Blog Series: 4 Catastrophes a Good Audit Trail Can Help You Avoid
Post 3 of 3
4. Compliance infractions.
Infractions of compliance standards can lead to all sorts of negative business outcomes like lost contracts, penalties, and even fines. Audit trails can help to avoid these infractions.
The Defense Contract Audit Agency (DCAA) is an example of one organization that publishes compliance standards. Contractors working on defense contracts must meet some stringent requirements. While the DCAA standards are wide-ranging, two important focus areas have to do with timekeeping and cost allocations. Audit trails provide an important mechanism for contractors to demonstrate compliance in these areas. For instance, an audit trail can provide evidence that the hours billed for labor indeed are the hours worked and recorded.
The requirement for audit trails can even pop up in some potentially unexpected places when it comes to compliance standards. For instance, the HIPAA Act includes language mandating audit controls for healthcare providers, as organizations storing sensitive patient information are required to have “mechanisms to record and examine activity in informations systems that contain or use electronic protected helath information.” (HHS.gov)
Putting the audit trail to work for you
It’s easy to take the audit trail for granted, but in order for the audit trail to help you avoid the messes discussed in this series, you need to make sure:
- You have one.
- It’s properly set up.
- You, or somebody you trust, knows how to use it and checks it regularly.
You might assume that all new accounting software includes audit trail functionality, but there are, in fact, quite a few commercially available programs that lack it. Because audit trails record every action that creates or alters an accounting record, they produce an enormous amount of data. The additional data requires more server resources. For that reason, audit trails often aren’t included in many lower cost Cloud solutions, in which the provider is the software host and supplies the computing resources. (Note: More robust Cloud solutions will include audit trail functionality.) Inexpensive Cloud solutions are not the only software choices that can lack audit trails. Whether you are shopping for a SaaS or on-premise accounting system, it’s a feature whose presence you’ll always want to verify.
Even if your software offers audit trail functionality, it frequently will need to be configured. In some programs you may actually even need to specifically enable the audit trail. You may also want to adjust the amount of detail that is captured in each audit trail log-record. Finally, it’s critical that only approved users have the ability to affect the audit trail. If unapproved users can turn the audit trail on and off, the only thing it may be providing is a false sense of security. Tapping your software support provider for best practices on audit trail configuration is never a bad idea. It can save you from a significant amount of grief later.
The audit trail gives you an important tool for detecting fraud, but it only works if you use it. Monitoring audit trails on a regular basis—with special attention paid to reviewing changed and deleted/voided records—is an easy way to improve your company’s financial security profile. A certified external audit provides an even higher degree of confidence in the integrity of your records, of course, but it also comes at an expense. Depending on your company’s risk profile, whether that is a warranted expense—and how often it’s warranted—will vary. But ultimately whether your auditing procedure is internal or external, one thing that remain constant is the benefit audit trails can provide toward safeguarding your finances.
Adam Bluemner is a Project Specialist Manager at Find Accounting Software. He and his colleagues have been helping businesses like yours find top field service software options since 1996.