Audit Trail Tracking and Compliance
Audit Trail Retention Is a Must-Have for Any Critical Business Process
What is an Audit Trail?
An audit trail, sometimes called audit tracking, provides:
- Verifiable evidence that can be presented internally or externally.
- A sequence of tasks or activities that have been performed.
- What actions were taken?
- Information about who performed the task(s).
- Time and date stamps.
As part of a process or operation, in a workflow context, this refers to the tracking, capturing, and reporting of all tasks, activities, participants, times, dates, and actions related to a particular workflow or business process (e.g., accounting transactions). Audit trails provide explicit electronic records of who, what, when, where, and how information is used to confirm that tasks were performed as expected by team members or identify errors. Many departments in an organization require some form of auditing, including Accounting, IT, Human Resources, and others like information security records.
What is Included in an Audit Trail?
In a business process, workflows follow a fairly linear, step-by-step method where tasks are assigned and completed in a standardized order. Exceptions can be predicted, and alternate paths can be taken, but for the most part, these processes are predictable and auditable. Activities within the process can easily be traced back to the source. For instance, a finance director who approved a purchase. By using audit reporting logs, anyone who needs to know who made this particular approval can easily find out not just who but:
- When the approval was made
- What the approver reviewed before making the approval, including any files that were provided
- Where the request originated
- What steps were taken leading up to the approval
- When the approval was made (Date/Time)
Audit Tracking Example
The screenshot example below shows a sample audit trail derived from Integrify. Integrify's "Request Detail" is completely configurable by administrators, allowing for the removal or inclusion of summaries, KPIs, Open Tasks, Completed Forms, Related Requests, Request Records, Task History, and Reports.
In this example, the process was for a Competitive Discount Request Form. At the top, you can see a summary of where the process stands, which is "Approved with Adjustments."
Below that, you can see that two forms were completed, both by Tom Rezk; for the sake of space, we cropped out the dates they were completed, but those are typically visible.
- In the Task History section, you can see a complete audit log of when the form was submitted, who submitted it, and the information captured in it.
- In the Manager Approval section, you can see that this request was assigned to a group of managers, where only one of them needed to approve it for the process to continue. In this case, Dave Willsey approved the request, which automatically canceled the tasks for the other two managers in the group. If it had been configured to require all three managers to approve it, you would see "Completed" next to their names.
- In this case, the approval was made by the manager with adjustments. The manager was then required to complete a "Pricing Adjustment Form," a notification was automatically sent to the requester with the adjusted pricing. You can see the data entered in the form at the bottom. You could click on the clipboard icon if you wanted to see the form exactly as it was submitted.
- If any documents had been attached to the form, they would be listed with the form information and could be viewed.
How Are Audit Trails Used?
There are many business scenarios where providing an audit trail is either a best practice or a requirement.
Regulatory Audit Tracking
Depending on your industry (especially healthcare, finance, government contracting, insurance, etc.), you may be subject to a regulatory audit. Government agencies can use audits you provide to review and confirm that proper standards were followed and that you can identify sources. Some common examples of audits that benefit from internal auditing software include:
- Financial Industry Regulatory Authority (FINRA)
- General Data Protection Regulation (GDPR)
- Gramm–Leach–Bliley Act (GLBA)
- Health Insurance Portability and Accountability (HIPAA)
- Health Information Technology for Economic and Clinical Health (HiTech)
- Sarbanes–Oxley (SOX)
- Off-Label Drug Use
Corporate Governance and Compliance Audit Tracking
Companies with strict corporate governance and compliance initiatives can use audit reports to ensure corporate policies are followed and root out errors and corporate malfeasance.
Continuous Improvement Audit Tracking
Audit reports can show examples of areas for improvement in a process. For instance, if frequent mistakes or delays are unearthed by reviewing the data, workflow administrators can look for opportunities to improve forms, copy, routing, etc., and ensure a better end product.
Training Audit Tracking
By reviewing audits with new employees, trainers can show examples of how a process should be followed from beginning to end and provide insight to new employees about the importance of following standards. Training on the proper rules for an accounting entry is one example. Another could be the proper response to a cybersecurity incident.
Information Technology Audit Tracking
A common use case for auditing in IT is the unfortunate situation of security breaches. IT staff need a plan to mitigate breaches properly, following a standard process. In addition, they need to be able to go back and audit the process to ensure all procedures are followed as expected.
Find Out More About Integrify
Interested in Automating Your Workflow?
We have a variety of resources to help you on your journey to an automated workflow.