Step 01
Every change captured
Every posting, edit, reopen and override is captured at the moment it happens. User, role, IP, timestamp, before-and-after values, reason where applicable.
Accounting Software | Audit Trail & Evidence
Every change hash-chained. Auditor-ready evidence packs. Rule 11(g) covered.
Append-only audit log. Every JE, every posting, every reopen captured with user, role, IP and timestamp. Hash-chain integrity for tamper detection. Rule 11(g) of Companies Act compliance built in. Auditor read-only access without provisioning a regular user account. Evidence pack exports per period, hash-verified, Big-4 accepted.
How it works
From posting to audit-pack export.
Step 02
Hash-chain integrity
Each event is hashed and chained to the previous one. Tampering with any historic event breaks the chain and is detected.
Step 03
Auditor read-only access
CA reviewer and statutory auditor get read-only access to the audit trail per period. No regular user account; no risk of accidental edits.
Step 04
Evidence pack export
Per-period evidence pack exports as a hash-verified package. Big-4 accepted format. Auditor verifies the hash chain independently.
What the system does
Capability, input, output.
| Capability | Input | Output |
|---|---|---|
| Append-only log | Every system event | Immutable record per event |
| Hash chain | Event payload + previous hash | Per-event hash with chain verification |
| Auditor access | CA / auditor role assignment | Read-only view per period |
| Evidence pack export | Period + scope | Hash-verified package, Big-4 format |
| Tamper detection | Hash-chain integrity check | Alert on tamper attempt |
| Per-event drill | Event ID | Before / after values + actor + reason |
-
Append-only log
- Input
- Every system event
- Output
- Immutable record per event
-
Hash chain
- Input
- Event payload + previous hash
- Output
- Per-event hash with chain verification
-
Auditor access
- Input
- CA / auditor role assignment
- Output
- Read-only view per period
-
Evidence pack export
- Input
- Period + scope
- Output
- Hash-verified package, Big-4 format
-
Tamper detection
- Input
- Hash-chain integrity check
- Output
- Alert on tamper attempt
-
Per-event drill
- Input
- Event ID
- Output
- Before / after values + actor + reason
Compliance + integrations
Rule 11(g), built right.
Companies Act Rule 11(g) requires an audit trail with edit log from FY 2023-24. Most Indian books-of-account software claim compliance; few build the hash-chain integrity that makes the trail trustworthy. OneFinOps does.
Regulations we work within
-
Rule 11(g), Companies Act
Audit trail with edit log captured from day one, hash-chained.
-
Section 128, Companies Act
8-year retention of books and audit trail.
-
Section 134(5), Companies Act
Internal financial controls supported with hash-verified evidence.
-
SOX 404 (for listed groups)
IT general controls evidence ready for testing.
Connects to
- CA reviewer access Read-only by period
- Big-4 audit pack Hash-verified export format
Audit Trail & Evidence FAQ
What buyers ask.
What does Rule 11(g) actually require?
From FY 2023-24, every Indian company's accounting software must record an audit trail of every transaction, an edit log of every change, and the trail must not be disabled. Auditors are required to verify the trail as part of CARO 2020. OneFinOps captures the trail by design and exposes it for verification.
How long is the edit log retained?
8 years per Section 128 of the Companies Act. The hash chain is preserved across the retention period; tampering with any historic event is detectable for the full window.
Who can read the audit trail?
CA reviewers, statutory auditors and internal auditors get read-only access by period. Regular users (controllers, AP, AR) see their own actions in the trail. No one can edit or delete trail entries; no one can disable the trail.
Performance impact of the audit trail?
Negligible at posting time (hash computation is sub-millisecond). The trail is queryable via indexed views; per-period evidence pack export runs in seconds even at scale.
What evidence pack format does the auditor get?
A package with the per-event log (CSV / JSON), the hash chain, the supporting source documents (bills, invoices, contracts) and a verification key. The auditor verifies the hash chain independently. Format is accepted by Big-4 audit firms in India.
More in Accounting Software
Related features
Period Close Checklist
Reconciliations, accruals, intercompany eliminations, FX revaluation. Sign-off per task.
See Period Close ChecklistFinancial Statements
P&L, balance sheet, cash flow generated from the ledger. Schedule III layouts. Drill from line to source.
See Financial StatementsJournal Entries
Manual JEs, recurring templates, reversal entries. Period-locked posting with approval routing.
See Journal Entries
See the audit trail on a posted JE.
Connect one entity, post one JE. Watch the hash-chain capture the event. Drill into the trail; verify the chain. The auditor will do the same.