Review of business systems and keeping audit trails of business transactions

Review of business systems

The Canada Revenue Agency (CRA) may review your business systems to:

• make sure the systems meet the CRA record keeping requirements
• get an overview of the systems, including configuration options and details of the flow of information through the systems and subsystems
• evaluate the retention and content of electronic data files
• evaluate the reliability of internal controls
• identify the electronic data files that will be needed for later audits

As part of your obligation to provide reasonable help to the CRA, you have to give the requested information about your business systems. For more information on business systems, see Information Circular IC05-1, Electronic Record Keeping.

Keeping audit trails for business transactions

An audit trail is the information that is needed to recreate a sequence of events related to a business transaction. Electronic records must show an audit trail from supporting documents, whether paper or electronic, to the summarized financial accounts.

In addition, the trail may include some links to other associated processes and events, each of which may have its own audit trails. These include front-end systems (for example, e-commerce and point of sale), receipts, payments, stock inventories, preparation software for income tax and GST/HST returns, and email systems.

For Internet-based e-commerce transactions, certain records could be an important part of the audit trail. These include web logs, emails used as part of a transaction, invoices and confirmations, and security measures such as digital signatures. For transactions that are covered by an electronic data interchange trading agreement, you have to keep all electronic records including functional acknowledgments.

Forms and publications

• Information Circular IC78-10, Books and Records Retention/Destruction
• GST/HST Memorandum 15.2, Computerized Records