An audit trail (also called audit log) is a relevant chronological recording of actions, a set of files, or the destination of a collection of records that represent a sequence of successive activities or events within an operational environment, a procedure or any other process.

This step by step recording of the executed events, or other sets of documents or decisions, can be significant during audits, complaints, and lawsuits, including the uncovering of external and internal frauds.

By formalizing decisive actions, allow to view every occurrence from the moment an event or activity is created or revised, to the final archiving or delivery, if needed.

What is an audit trail in practice ?
Why is it important to set up an audit trail for your business’ processes and decisions?

Ex-post checks and evaluations allow companies to check the correct implementation of systems and make adjustments.

This operational control shows a proactive approach that contributes to fewer errors and complaints, in turn giving comfort to the company’s management.
If the change can be assigned to the user, it facilitates investigations when necessary.

Having audit logs also demonstrates the maturity of the company and its processes.
For many different considerations - customer satisfaction, regulatory compliance, supervisory control, external audits,... - it is essential to be able to justify your company operations and to show that your business ethics and norms are duly followed.

- Financial records but also subsequently KYC profiles, MiFID classifications, AML Risk scorings...
- Screening results with date of search (time stamp)
- Notification of receipt of mail during awareness campaigns
- AML testing
- Proof of 4eyes principles
- IT access and validity
- Accesses to user platforms (in case an employee moves to another department)
- Other kinds of data
What are the different types of audit trail?

How to build an audit trail?
For financial institutions, the old method of safe manual archiving of critical documentation is in decline. Nowadays, tracking methodologies run either through stand-alone data with common desktop utilities or centralised management systems.

By using central workflow tools, it is easier to build these audit trails into a process-driven environment. It also allows you to simplify reporting and perform checks. The use of data and metadata in these processes becomes extremely important.

When using Office Suite applications such as Excel and Access, the possibility to build an audit trail, access rules and use the four-eyes principle exists just like in other digitized environments.

  • 1.

    Automatic save or back-up available;

  • 2.

    Journal sequences (by date and hour);

  • 3.

    Limited access rights;

  • 4.

    Edit or write access ex-post limited several well defined persons (no override abilities);

  • 5.

    exceptional handling report (why was there a request for changing the record); and

  • 6.

    alert to thefinal person in charge if a change occurs (also for corrupted data and failure of the system).

Add your comment

Related articles

What is the Payment Services Directive (PSD2)? Discover the opinion published by the EBA in 2019 on strong customer aut...

Financial firms Tue 10 September 2019

What are Golden Visa schemes and how are they used to propagate corruption and money laundering? Learn what the EU is do...

Financial Institutions Fri 25 November 2022

What is a VAT carousel? Learn what is the retrospective on transactions and how you may be unknowingly involved in a VA...

KYC Thu 05 December 2019

How are prepaid cards abused for financial crime? Learn how criminals mis-use prepaid cards for money laundering, terro...

AML Mon 20 May 2019
Experts in risk management and regulatory compliance

Pideeco is a consultancy firm providing legal services, business solutions, operational assistance and educational material for professionals in the financial industry.

We are based in Brussels and we specialize in regulatory risk compliance services covering the Eurozone.

Pideeco combines professional Regulatory knowledge and technical expertise to safeguard your business’ reputational and operational risk. Our unique customer-centric approach helps us build strategical and legitimate cost-efficient remedies.

Working with us means reaching out to complementary people, allowing for original thinking and innovative vision.

Our Network Learn more about us