What is audit-security?
The term audit-security applies to electronic archiving systems in Germany, concerning the compliance with requirements of commercial and fiscal law
The term was coined by Ulrich Kampffmeyer in 1992 and universally published by the VOI in a “Code of Practice“ in 1996.
Audit-security is oriented to the understanding of the audit and does not refer to single components but to complete solutions. It is an important part for the compliance of information systems.
In practice, audit-security means a forgery-proof, long-term archiving of electronic information.
According to the German Commercial Code audit-proof archiving refers to:
- Correctness: A uniform archiving process shall be defined.
- Completeness: Every piece of information available in the original shall be archived.
- Security of the overall process: Topics are exceptional rules and logging.
- Protection against changes and falsification: It shall be ensured that the digital copy is congruent to the original.
- Protection against loss: The digital copy shall be available for the tax authorities in readable form until the end of the retention period.
- Usage only by authorized users: A strictly regulated access is necessary to prevent loss and falsification.
- Compliance with retention periods: It shall be ensured that all archived documents are still readable in 10 years time or more.
- Documentation of the process: Not only invoices and business letters have to be kept, but also a protocol – who has worked on this document and when.
- Traceability: All activities shall be comprehensible.
- Verifiability: It shall be possible at any time to check the trouble-free functioning of the used archive.
Audit-security with inPuncto ECM software
Examples of the audit-security with inPuncto ECM software:
- Completeness of the invoice (UStG §14) Invoice-relevant details according to §14 UStG are automatically read out by the inPuncto server for the processing of documents of the incoming mail, synchronized with SAP master data and made available to the users via SAP workflow. In the workflow management tool biz2Document Control the completeness of these values is checked– if necessary values that have not been read out automatically are completed. However, if details are missing on the invoice, the authorized user has the possibility to reject the invoice (Optional: up to the automatic notification of the invoice issuer). Learn more about the solution “electronic processing of invoices in SAP”
- System-based rules for the auditing and releasing of invoices (AO) Your signature regulation with a wide variety of competences like asset/object, project, finance, etc. is maintained in a clearly traceable form in SAP™. According to the character of the invoice it takes the clear way that has been pre-defined- of course with all reminder, escalation and absence regulations that ensure the process flow. Learn more about the solution “automated audit of invoices of different receipts”
- Traceability (GoBD) The process “who has to be involved in which role” is controlled via SAP. The entire process of releasing/approving invoices or outgoing orders for example is logged. At any time you have full transparency about where the document is that has to be approved, which status it has and what the further processing looks like.
- Audit-security of the archiving (GoBD) The archiving is carried out via the standard interfaces and protocols of SAP: interfaces: SAP-HTTPContentServer (also HTTPS), SAP-RFC(s), ABAP, ABAP-OO. If the data is then stored on worm-able media and optionally a crypto technique of inPuncto (e.g. biz²CryptoServer) is used, important requirements for audit-proof archiving are met.