Skip to main content
Compliance · 5 min read

Reconciliation Audit Trail: What Regulators Expect in India

A reconciliation audit trail is not just a record of what matched — it is a queryable history of every matching decision, every exception classified, every override made, and every approver who signed off. Indian regulators under the Income Tax Act, GST framework, and Companies Act each have specific expectations for what this trail must contain and how long it must be retained.

Terra Insight
Terra Insight Reconciliation Infrastructure

Content authored by practitioners with experience at Amazon India, Intuit QuickBooks, and the Tata Group. Meet the team →

Published 18 March 2026
Domain expertise
TDS Reconciliation GST Input Credit Platform Settlements NACH Batch Matching Bank Reconciliation Form 26AS Matching ERP Integrations Enterprise Finance Ops

During a GST audit, an officer requests the purchase register and GSTR-2B for a 12-month period and asks the finance team to show how ITC was reconciled before each GSTR-3B filing. If the reconciliation happened in a spreadsheet, the finance team will produce a PDF printout with no version history, no indication of who made changes, and no log of exceptions that were overridden.

That is not an audit trail. That is a snapshot.

What a Complete Audit Trail Contains

A complete reconciliation audit trail has five mandatory components:

1. Match log: Every transaction matched during the reconciliation run — source record, target record, matching criterion used, match confidence, and timestamp of the match.

2. Exception log: Every item that did not match automatically — exception type (classification), the data that was available, the classification rationale, and who reviewed and resolved it.

3. Override log: Every instance where a human overrode an automatic match or exception classification — the original classification, the override, the reason stated, and the approving user.

4. Source data log: Every input file ingested — filename, source, date of download, row count, hash verification. This proves the reconciliation was run against the correct data.

5. Sign-off log: Every approval event — who signed off on the month-end close, with timestamp, and what exceptions were outstanding at sign-off with their materiality classification.

CBDT and GST Authority Requirements

Regulatory authorityPrimary interestDocumentation requiredRetention period
CBDT (Income Tax)TDS receivable vs Form 26ASAssessment year-wise TDS reconciliation + mismatch log8 years from end of assessment year
GST authorityITC claimed vs GSTR-2BMonth-wise GSTR-2B vs purchase register reconciliation6 years from GSTR-9 filing date
Statutory auditor (Companies Act)All reconciliation typesBank BRS, TDS schedule, ITC schedule, AR/AP confirmation8 years from financial year end
RBI (if NBFC or payment aggregator)Bank and nodal accountDaily bank reconciliation statementsAs per specific RBI direction

Maintaining Queryable Match History

A queryable audit trail is one where a specific transaction can be traced in seconds — not hours. Given a UTR number, the auditor should be able to retrieve: the original bank credit, the invoice or settlement it was matched against, the matching criterion applied, the confidence score, and the team member who reviewed any exceptions.

How Long to Retain Reconciliation Records

The practical answer for Indian organisations is 8 years — the maximum retention requirement across all applicable laws. Organising retention by financial year makes retrieval straightforward: a single folder or archive per FY, containing all reconciliation run logs, input files, and sign-off records for that year.

Digital vs Paper Audit Trails

A paper audit trail fails for three reasons:

  1. No version history: A printed spreadsheet shows the final state, not the changes made during the reconciliation process
  2. Not queryable: Finding a specific transaction in a printed report requires manual page-by-page review
  3. Tamper risk: Paper records can be altered without detection; digital records with hash verification cannot

Passing a Reconciliation Audit

The most common failure in a reconciliation audit is not that the reconciliation was wrong — it is that the organisation cannot demonstrate the reconciliation was done correctly. The absence of an audit trail is treated by regulators as absence of the reconciliation itself.

Reconciliation software India that generates system-level audit trails — immutable, timestamped, user-attributed — meets the regulatory expectations of CBDT, GST authorities, and statutory auditors without requiring additional documentation overhead.

TDS reconciliation software that maintains a queryable log of every Form 26AS match and every exception raised reduces audit response time from days to hours — the difference between a routine inquiry and an extended scrutiny.

The Income Tax India portal publishes Section 44AB audit requirements and the CBDT guidance on record retention that governs what documentation the tax auditor will request.

Primary reference: Income Tax India e-filing portal — where CBDT requirements for audit documentation and record retention are published.
Related Reading
signs your reconciliation process is broken year-end reconciliation FY close India reconciliation errors that trigger GST notices

Frequently Asked Questions

How long must reconciliation records be retained under Indian law?
Under the Income Tax Act, books of account and supporting documents must be retained for 8 years from the end of the relevant assessment year (Section 44AA). Under GST law, records must be retained for 6 years from the last date of filing the annual return for the financial year (Rule 56 of CGST Rules). For companies under the Companies Act, records must be retained for 8 years from the end of the financial year. The effective minimum retention period for reconciliation records is 8 years.
What does CBDT expect in a reconciliation audit trail?
CBDT expects: a reconciliation of TDS receivable per books to Form 26AS for each assessment year, with named exceptions documented; evidence that correction return requests were filed for mismatched TDS entries; and a reconciliation of advance tax paid to TDS credit claimed. For companies subject to tax audit under Section 44AB, the reconciliation must be available for review by the tax auditor within 30 days of the audit commencement date.
What does a GST audit officer look for in reconciliation documentation?
A GST audit officer conducting scrutiny under Section 65 or investigation under Section 67 will request: the purchase register for the audit period, the GSTR-2B downloads for the same period, and the reconciliation statement showing how ITC claimed in GSTR-3B was derived from GSTR-2B. They will also request evidence of reversals made for ITC claimed without GSTR-2B support, and the basis for any proportional ITC reversal under Rules 42 and 43.
Can a spreadsheet serve as a reconciliation audit trail?
A spreadsheet can serve as an audit trail only if it is tamper-evident, dated, and version-controlled. In practice, spreadsheets do not meet these requirements — rows can be deleted, formulas changed, and dates edited without a record of the change. Statutory auditors and GST officers increasingly require system-generated audit trails, not spreadsheet exports, especially for organisations with monthly transactions above 500.
What is the difference between a digital and paper audit trail for reconciliation?
A digital audit trail is generated automatically by the reconciliation system — every match, every exception classification, every override is time-stamped and user-attributed. A paper audit trail is printed output signed by the finance manager. Digital trails are superior for regulatory purposes because they are immutable, searchable, and can be exported on demand. Under the DPDP Act and GST rules, digital records with appropriate access controls meet the requirements for electronic record-keeping.

See how TransactIG handles reconciliation for your industry

Configuration takes 2–4 weeks. No code development required. ISO 27001:2022 certified.

Request a Demo Reconciliation Software Guide →