Audit trail

What it means

An audit trail is a secure, chronological record of the activity behind reported data: who did what, when, and (in mature systems) the before-and-after values. In a reporting context it captures change history, review and approval steps, source provenance (linking a figure back to its origin), and filing evidence.

Why it matters

The audit trail is the evidence external auditors and regulators rely on, and the backbone of internal control. It is also where spreadsheet-based reporting is weakest: copy-paste leaves no record of what changed or who approved it. A controlled disclosure management process keeps the trail intact from source to filed report.

How it relates to nearby concepts

The audit trail underpins assurance and connects to data lineage: the path a number takes from source system to the line in the report. It is what makes a sustainability statement as traceable as the financial statements.

Common misunderstandings

• It only matters during the external audit: In controlled reporting it is an ongoing record of edits, reviews and approvals, not a one-off artefact produced for the auditor.
• It is just a system access log: An access log records who logged in; a reporting audit trail records how each figure and disclosure was produced, changed and approved.