Audit Trails

• Edits in the application post posting of the transactions (eg. Inovice Posting).
• Any deletions possible in the application post posting of the transactions (eg. Inovice Posting).
• Audit Trails available for the master related changes (Customer Master, Vendor Master, Employee Master, etc.
• Backend changes / direct database level changes.
• Review of entire dump of the change log table / masters for the changes done.
• Whether Management has formally reviewed the Audit Trail Logs.
• Backup maintained for Audit trail. Going forward for 8 years.
• Audit Trail configuration security (cannot be modified or disabled) and Access restrictions.
• Completeness and Accuracy of Audit Trail and Edit logs, how ensured by Management.
• Needed for outsourced services as well – SOC1 Type 2 reports to be obtained.
• Applicable for Section 8 – Foreign Companies.
• Monitoring of Audit Logs
• SOC1 reports should be covering the Audit Period.