What is audit-proof archiving?
GoBD-compliant document archiving
Archive documents in a legally compliant manner
Companies are required by law to store business-related documents in accordance with defined criteria. This includes documents such as invoices, receipts and contracts. However, efficient digital archiving is also essential these days in terms of data security. Audit-proof archiving provides companies with the tools they need to meet these requirements. .
Contents
What is audit-proof archiving?
Audit-proof archiving means that a document is stored in such a way that it is protected against changes. The document is available for a specified period of time in the state in which it was initially received by the company. If changes are made to the document, this is done on a copy of the document – the original remains untouched.
Audit-proof archiving is an important process in terms of legal and regulatory requirements relating to the verifiability and traceability of data. These criteria must be met, as business documents are subject to certain retention periods that companies must adhere to when archiving them.
Examples of retention periods for tax-relevant documents*
For example, a 6-year retention period applies to tax-relevant documents such as
- Contracts,
- Order confirmations,
- Insurance policies and
- Reminders.
A retention period of 10 years applies to documents such as
- Annual financial statements,
- Inventories,
- Opening balance sheets and
- Invoices
What does GoBD mean?
The principles for digital archiving are set out in the GoBD. The abbreviation stands for principles for the proper keeping and storage of books, records and documents in electronic form. The GoBD applies to companies, freelancers and the self-employed.
To enable audit compliance in accordance with GoBD, the document management system (DMS) used must fulfill the following archiving principles:
- Traceability and verifiability
- Completeness
- Correctness
- Order
- Timely bookings and records
- Immutability
Why must archiving be audit-proof?
Here are the most important reasons why companies need a document management system with the option of audit-proof archiving.
Meet legal requirements
Companies must adhere to legal regulations and compliance standards that require audit-proof archiving. This includes laws such as the General Data Protection Regulation (GDPR) or industry-specific regulations.
Provability
Audit-proof archiving ensures that information cannot be changed retrospectively. This is crucial to ensure the verifiability of data in the event of legal disputes or audits.
Integrity and authenticity
Audit-proof archiving ensures that data remains unchanged and tamper-proof throughout its entire life cycle. This helps to maintain the integrity and authenticity of the data.
Long-term storage
A lot of information has to be stored for long periods of time, either for legal reasons or for historical purposes. Audit-proof archiving ensures that this data remains accessible and readable for many years to come.
Data security
By ensuring that data is archived in an audit-proof manner, companies can minimize the risk of data loss, corruption or manipulation, which in turn strengthens the trust of customers, partners and regulatory authorities.
Overall, audit-proof archiving is an indispensable part of information management for companies and organizations to ensure the integrity, availability and provability of their data.
Advantages of audit-proof archiving for companies
Legal certainty
Customizable rights concept
Simple integration into existing systems
Legal certainty
The GoBD and the GDPR (keyword “data protection”) provide clear rules for companies by regulating the handling of documents and personal data. A document management system with the option of audit-proof archiving helps those affected to adequately comply with these rules. The different deadlines that apply to the different document types can also be easily taken into account.
Customizable rights concept
Not every document should be able to be viewed or even edited by every employee. A customizable rights concept makes it possible to distribute access and editing rights so that the documents are optimally protected.
Simple integration into existing systems
Archiving software that enables audit compliance can be easily integrated into the existing IT system landscape. Thanks to interfaces to various applications, documents can be easily integrated and archived in an audit-proof manner if required.
Which documents must be archived in an audit-proof manner?
Whether a document must be archived in an audit-proof manner depends on various factors, including the industry-specific requirements and legal regulations that apply to the company. In general, the documents that often need to be archived in an audit-proof manner include the following types:
Financial documents
Financial documents include, in particular, accounting documents, annual financial statements, tax returns, invoices, receipts, pay slips and other financial records.
Contracts and agreements
All contracts with customers, suppliers, partners and employees should be archived in an audit-proof manner to ensure the integrity and authenticity of the agreements.
Business correspondence
E-mails, letters, memos and other written communication that are important for the business should also be stored in an audit-proof archive.
Compliance documents
Legal and regulatory documents such as licenses, permits, certifications and other proof of compliance.
Personnel files
Application documents, employment contracts, performance appraisals, training documents and other information about employees should be archived in an audit-proof manner. This means that employees’ privacy can be better protected.
Transaction records
All records of business transactions, including sales receipts, payment receipts and transaction logs, should be archived in an auditable manner to ensure the integrity of business transactions.
Technical documentation
Patents, technical specifications, research reports and other technical documentation should be archived in an audit-proof manner in order to protect intellectual property and ensure the authenticity of technical data.
Find out how you can manage your documents in digital files.
Audit-proof archiving with a document management system
A document management system (DMS) is the foundation for the digital workplace. It contains the digital archive in which all of the company’s relevant documents are stored. Digital archiving is therefore not isolated software, but part of a DMS. The typical life cycle of a document in a DMS or Enterprise Content Management System (ECM) is shown below:
The ability to archive in an audit-proof manner is generally a basic requirement for modern DMS in order to meet the requirements of companies. Otherwise, legal requirements for archiving documents cannot be met.
*Note: This article does not constitute legal advice on the correct archiving of business documents. The exact requirements may also vary depending on the country, industry and type of company. It is important to consider applicable laws and regulations and possibly consult legal or industry experts to ensure that audit-proof archiving meets the required standards.