Audit Trail

Audit trail keeps track of different actions that took place for an activity in a chronological order, these activities may be scientific, financial transaction or communication by individual people, system or other entities. 

As per the definition of the National Institute of Standards and Technology (NIST), an audit trail is:  “A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their component source transactions.”

Therefore, the audit trail records:

• Who: User or the application program and a transaction number.
• When: Date and time
• Where: Location of user or terminal
• What: Data that is being worked upon or is modified.

Example: When checkout from the counter of a market after shopping, the receipt (bill) that we get is a type of audit trail, we (Who/customer) can find all the necessary information on it like the date and time (when)  of checkout, location of the mall and counter number (Where), and the items purchased (What/data).

Why Audit Trail?

Audit trails are one of the most essential things for any company or organization, they keep track of all the things and activities that the organization is up to and due to this any chaos or irregularities in the future can be rectified. It helps the organization to keep track of the internal records and the growth of the organization. It most importantly enhances the security of the organization. 

Audit trails also makes the organization trustworthy when it comes to collaboration with other organizations, also all publicly-traded companies require active audit trails, because — by law — they must be audited once a year at minimum by independent, third-party companies.

Industries/organizations such as financial and accounting, manufacturing and product design, health and medical information, clinical research data, IT tracking and data, digital content management systems, e-commerce sales records and similar makes it mandatory to maintain an audit trail as they deal with sensitive information and data.

Types of Audit Trails:

There are three types of audit trails:

1. External Audits: An external audit is an independent examination of the financial statements prepared by the organization. External audits are performed by CPA (independent certified public accountants) firms hired by a business to ensure the correctness and accuracy of the accounting records maintained by a company.  
2. Internal Audits: An Internal audit is performed within the company/organization, one department of an organization can perform audit verification for some other department. This helps an organization look at its growth and take actions for further growth and steps the avoid the upcoming risks that might become evident while the internal audit.
3. Internal Revenue Service (IRS) Audit: The IRS audit is performed to avoid any tax violations, it is a type of external audit that is performed on organizations that are accused guilty of providing wrong tax data.

Audit Trail in DBMS 

When we talk about audit trail, it usually maintains the history (mainly) of transactions stored in the database, when we retrieve this information or modify it, auditing helps the database administrator (DBA) to keep track of the database resources and authority from the DBMS. Whenever an action is performed on the database resources an audit trail of information including what database object was impacted, who performed the operation, and when is generated, if the DBMS supports a very high level of auditing, a record of what actually changed might also be maintained. It is really important to maintain the record of “who” made the changes in order to avoid security threats because it is easier for an internal entity to have access to the system as compared to an outsider.

There are certain functions and variables that keep track of a successful or unsuccessful transaction, these are: 

• start_transaction(T): keeps a record of the start of transaction
• commit (T): when the transaction is successful and changes must be saved in the DBMS also.
• abort (T): keeps a record that the transaction has terminated unsuccessfully or aborted.

Advantages of Audit trail

1. Fraud prevention: Fraud is easily prevented by maintaining an audit trail, if any irregularities occur within the system, they can be easily recovered, also the employees won’t dare to do any scam as they know that the audit trail will make things clear. External frauds can be averted if the security is made tight and hard to break in.
2. Easy verification: It has been compulsory by the government especially for large businesses to perform an audit at least once a year by an independent third party, if an audit trail is already maintained, it will reduce the job of the external auditor to just verify if all the transactions mentioned on the audit trail are valid or not. This reduces the time and money spent by the organization on external audits while making the job of the auditor less tiresome.
3. Maintaining financial history: If an organization maintains a proper audit trail, it makes it easier for an investor to decide whether or not to invest in that organization. Any other activity that requires verification of finances will be made easy.
4. Easy recovery: In case of any disaster, all the necessary information can be backed up with the help of audit trails.

Disadvantages of Audit trail

1. Maintenance cost: The main disadvantage of audit trail is the extra maintenance that it requires, the hiring of a charted accountant, the cost of memory and other similar requirements.
2. Security threats: Though audit trails are protected and their security is taken care of but if fall in the hands of a perpetuator/attacker, then he/she has entire access to the system and organizations history, especially the financial ones, which is a serious threat as they can modify, delete the data and also use them for awful purposes.