Recently, two of our clients were simultaneously undergoing audits by the Department of Defense (by DCAA) and by the Department of Energy, respectively. In both cases and perhaps not coincidentally, the auditors were especially focused on reviewing a system audit log that tracks chronological activity by user in great detail. In particular, the auditors were interested in reviewing general journal entries and who made them, why they were made, and the purpose of each journal entry.
In one instance, the auditors noticed gaps in database sequence numbers and wanted to know if this was because of deleted records or for other reasons. The auditors were also focused on the approval process for journal entries and timesheets alike. The regulations for such scrutiny in regard to an audit trail is promulgated in FAR Part 4 - Administrative and Information Matters and in the DFARS 252-242-7004 - "Provide audit trails and maintain records (manual and those in machine-readable form) necessary to evaluate system logic and to verify through transaction testing that the system is operating as desired."
To provide the details the auditors sought, SYMPAQ features in-depth audit logs for both accounting and timekeeping transactions. For each accounting user, the activity history by transaction entry screen, reports and all processes invoked is available by user defined date ranges. Information includes, but is not limited to, a User ID, IP address, date and time, and the action taken (i.e., add, update, or delete data).
For timekeeping, the auditors wanted to know how long it takes from when a timesheet is submitted for approval until it is approved or rejected by a manager and this information was provided. Reasons for changing original entries are also recorded in the audit log in addition to daily notes entered by each timekeeper.
Being able to meet such requests by the auditors enabled our clients who happened to be undergoing similar audits to satisfy system requirements that go beyond the criteria stipulated in the SF1408 accounting system adequacy survey. It also speaks to the need to be prepared for the unexpected when undergoing an accounting system audit. To conclude, the system audit trail helps to ensure the accuracy and integrity of financial records by allowing auditors to verify the authenticity and integrity of transactions. It also helps detect errors, fraud, and other forensic elements within the accounting system.
