Audit Trail Tracking and Compliance
Audit Trails Are a Must-Have for Any Critical Business Process
What is an Audit Trail?
An audit trail provides:
- Verifiable evidence that can be presented internally or externally.
- A sequence of tasks or activities that have been performed.
- What actions were taken.
- Information about who performed the task(s).
- Time and date stamps.
As part of a process or operation. In a workflow context, this refers to the tracking, capturing, and reporting of all tasks, activities, participants, times, dates, and actions related to a particular workflow or business process. Audit trails, therefore, provide explicit who, what, when, where, how information used to either confirm that tasks were performed as expected or identify errors. Many departments in an organization require some form of auditing including Accounting, IT, Human Resources, and others.
What is Included in an Audit Trail?
In a business process, workflows tend to follow a fairly linear, step-by-step method where tasks are assigned and completed in a standardized order. Exceptions can be predicted and alternate paths can be taken but for the most part, these processes are predictable and auditable. Activities that occur within the process can easily be traced back to the source. For instance, a finance director who approved a purchase. By using audit reporting logs, anyone who needs to know who made this particular approval can easily find out not just who, but:
- When the approval was made
- What the approver reviewed before making the approval, including any files that were provided
- Where the request originated
- What steps were taken leading up to the approval
- When the approval was made (Date/Time)
Auditing Example
In the screenshot example below we show a sample audit trail derived from Integrify. Integrify's "Request Detail" is completely configurable by administrators, allowing for the removal or inclusion of summaries, KPIs, Open Tasks, Completed Forms, Related Requests, Request Records, Task History, and Reports.
In this example, the process was for a Competitive Discount Request Form. At the top, you can see a summary of where the process stands, which is "Approved with Adjustments."
Below that you can see that two forms were completed, both by Tom Rezk. For the sake of space, we cropped out the dates they were completed, but those are typically visible.
- In the Task History section, you can see a complete audit log of when the form was submitted, who submitted it, and the information that was captured in the form.
- In the Manager Approval section, you can see that this request was assigned to a group of managers, where only one of them needed to approve it for the process to continue. In this case, Dave Willsey approved the request, which automatically cancels the tasks for the other two managers in the group. If it had been configured to require all three managers to approve it, you would see "Completed" next to all of their names.
- In this case, the approval was made by the manager with adjustments. The manager was then required to complete a "Pricing Adjustment Form" and a notification was automatically sent to the requester with the adjusted pricing. You can see the data that was entered in the form at the bottom. If you wanted to see the form exactly as it was submitted, you could click on the clipboard icon.
- If any documents had been attached to the form, they would be listed with the form information as well and could be viewed.
Example of an Audit Trail in Integrify (Click for Larger)
How Are Audit Trails Used?
There are a variety of use cases that require auditing either by external auditors or internal resources.
Regulatory Audit
Depending on your industry (especially healthcare, finance, government contracting, insurance, etc.) you may be subject to a regulatory audit. Government agencies can use audits you provide to review and confirm that proper standards were followed and that you can identify sources. Some common examples of audits that benefit from internal auditing software include:
- Financial Industry Regulatory Authority (FINRA)
- General Data Protection Regulation (GDPR)
- Gramm–Leach–Bliley Act (GLBA)
- Health Insurance Portability and Accountability (HIPAA)
- Health Information Technology for Economic and Clinical Health (HiTech)
- Sarbanes–Oxley (SOX)
- Off-Label Drug Use
Corporate Governance and Compliance
Companies that have strict corporate governance and compliance initiatives can use audit reports to ensure corporate policies are being followed and root out both errors and corporate malfeasance.
Continuous Improvement
Audit reports can show examples of areas for improvement in a process. For instance, if there are frequent mistakes or delays unearthed by reviewing the data, workflow administrators can look for opportunities to improve forms, copy, routing, etc., and ensure a better end product.
Training
By reviewing audits with new employees, trainers can show examples of how a process is supposed to be followed from beginning to end and provide insight to new employees about the importance of following standards.
Information Technology
A common use case for auditing in IT is in the unfortunate situation of security breaches. IT staff need a plan in place for mitigating breaches properly, following a standard process. In addition, they need to be able to go back and audit the process to ensure all procedures were followed as expected.
Find Out More About Integrify
To see Integrify's auditing tools in action, request a demonstration or watch some of our product videos. If you have any questions, don't hesitate to contact us anytime.
Automate and Track Any Process
To see how quickly you can begin automating and auditing your processes, request a demonstration or trial of Integrify.
