Audit Trail Requirements: Applicability, Preservation & Auditor’s Reporting (Rule 11(g))
This note explains the audit trail requirements applicable from 1 April 2023 under Rule 3(1) of the Companies (Accounts) Rules, 2014, and the related auditor reporting responsibilities under Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014, including where preservation reporting currently stands as audits move into their third and fourth cycles under this rule.
Applicability of Audit Trail Requirements
The proviso to Rule 3(1) of the Companies (Accounts) Rules, 2014, provides that for financial years commencing on or after 1 April 2023, every company using accounting software to maintain its books of account must use software with a feature that records an audit trail of every transaction, creates an edit log of each change made to the books along with the date of the change, and ensures that the audit trail cannot be disabled.
Quick view (Applicability):
| Situation | Audit trail requirements applicable? |
|---|---|
| Books maintained using accounting software | Yes |
| Books maintained manually (no accounting software) | No |
Auditor’s Reporting Requirements (Rule 11(g))
Rule 3(1) places the obligation to implement audit trail features on management. Rule 11(g) places a separate, independent obligation on the statutory auditor to verify and report on that implementation. This creates a maker–checker structure: management builds and maintains the audit trail; the auditor tests and reports on it. Reporting on this compliance sits alongside but separately from the auditor’s reporting on internal financial control over financial reporting (IFCoFR), where applicable. The three specific reporting requirements are:
Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014
“Whether the company has used such accounting software for maintaining its books of account, which has a feature of recording an audit trail (edit log) facility, and the same has been operated throughout the year for all transactions recorded in the software and the audit trail feature has not been tampered with and the audit trail has been preserved by the company as per the statutory requirements for record retention.”
Section 143(3)(b) of the Companies Act, 2013
“Whether, in his opinion, proper books of account as required by law have been kept by the company so far as appears from his examination of those books and proper returns adequate for the purposes of his audit have been received from branches not visited by him.”
Section 143(3)(h) of the Companies Act, 2013
“Any qualification, reservation, or adverse remark relating to the maintenance of accounts and other matters connected therewith.”
Unmodified Reporting When Audit Trail Is Maintained
Where a company maintains its books in accounting software with audit trail requirements adequately met, current practice following ICAI’s Implementation Guidance on Reporting on Audit Trail under Rule 11(g) (Revised 2024 Edition) is for the auditor to report along these lines:
“Based on our examination carried out in accordance with the Implementation Guidance on Reporting on Audit Trail under Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014 (Revised 2024 Edition) issued by the Institute of Chartered Accountants of India, which included test checks, we report that the company has used an accounting software for maintaining its books of account which has a feature of recording an audit trail (edit log) facility, and the same has operated throughout the year for all relevant transactions recorded in the software. Further, during the course of our audit, we did not come across any instance of the audit trail feature being tampered with.”
Reporting on Preservation of Audit Trail Logs: Where This Stands Now
Preservation reporting has moved on since the rule’s first year. For financial years ending 31 March 2025 and 31 March 2026, auditors are, in practice, now expected to assess and report on whether the audit trail has been preserved by the company in accordance with statutory record retention requirements this is treated as a standard part of Rule 11(g) reporting for current-cycle audits, not an optional add-on. Auditors reviewing FY 2025-26 financial statements should expect preservation to be tested and reported on as a matter of course.
For context, in the rule’s first year of applicability, preservation reporting was widely treated as not yet due, since there was no prior-year audit trail to have preserved. The originally issued guidance for that first year read as follows and is retained here as a historical reference point for anyone comparing older audit reports against current ones:
“As the proviso to Rule 3(1) of the Companies (Accounts) Rules 2014 is applicable from 1st April 2023, reporting under Rule 11(g) of the Companies (Audit and Auditors) Rules 2014 on preservation of audit trails as per statutory requirements for record retention is not applicable for the financial year ending 31st March 2024.”
Update note: From FY 2024–25 onwards, preservation of audit trail logs is now routinely considered and reported on as part of Rule 11(g) reporting, in line with statutory record retention expectations. Companies and auditors relying on the FY24 position above for current-year (FY 2025-26) audits should not treat it as still applicable.
Quick view (Preservation reporting timeline):
| Financial year | Preservation reporting under Rule 11(g) |
|---|---|
| FY ending 31 March 2024 | Not applicable (first year of the rule no prior-year audit trail existed to preserve) |
| FY ending 31 March 2025 | Applicable preservation routinely tested and reported |
| FY ending 31 March 2026 and onwards | Applicable treated as standard Rule 11(g) reporting practice |
Reporting When Books Are Maintained Manually
Where a company maintains its books of account manually not electronically through any accounting software — there is no requirement to comply with audit trail provisions. In such cases, reporting for Rule 11(g) may read as follows:
“The Company is maintaining its books of account manually during the year. Consequently, the company is not required to comply with the provisions related to audit trails and reporting under Rule 11(g) of the Companies (Audit and Auditors) Rules 2014, which is not applicable.”
How Auditors Actually Test Audit Trail Compliance
Rule 11(g) reporting is not a box-ticking exercise based on management’s word; auditors are expected to independently verify each element. In practice, this typically involves:
- Non-configurability testing: confirming the audit trail feature cannot be disabled or altered by users, often with input from IT specialists reviewing system configuration. See our note on IT general controls (ITGC), which underpin this testing.
- Operation-throughout-the-year testing: sample-checking transactions across the year, rather than only at year-end, to confirm the feature was active continuously.
- Walkthroughs of the accounting software: tracing sample transactions through the system to observe the edit log in action; see our guide to audit walkthroughs.
- Materiality-driven scope: the extent of testing is calibrated to the auditor’s overall materiality assessment under SA 320 for the engagement as a whole.
Where any of these tests reveal gaps, a feature that can be disabled, a period where the audit trail was not operational, or preservation records that fall short of retention requirements, the auditor is required to modify the Rule 11(g) reporting language accordingly, which can also flow through to the Section 143(3)(h) qualification.
How MBG Corporate Services Can Help
Our internal audit and financial reporting and assurance teams help companies confirm their accounting software genuinely meets Rule 3(1) requirements well before year-end and support statutory auditors with the testing evidence needed for Rule 11(g) reporting, reducing last-minute audit trail queries during fieldwork. Where audit trail gaps tie into broader control weaknesses, our internal financial controls practice can help remediate before the next audit cycle.





