(g) of the Companies (Audit and Auditors) Rules, an audit trail means:
A feature in accounting software that:
- Records every transaction in the books of accounts
- Ensures that the edit log of each transaction is maintained
- Captures the date and time of every creation, modification, and deletion
- Identifies the user who made each change
- Ensures the audit trail cannot be disabled or tampered with
The audit trail must be retained for 8 years from the end of the financial year, consistent with book-keeping requirements.
Regulatory Framework
| Regulation | Requirement |
|---|---|
| Rule 3(1) of Companies (Accounts) Rules | Accounting software must record audit trail |
| Rule 11(g) of Companies (Audit and Auditors) Rules | Auditors must report on audit trail usage |
| ICAI Guidance Note | Specific reporting standards for audit trail |
| Section 143(3)(j) | Auditor must state whether audit trail is maintained |
Auditor Reporting Responsibility
Your statutory auditor must report:
- Whether accounting software has audit trail feature
- Whether audit trail was enabled throughout the year for all transactions
- Whether the audit trail has been preserved and not altered
- Whether backup of audit trail is maintained as required
If any of these are negative, the auditor must qualify or emphasize in their audit report — which has material consequences for:
- Lending decisions by banks
- Regulatory assessments
- Future fundraising and investor due diligence
Common Non-Compliance Scenarios
The most common failure: audit trail feature exists in the software but was disabled by the IT administrator (often for performance reasons or data correction convenience). This is treated as non-compliance even if the feature is available.
Scenario 1: Using Excel or Custom Software
Many SMBs maintain accounts in Excel or legacy in-house software. These invariably lack an audit trail feature. If accounts are prepared in Excel and then imported into accounting software, the underlying data manipulation is undetectable.
Remediation: Migrate to compliant accounting software (Tally Prime with audit trail enabled, SAP Business One, Oracle NetSuite, Zoho Books). Maintain minimum documentation of the migration.
Scenario 2: Shared Login Credentials
Audit trail logs user names per transaction — but if 5 people share the "Admin" login, the trail is meaningless.
Remediation: Create individual user accounts for every employee who accesses the accounting system. Role-based access control (RBAC) is essential.
Scenario 3: Year-End Data "Clean-Up"
Finance teams sometimes delete erroneous entries or correct figures at year-end. If tracking these edits reveals them, the audit trail works correctly. If edits bypass the system, it is non-compliance.
Implementation Checklist for Management
- ☐ Identify all accounting software used across the company and subsidiaries
- ☐ Verify audit trail feature is available in current software version
- ☐ Enable audit trail and confirm it cannot be disabled without board resolution
- ☐ Review user management — every user must have unique login
- ☐ Configure user roles to reflect actual access requirements
- ☐ Implement automated daily backup of audit trail logs (offsite or cloud)
- ☐ Review a sample of audit trail logs quarterly
- ☐ Prepare a management representation letter for the auditor confirming compliance
- ☐ Ensure sub-ledgers and integrated systems (payroll, inventory) are also covered
Cloud-Based vs On-Premise Accounting Software
Cloud-based software (Zoho Books, QuickBooks, Tally on Cloud) typically maintains audit trails automatically with version history. Your responsibility is to ensure the vendor provides a data export of the audit log periodically.
On-premise software (Tally Prime, SAP B1 on-premise) requires the IT team to explicitly enable the audit trail feature and configure backup.
What Happens If Non-Compliance Is Discovered?
- Auditor issues a qualified report under Rule 11(g)
- ICAI may review the audit quality
- ROC can call for explanation from directors
- In serious cases (fraud suspicion), SFIO (Serious Fraud Investigation Office) can be invoiced
- Restatement of financials may be needed if data integrity is compromised
Is your accounting software audit-trail compliant?
We conduct audit trail readiness assessments and work with your IT team to ensure your software is compliant before your statutory audit begins.
Schedule an Assessment