The legal requirements for audit-proof archiving regulate how documents and records are to be stored in a company. We explain to you what you need to pay attention to.
What does audit-proof archiving mean?
The term audit safety refers to the aspect of safety during an audit. An audit involves the review of documents stored in a company. In doing so, the review is carried out for a defined past period of time. For an audit to be carried out properly and completely, it is necessary that all documents are available in their original form. Revision-proof archiving ensures that files remain unalterable and thus guarantees revision security. Manipulating documents is therefore impossible.
Archiving documents in an audit-proof manner is a prerequisite for meeting the legal requirements of the GoBD. In the case of an operational control or tax audit, auditors, experts and tax officials require complete and comprehensible documentation. Archived documents must be stored in electronic form in an audit-proof manner so that auditors can still view them in a traceable manner after several years.
The GoBD’s guidelines for revision security apply to all archiving. It does not matter whether physical or electronic documents are involved. These include documents relating to the trade, invoices, receipts, delivery bills, business reports, contracts or records. Companies have the obligation to maintain an audit-proof archive.
Overview of the principles of legally compliant archiving
The archiving of documents is based on the principles for the proper management and storage of books, records and documents in electronic form as well as data access (GoBD). The following list clearly shows the most important legal requirements for GoBD-compliant document management.
The documents subject to retention must:
- be correct and complete.
- be promptly recorded.
- Secure overall processes.
- Document procedures and processes.
- be loss-proof.
- be safe from subsequent changes.
- be usable only by authorized persons.
- comply with retention periods.
- be traceable and testable.
- be available in an orderly manner.
The requirements for audit-proof archiving can be found in the GoBD.
GoBD regulates revision security
The GoBD regulate the requirements for audit-proof archiving. The Federal Ministry of Finance created the regulations in 2015 and expanded the GoBD’s requirements for archiving documents at the beginning of 2020. New is the option of electronic archiving in a cloud and scanning documents with a smartphone. Further principles for a GoBD-compliant archive can be found in the German Commercial Code (HGB §239 and §257) and in the German Fiscal Code (AO §146 and §147).
Who is obligated to audit-proof storage?
The guidelines for the electronic archiving of documents apply without exception to all companies in Germany that make a profit. It does not matter whether it is a small business or a corporate group. Even freelancers and self-employed persons cannot avoid audit-proof archiving. The rule-compliant archiving provides for a retention period of at least ten years.
Which method is used to determine if the profit is irrelevant. As soon as an entrepreneur is obliged to pay sales tax, he must also meet the requirements for storage and audit-proof retention.
Excluded are private individuals and professionals in employment as long as they do not generate their own income from profits through a trade. Persons who lease or rent out land or real estate can also do without an audit-proof archive. They also fall into the private sector.
Who is responsible for revision security in the company?
Archiving documents correctly and guaranteeing retention periods is first and foremost a task for the management in every company. In addition, employees in departments with administrative tasks are responsible for the work of orderly IT-supported accounting systems. They archive paper documents and increasingly also digital documents in an audit-proof manner in the company’s archiving system. Other accounting activities include the digital archiving of tax-relevant documents and process documentation.
IT departments are also under obligation. They set up electronic file storage systems or install new software to record information for audit compliance.
In principle, however, every employee in the company is responsible and obliged to correctly archive documents and information in accordance with company guidelines. As soon as employees find an invoice in their mailbox or want to provide evidence of a business trip, the focus shifts to document storage. They are obliged to forward the documents at least to the responsible department. It is clear that every person in the company must ensure that data is archived in an audit-proof manner.
How does audit-proof documentation work?
In order to ensure audit compliance, companies are faced with a number of tasks. The following overview once again summarizes measures that deserve full attention in the context of documentation and archiving.
- Obligation to keep records for at least ten years
- Documentation of all tax relevant processes
- Creation of process documentation
- Recording of the accounting software used
- Documentation of personnel responsibilities
- Proper storage of documents (with document numbers)
- Real-time recording of business processes and incidents
- Regular control of GoBD-compliant digital archiving
- Storage of all business documents in an archive system (complete, secure, Correct, orderly, traceable)
- Adequate security measures against possible data loss
- Pitfalls of electronic archiving
But what happens if documents subject to retention are not archived in an audit-proof manner or information even disappears? In the absence of an electronic archive and GoBD-compliant archiving, tax officials estimate the company’s income and expenses. As a result, the calculated profit also differs from reality because it is higher. Retroactively, this results in high additional tax payments. You should therefore always ensure that information is archived in an audit-proof manner so that it is recognized during audits.
Where is information archived in an audit-proof manner?
The paperless office, e-mail archiving and electronic archiving systems are now part of our everyday work. In order to ensure audit compliance and meet requirements for audit-proof storage, documents must therefore be archived correctly. Which storage locations are suitable for digital documents?
In addition to stationary file folders, GoBDs also allow data to be backed up in the cloud. A prerequisite for using the cloud is data security. In addition, changes to documents must remain fully traceable. The retention periods in TeamDrive can be configured individually.
The TeamDrive software therefore makes it possible to fulfill all requirements for audit-proof archiving. End-to-end encryption means that only authorized persons are granted access to confidential company data and documents in the cloud. This makes it impossible to manipulate or delete important information.
In addition, an intelligent storage system ensures that each file version is securely stored and remains retrospectively possible to be audited. But how can auditing acceptability be ensured here? One solution is offered by the history and the non-erasable audit trail of TeamDrive. It archives all company incidents and tax-relevant business processes.