Enter your idea

Very important as it crucial all changes are tracked for assurance and audit purposes, especially changes within the COA area

I wholly agree with Jason Grant comment December 29, 2023 09:37 in this thread.

The current audit trail & assurance dashboard was once a good starting point.
And while Xero capabilities have grown over the years. It seems the audit/assurance trail side of things has not kept pace.

If I want to check who has pulled what reports and when, there is no information. There isn't even an assurance category called "reports".

If I want to check who has made what changes to an employee's Pay Template (e.g. what was their rate of pay before it was changed), I cannot. I have to review payslips or start looking through payroll reports.

In my opinion, the lack of audit/assurance capabilities in Xero is exacerbated because of the limited options of User Permission levels that exist.

I feel Xero needs to invest time/resources into further developing the audit/assurance aspect of the software.

Being able to see history of Chart of Accounts - the archiving history - who did what etc

A full audit trail for payroll is one of the basic requirements for any payroll system given the sensitive information it holds and the scope for fraudulent activity. This should be priority on the developers list.

A lot of ideas have been posted on H&N (more commonly known as "Audit trail reporting") on this forum, and its predecessor forum too, but can we try this again, one more time?

Xero needs to revamp its H&N report, to meet basic software security guidelines. At the moment, error and fraud CANNOT be easily detected, at least without of a lot of unnecessary work.

See the link below for Audit trail requirements in software from countries like India that take this seriously.

Here are my 6 suggestions, of which 2-5 are the really important ones:

1. Export - H&N report needs to be exportable to Excel.

2. Full transactions - Transactions should be fully visible, not truncated in "Note" form. To deep dive into audit trail you need as many columns as there are on the Account Transaction report

3. Full History - a good audit trail will be a detail report. The whole history of every transaction in all of its gruesome or geeky detail needs to be on the face of the report. If you are looking for a needle in a haystack, it doesn't help to put the hay into small bags , as we then need to open all of the bags to examine the hay! Just let us examine the whole trail without clicking on each transaction and second guessing which transaction may be the right one.

4. Filters - it needs way more filters, as you would have on the Account Transaction report (eg Date of transaction, not just the date it was Modified)

5. Audit ID number - a unique ID is needed for every transaction. (an ID is actually viewable in the "Journal report" but crazily enough, after all these years, Xero still haven't made this ID a unique ID as it changes on every edit of the transaction. This is like finding your needle to find that someone has greased it and it falls straight back into the haystack!)

6. Technical log vs Audit log (see second link below) - these logs are not separated out making it harder to trawl through eg the date the document was uploaded is known as the technical log, and shouldn't be on display with the transactional or true Audit log.

So please Xero, up your game and whatever is easier, prioritise this really important report, perhaps revamp the Journal report, which is much closer to what we need than the History & Notes report.

As mentioned above:

For a classic Audit trail report see here
https://www.youtube.com/watch?v=s9rP24cQ0ps

Audit trail requirements now legally required in India
(Recording an audit trail of every transaction,
Creating an audit log of every change that's made in the books of accounts, Capturing the date details about when changes are made, Ensuring that the audit trail can't be disabled)
https://learn.microsoft.com/en-us/dynamics365/business-central/localfunctionality/india/india-audit-trail-edit-logs-accounting-software

We definately need a more transparent audit trail for xero payroll. Surely the team and technology within Xero is clever enough to adopt this requirement and make it available to their fee paying clients!!!

The History & Notes is not an adequate Audit trail report in my opinion for the following reasons:

1. Export - It does not export to Excel
2. Visibility - It does not show all the details of the transactions and in journal form with previous versions (see first link below)
3. Filters - there are too few key filters (eg Date of transaction itself is not there)
4. Columns (similar to 2) - there are currenly not enough columns in the report
5. Detail - this column actually combines too much information in one field eg the amount and date shouldn't be concatenated
6. Technical log vs Audit log (see second link below) - these logs are not separated eg the date the document was uploaded is not part of the Audit (transaction) log.

For a classic Audit trail report see the old QB desktop audit trail report here
https://www.youtube.com/watch?v=s9rP24cQ0ps

For the 5 requirements for good audit trail in software, see here
https://tallysolutions.com/accounting/5-features-to-look-in-audit-trail-edit-log-accounting-software/

We have items "hard coded" to employees - resulting in either extra pay or deductions - but without a payroll audit trail - there is no way of seeing who entered these and when.
Audit trail for everything else - but not for Payroll????? Everything in payroll should have an audit trail.
This is something that needs to be fixed / added ASAP as it critical to any investigation.

I am currently going through an HMRC investigation for a client who was questioned about when payroll records were submitted to HMRC by the client. Unfortunately, several pay submissions were made due to errors in calculations which were subsequently corrected through reverting payruns and resubmitting them.
I have been told by Xero that "Once a pay run is reverted, the associated submission for that pay run is deleted from Xero permanently." This means that there are no records to prove that payruns are submitted on time to HMRC and then corrected at a later date. This is an unacceptable audit trail in Xero as it exposes customers to potential penalties from HMRC who, apparently, also do not keep such records. Come on Xero - audit trails are a simple requirement of accountancy packages. Surely, you do not want your clients to be exposed to potential penalties through no fault of their own?

please please please can you get on with this?

Xero please play Snakes and Ladders and move this to the top of your
list of "product ideas" !

I know you have lots of ideas to deal with some 1030 from Accountants and bookkeepers and 3634 from Small businesses...

But this is like so important.

Don't say you haven't been warned.

Does anyone actually read these comments?

Anyway in case you do and you have no idea what Audit trail and why History and Notes really doesn't hit the mark (do you want me to do a Ted Talk on this?) have a look at criteria for good audit trail here:

https://tallysolutions.com/accounting/why-do-we-need-an-audit-trail-for-businesses/

🙏

Please provide the ability to see when changes are made to the default tax rates, or even all changes made to the chart of accounts.
The History & Notes section doesn't show this and the Assurance Dashboard shows nothing useful either.

essential for Payroll setup

We need to be able to see changes to our chart of accounts. Some VAT rates have been changed and we cannot see who or when it was done. This has caused a big problem for us and would be more than helpful if you could assist on this. An audit trail is so important for all areas.

An audit trail is critical - especially for payroll functions. Specifically pension communication sent directly through Xero and the ability to reproduce copies of the letters sent.

One of my clients is currently having a review from their pension provider and they have asked to see copies of the postponement correspondence sent to specific employees when they joined a few years ago. The client sent out the letters using Xero's 'E-mail postponement letter' function and thought nothing more of it.
Now there is no proof the letter was even sent! I've contacted Xero for help to get a copy of the letter or an audit trail and I was pointed to this thread and given no support as to how I can prove this was done or to get a copy of the letter.
Hopefully the staff members retained a copy of the email but I'm not optimistic they would have.

An audit trail in the employee record to say which letter was sent out with a date/time stamp and an ability to reproduce the letter is essential.
What a waste of time to email the letter and then download to save outside of Xero - what's the point - you may as well send the letters outside of Xero in the first place.

This is a necessity

An audit trail for Payroll as pointed out below by a few other Xero users is a must requirement (for obvious reasons, examples in some of the comments below). This is critical, not a nice to have. When will this feature be available?

Seems like the issue continues..
We had a tax code notice come through for our director, which was incorrect, and on investigation got to the bottom of it, but whilst (just by chance) checking the director's details, notice the tax code was very wrong and looked like HMRC owed him..not correct. In addition, apart from his car we have never had any benefits so nothing would have been set up, but all of a sudden, 2 benefits have appeared, with £s next to them.
When querying with Xero, they said no history and blamed us.
Why, if we can see when we migrated in to Xero, send invoices/ statements etc, are they incapable/unwilling to help....cost to them??
We're going back to Sage straight away!!

Eleanor thanks, the New Journal report, is a big improvement on the old one!

Regarding audit trail, it does have both "posted date" and "posted by" columns, so small round of applause.

However there is a still unforunately a FUNDAMENTAL flaw in the "journal report" (journal in Xero terminology means transaction, not a "manual journal" as accountants would understand it, although you can still filter for Manual journals should you want with the "more" button)

The flaw is as follows. Xero assigns a "Journal ID" which is great - the core of good Audit trail. However, for some reason I just dont get, Xero doesnt understand that editing a transaction, SHOULD NOT in any circumstance lead to Xero amending the Journal ID!

A Journal ID gets assgined when you create a new transaction. It shouldn't give a new one on an edit! As it is the Journal ID facility is completely unreliable because if the transaction (sorry, journal) has been edited, you will no longer find that ID, as it has been deleted from the history. (bang head against the wall 3 times)

Other minor flaws:

....transaction type (Source type) is missing (duhh, reminds me of the VAT reports, where transaction types are also omitted!)

....Export to Excel button (the one I have been requesting for years) is there, but doesnt seem to work (maybe it's me but I doubt it)

So back to the drawing board (hopefully not for too long) Xero programmers

If you do get these fixes out soon, I would try to get the New Journal report into a full blown Audit trail report with permuations of each edit showing, after which you could dump History and Notes altogether, maybe into the same place edited Journal IDs get dumped ;)

Hooray, they've finally updated the journal report that fulfills this need!

How is it even possible that this software has been around for the time it has been without having this feature? It is very time consuming to go transaction by transaction to see who did what for a client account.