Technology-Enabled Changes in the Audit Compliance Landscape in India

Posted by Written by Melissa Cyrill Reading Time: 5 minutes

We discuss how emerging technologies hold the potential to transform the field of auditing by leveraging software-as-a-service platforms as well as incorporating artificial intelligence, automation, drones, and more. Moreover, India’s corporate affairs authority mandates the adoption of specific software-enabled tracking, such as audit trails.


As we look ahead to the next five to 10 years, the audit space is undergoing significant changes, driven by three key factors. First, the evolving business landscape and changing client expectations are reshaping how companies operate. The increasing complexity of organizational structures and the rise of intangible assets, such as digital transactions, require auditors to adapt their methodologies to match these new realities.

Secondly, auditors themselves are redefining their roles to deliver more value and meaningful insights beyond traditional transactional reviews. They aim to provide comprehensive and relevant reports that go beyond mere financial data.

However, one of the most significant drivers of change lies in the third aspect—the evolving regulatory landscape. The Institute of Chartered Accountants in India (ICAI) and the National Financial Reporting Authority (NFRA) are actively focused on enhancing the quality of financial reporting and ensuring auditors deliver high-quality audit reports.

To achieve robust audit processes, regulators have been updating existing guidelines and introducing new standards. Compliance with auditing standards is crucial for building trust among users of financial statements and fostering a robust economy. This includes the introduction of the concept of the audit trail, which is now mandatory for certain types of organizations in India.

What is an audit trail?

An audit trail serves as a date and time-stamped record documenting the history and details of various events, transactions, and activities. Whether related to a transaction, work event, product
development step, control execution, or financial ledger entry, virtually any work activity or process can be captured in an audit trail, be it automated or manual. These trails take diverse forms in different fields, tailored to capture the unique focus areas of each domain. However, their core purpose remains consistent—to track a sequence of events and actions in chronological order. In today’s rapidly evolving IT and risk environment, organizations often rely on real-time or near real-time access to audit trails as part of their day-to-day operations.

Most information technology systems also maintain comprehensive audit trails for user activity, and some systems are designed to consolidate inputs from various sources, creating extensive audit trail data. The utility of audit trails is diverse, as they provide time-stamped records with varying levels of detail. While some may capture simple errors and basic details, others can be quite complex, requiring technical expertise to interpret. Audit trails are an invaluable tool utilized for a range of purposes within organizations, including supporting audits, access controls, financial statements, investigations, security, and other functions.

Purpose for business organizations

The purpose of an audit trail is multifaceted. It serves as a comprehensive and complete record, enabling businesses to track irregularities and identify process breakdowns when they occur. By maintaining an airtight audit trail, companies can effectively detect internal fraud by monitoring user actions related to the company’s data and information. Additionally, audit trail records are instrumental in identifying and addressing external data breach issues, which are becoming increasingly prevalent due to the rising threat of malware and ransomware crimes.

From a compliance perspective, audit trails are a requirement for many organizations. Publicly traded companies (listed entities), in particular, must have active audit trails to comply with SEBI Listing Agreement 2014 (Clause 49), which necessitates an annual audit by independent external auditors. An audit trail captures crucial details about transactions and processes, providing essential information for future reviews and root cause analysis.

The uses of audit trails are diverse, with audits being one of the most common applications. Whether for financial, IT, HR, or operational audits, an audit log provides crucial evidence for inspection and validation of management’s assertions. Audit trails are also employed to monitor access to sensitive data, investigate IT incidents, understand API transactions, track data deletions, and combat
cybersecurity threats.

While audit trails offer substantial benefits, their maintenance can be costly and challenging, especially for key systems involved in audits for listed companies, where organizations are required to retain at least a year’s worth of audit logs. Taking a risk-based approach can help organizations prioritize which audit trails are most critical for their operations and compliance requirements.

Key sectors that rely on audit trails include financial and accounting, manufacturing and product design, healthcare and medical information, clinical research data, IT tracking and data, e-commerce sales records, among many others.

The benefits of maintaining an audit trail are manifold. Accurate financial records supported by an audit trail build trust with investors and lenders, positioning the business for potential investments or loans. Increased efficiency, meeting compliance requirements, disaster recovery, and overall business integrity are among the other advantages.

Compulsory ‘audit trail’ and ‘edit log’ for all companies (including Section 8 companies) in India

The Ministry of Corporate Affairs had introduced the concept of audit trail through a notification dated March 24, 2021, to come into effect from FY 2023-24.

Applicability

Starting April 1, 2023, it is now mandatory for all companies in India, regardless of their size, including not-for-profit companies licensed under Section 8 of the Companies Act 2023 (or Section 25 of the Indian Companies Act 1956), to incorporate a built-in mechanism in their software that records an audit trail for every transaction. Thus, all companies under the Companies Act, including one-person-companies (OPC), small, dormant, and foreign companies, are required to maintain the audit trail in India.

Additionally, an edit log must be created for each modification made in electronically maintained books of account, capturing the date of such changes. It is crucial to ensure that the audit trail
always remains enabled and cannot be disabled. However, this requirement is not yet mandatory for public charitable trusts or societies registered under the Act of 1860. Similarly, limited liability
partnership (LLP) firms are also currently exempt from this obligation.

Using a third-party service provider

To ensure compliance, it is essential to check with your software service (SaaS) provider and verify whether the mentioned features are available in the software you are using. Additionally, if you rely on third-party service providers for any services offered to your company, have a discussion with them to determine the applicability of the Audit Trail functionality in their software.

Furthermore, engage in discussions with your auditors regarding these requirements or any other specific needs that will aid in achieving due compliance with this new mandate. Collaborating with all relevant stakeholders will help ensure a seamless implementation of the Audit Trail concept and adherence to the regulatory guidelines.

Penalty for non-compliance

If a company fails to meet the specified requirements, the managing director, the whole-time director in charge of finance, the Chief Financial Officer, or any other person charged by the management defined as per the provisions will be liable for punishment. The punishment entails a penalty ranging from INR 50,000 to maximum INR 500,000. Furthermore, auditors are obligated to disclose the non-compliance in their auditors’ report, making it transparent and accountable.

Emerging technologies driving audit innovation

Summary

To achieve robust audit processes, regulators have been updating existing guidelines and introducing new standards. In this dynamic environment, businesses and auditors alike must embrace these changes to stay ahead and foster a transparent and resilient economy.

About Us

India Briefing is produced by Dezan Shira & Associates. The firm assists foreign investors throughout Asia from offices across the world, including in Delhi and Mumbai. Readers may write to india@dezshira.com for more support on doing business in India.

We also maintain offices or have alliance partners assisting foreign investors in Indonesia, Singapore, Vietnam, Philippines, Malaysia, Thailand, Italy, Germany, and the United States, in addition to practices in Bangladesh and Russia.