The auditors usually examine the documents, computer files, and other records during an audit to determine the history of transactions and how these have been performed/handled by the company.
An audit trail can be effectively implemented if prior coding schemes have been implemented for digitalization purposes.
Configuring an effective audit trail system
This should be preferably designed by a Cross-functional team and enable the accomplishment of the following objectives:
· The type of transactions, actions, and data that need to be audited is well defined, whether for native built-in ERP solutions or bought-out software,
· The audit tools /software of the 3rd party is appropriate and meets requirements to track, log, and report on the audit trails and can be easily integrated with the company’s ERP system.
· Audit trails must be protected and secured with appropriate access controls and data protection policies aligned to security protocol
· The selected audit trail solution must enable integrity, accuracy and security of design and drawings, and other data.
An approach for developing coding schemes is given in chapter 9 of my handbook, and this article would focus only on configuring audit trails,
The following 13 activities must be performed to configure the audit trail for the three design functions.
1. Consolidate and provide users and IT equipment-related inputs to IT/ERP teams
· List of Designers (also called users here)and designer’s employee codes,
· User’s level
· User’s position
· List of vendors, customers, and other business associates who access the functional software
· User’s location, including remote location
· IT equipment /computer /workstation unique serial number assigned to users and their respective locations,
· Types /structure of audit reports required.
· List and types of documents for design /drawings (annex 22A & 23A in the handbook
2. Refer to authorization profiles vis a vis following:
· Core design processes and activities (Refer to 1125 profiles given in annex 30A)
· Statutory processes and activities (Refer to 325 profiles shown in annex 30A)
· Configuration tables and fields (Refer to 95 profiles shown in annex 30A)
· Master data tables and fields (Refer to 280 profiles shown in annex 30A)
· supporting processes & associated activities such as Carrying out the risk assessment, assigning access rights, and all other supporting processes for design functions.
The list of profiles, of course, can be expanded as required.
3. In consultation with the Cross-functional team, the Internal Audit team, Finance, and Accounts teams propose features of “Audit Trail Software,” such as below, that need to be incorporated into the audit trail software.
· The username (Designer’s name) who accessed the system along with level, position, and design function
· The date and time when the system was accessed.
· The duration (hours, minutes, seconds) of each such access.
· The computer, terminal, machine, device name, and unique number are used for access.
· Particulars of the workflows/ core design processes, statutory processes configuration tables, master data tables, data tables, and documents that were accessed along with “fields” accessed.
· changes, if any, that were made to the above-listed aspects
· The planned duration of keeping audit trailed data (days/months/years) per the company's IT policy.
· Triggering communications to Architects or interior designers, or MEP designers as applicable owners for initiating countermeasures
4. Configure the operating system (OS) of the ERP system by the IT team to include audit trail features.
5. Alternately negotiate and procure “Audit Trail Software,” as per required features meeting the needs of all functions
6. IT team to install “Audit Trail Software,” procured in the development server
7. Test “Audit Trail Software,” pilot data of each respective function in the test server
8. Obtain training from the IT team/ERP specialists for performing audit trails.
9. Transfer “Audit Trail Software” to the live Production Server for generating audit trails.
10. Perform audit and submit audit trail-related findings/reports to the Designer’s HOD.
The audit trail software must be configured to enable an audit trail of any of the following transactions performed (including changes made) during a specified period by any designer vis a vis the following numbers identified in the handbook and expandable as required. :
§ Any of 225 Core design activities listed in chapters 1,2,3 of the handbook and annex 21A(2), 21A(3), 21A(4), at my website)
§ Any of 56 statutory activities are applicable vis-a-vis 325 authorization profiles (chapter 4 of the handbook and annex 21B).
§ Any field choices in 3 configuration tables vis a vis (chapter 5 of the handbook and list of t configuration tables in annex 24E).
§ Any fields in 6 master data tables (chapter 6 of the handbook and list of master data tables in annex 24E).
§ Any fields in 38 types of core documents in annex 22A (such as design brief documents, submission drawings, good for construction drawings, and tender documents( listed in chapter 17 of the handbook)
§ Any fields in 31 types of statutory documents in annex 23A (such as statutory records/returns, statutory applications, licenses, approvals, etc.)
It is pertinent to mention that design activities may be performed using any design software, such as the one below. Still, interfacing between the design software and the IT/ERP package would be needed to track design activities.
· ETAB, STADD, Auto cad, Revit Architect (BIM),3D Studio Max, Photoshop, Idea spectrum, real-time landscape pro, NCH software dream plan, smart draw, pro modeling suit max, Autodesk 3D’s, Revit MEP, AutoCAD Electrical, Auto Cad HVAC, Ansys, Quick allot, or and project management software or an ERP solution for Design functions
11. Analyse audit trail reports and provide comments to the Internal audit team.
This includes analysing the following etc., to identify suspicious or unethical activities.
· Who inside the design function or outside the functions accessed the design software or its ERP solution and performed design activities?
· Or Who made design changes (including circular changes to designs and drawings)?
· How much was the time of access or duration, \
· When were the design systems accessed?
12. Initiate countermeasures to detect and prevent unauthorized or/and unethical transactions and enable benefits such as the below.
· Quality of design and drawings
· Customer’s design requirements
· Meet statutory compliances
· Project cost savings
· Preventing funds leakages
· Design Process efficiency enhancement
· Accuracy in financial reporting
13. Reviewing and recommending enhancement of “Audit Trail Software” features to improve design efficiency and quality and enable online auditing vis-a-vis each function.
Handbook of the author
A template illustrating the list of activities to be performed for configuring audit trails is included in chapter 8) in the author's handbook and titled” ETHICS in the real estate and hospitality industry, Volume 1- Architectural, Interior design, and MEP services. “