By Tejas Goenka
Ease of Doing Business for MSMEs: The Ministry of Corporate Affairs (MCA) is continuously working towards driving transparency and strengthening the integrity of financial reporting in the business. The notification pertaining to the new audit trail rule is a step in this direction. This mandate is expected to be implemented from April 1, 2022, for companies that are registered under the Companies Acts in India. As per the notification “Every company which uses accounting software for maintaining its books of account, shall use only such accounting software which has a feature of recording audit trail of each and every transaction, creating an edit log of each change made in books of account along with the date when such changes were made and ensuring that the audit trail cannot be disabled.”
While this was supposed to be implemented in the financial year 2021-22, the objections and concerns rightly raised from all quarters of the business community led to the postponement of the rule. The authorities agreed that for effective implementation, institutional efforts needed to be put in to ensure that the entire ecosystem of professionals and businesses is ready for the same. However, even after a year, all the concerns persist and not much has been done to solve the issues. Unless these concerns are addressed, the notification’s intent is unlikely to be met, and businesses are likely to see an unnecessary increase in their compliance burden.
Challenges and implications of audit trail
Definition of change for audit log: There is a need for a clear definition of what would be considered ‘change’ while recording the edit logs. Today, an invoice and its journey (as per laws) to the point of ‘invoice becoming part of GSTN filing’ and every stage of the invoice must be tracked in the invoice document. Are all of them considered a discrete change for the audit log? Is marking a bank transaction as reconciled a ‘change’? Is adding an explanatory narration to a transaction a ‘change’? Is filling in the e-Invoice number a ‘change’? Is filling in the vehicle details a ‘change’?
Similarly, updating eWay Bill number, Transporters Waybill number, GSTIN of customer and supplier being updated or cancelled, PAN/TDS number of customer or supplier being updated, TDS payment made now being tagged to payment voucher or service invoice later, will all of these be considered changes and therefore become a part of the audit trail? Moreover, for a small business with just a few transactions per year, generating and maintaining this ‘audit log over 7 years or more’ implies a huge quantum of generated data. And as more data gets generated, they are more vulnerable to storage-related issues. The need for backups and preservation techniques by the business owner to remain ‘compliant and offer an untampered and undamaged audit log’ will become a nightmare.
Consideration of human error: While the audit trail aims to track, penalize, and discourage fraudulent changes in accounting entries, it does not consider the aspect of ‘human error’ involved in the subject. For instance, while making a sales entry of Rs 1,990, if the user makes a typing error of Rs 1,099, they will need to change the same afterwards to reflect the on-ground reality. An audit trail for such a trivial change as prescribed by the notification will have unintended consequences and lead to highly unproductive outcomes. Any model which relies on the tax officer’s intervention and increases the burden on businesses is likely to fail.
Excessive burden on businesses and auditors: The law mandates that the business owner as well the chartered accountant must endorse and undertake to the government that the business is audit trail compliant. However, owing to the lack of framework and ambiguity in the audit trail guidelines and definitions, any such undertaking would be flawed to present. The regulation needs to address this in the right manner so that honest meaning people are not penalized for aspects like lack of technical expertise, lack of clear understanding, etc.
Implementation challenges: With the nation finally limping out of the distress of the pandemic and importantly with GST implementation and adoption finally going well, mandating an audit trail might put the entire business ecosystem into disarray and create an additional compliance burden.
Challenges faced with software: Currently, there is a lack of a comprehensively published definition by the competent government authorities because of which any software provider’s claim to be audit trail compliant might not hold much value. In such a scenario, none of the involved entities can be held accountable, since the software provider delivered the feature perfectly, and the business owner/ auditor cannot be expected to be technologically enabled to detect/ avoid such hacking/ tampering with the application code.
Software feature can never be a guarantee
Software and its generated data are a combination of bits and bytes and all bits and bytes can be modified outside of the software which generated them. Businesses who will ‘assume compliance’ due to using a particular software may relax their regular controls in the mistaken belief that now the ‘compliant software will prevent mala fide tampering’ – putting not just their compliance at risk, but perhaps even their business at risk. This will be further compounded by compliance-related litigations when the generated audit logs are challenged by authorities since they are suspected to be wrong, while the business will claim that they used the ‘right software’.
Additionally, whether the software is ‘right or not’ is also just the claim of the software seller – with no corresponding ability to ‘prove why it is right since no software can claim that generated data is non-tamper-able and prove it to be so in all circumstances.
While there is no doubt that this mandate has the best intention for everyone and the country at its core, in its current state the implementation is only anticipated to cause more distress among the business community rather than meeting the intended purpose, further hampering their business operations. Hence, it is imperative that inputs from all stakeholders involved – the business community, chartered accountants, business associations and software companies are considered. The government should re-look or at least postpone the implementation till the foundational work is done right to ensure a successful implementation.
Tejas Goenka is the Managing Director at Tally Solutions. Views expressed are the author’s own.