Audit security

from Wikipedia, the free encyclopedia

The term revision security refers to the revision-proof archiving for electronic archive systems . The term is based on the understanding of the revision from an economic point of view and relates to information and documents that are required to be kept or are worth keeping.

In Germany, electronic archive systems must meet the requirements of the Commercial Code (Sections 239, 257 HGB), the Tax Code (Sections 146, 147 AO), the principles for the proper management and storage of books, records and documents in electronic form and for data access (GoBD ) and other tax and commercial law requirements.

The term audit-proof archiving was coined in 1992 by Ulrich Kampffmeyer and published in a "Code of Practice" in 1996 by the professional association of the document management industry , Association of Organizations and Information Systems (VOI). In retrospect, audit security refers to the verifiability of the storage method used and thus not only to technical components, but to the entire solution. Audit security includes secure processes, the organization of the user company, proper use, secure operation and evidence in process documentation . An essential feature of audit-proof archiving systems is that the information is archived again, traceable, unchangeable and falsification-proof. Audit-proof archiving is an essential component for the compliance of information systems.

Features of revision security in electronic archiving

Based on the HGB regulations, the following criteria apply for audit security:

  • accuracy
  • completeness
  • Security of the overall process
  • Protection against change and falsification
  • Protection against loss
  • Use only by authorized persons
  • Compliance with the retention periods
  • Documentation of the procedure
  • Traceability
  • Verifiability

The requirements and their implementation can be found in the HGB , the AO and in detail the GoBD .

The term audit security or audit-proof archiving is meanwhile also applied to the archiving of information outside the commercial and tax law area and used synonymously with the falsification-proof, long-term archiving of electronic information .

Certification of the revision security of electronic archive systems

The verification of compliance with the specifications and the certification of electronic archiving systems , or archiving components integrated in commercial applications or document management, are usually carried out by auditors at the user's site. The Institut der Wirtschaftsprüfer in Deutschland eV has its own specifications for this with the IDW RS FAIT 3 (Technical Committee for Information Technology).

Compliance with revision security can also be certified by TÜViT on the basis of procedural documentation . The basis for this are the test criteria for document management solutions (PK-DML) of the VOI eV

Generally valid certifications for the revision security of individual hardware or software products such as B. optical storage does not exist. The GoBD does not attach any importance to third party certificates. The revision security of a solution is checked individually at the individual user company and includes the correctness of the entire process, the use of the hardware and software systems used, the quality of the information and processes as well as secure operation. The exclusive operation of electronic document management is therefore not sufficient.

See also


  • Ulrich Kampffmeyer , Jörg Rogalla: Principles of electronic archiving . Code of Practice Volume 1. VOI Association Organizational and Information Systems eV, Bonn, 2nd edition 1997, ISBN 3-932898-03-6 .
  • Principles of proper IT-based accounting systems (GoBS) (PDF; 58 kB). Letter from the Federal Ministry of Finance to the regional finance authorities of 7 November 1995 - IV A 8 - S 0316 - 52/95 - BStBl 1995 I p. 738f.
  • Karl-Georg Henstorf, Ulrich Kampffmeyer, Jan Prochnow: Principles of procedural documentation according to GoBS . Code of Practice Volume 2. VOI Association Organizational and Information Systems eV, Bonn, 1999, ISBN 3-932898-03-6 .
  • PK-DML test criteria for document management solutions . VOI Association Organizational and Information Systems eV, Bonn, 2nd edition 2004.
  • T. Brand, I. Geis, S. Gross, B. Lindgens, B. Zöller: Archiving tax-safe . Gabler, Wiesbaden, 1st edition 2011. ISBN 978-3-8349-2237-3

Web links