Mastering audit-proof archiving digitally and reliably

Instead of hoping that an important document will turn up again before the tax investigation does, companies should rather play it safe. This is possible through audit-proof archiving that meets all legal requirements.

It is not easy to keep track of everything in the shoals of paragraphs. But there is a solution to this challenge: With intelligent document software, audit-proof archiving can be implemented in an uncomplicated manner and thus becomes a minor matter. Here you can find out everything you need to know.

What does audit-proof archiving mean?

Audit-proof archiving describes compliance with various regulations and security standards in the storage and management of digital business documents. In contrast to analog documents, auditing security must meet more stringent requirements, as the decisive factors of immutability, direct availability and access protection are not necessarily given digitally. This usually looks different with analog documents, e.g. by storing them in a walk-in archive - but it is still a conceivably impractical solution.

Analog archive
Now where is the folder you are looking for?

Since 2015, the GoBD have been a particularly important legal basis for electronic accounting. Depending on the industry, legal form and document type, further rules and individual retention periods of up to 10 years apply. A look at the two basic terms enables a more precise definition:

  • Revision security: This refers to the inalterability of documents and correspondingly transparent procedural documentation. Documents and records that must be retained must be fully retrievable at all times so that accounting and tax audits are straightforward.
  • Archiving: This is the secure storage of documents, for which digital archive and document management systems (DMS) are now the common standard. The storage media must also explicitly comply with the GoBD in their individual modules. The software-specific documentation is usually not sufficient.

Regulations and framework conditions

In Germany, the handling of important business documents and personal data is regulated by extensive, sometimes complicated laws. Audit-proof archiving is intended to ensure compliance with these regulations and therefore requires their individual consideration, even if they are sometimes confusingly distributed across several sets of rules. Violations can result in severe fines or even imprisonment.

  • GoBD: The Gprinciples for the oand safekeeping of records in accordance with the BThe Company's books, records and documents in electronic form, as well as to the DThe principles of data access define uniform basic rules for all companies and self-employed persons. The most important principles are completeness, clarity, accuracy and verifiability. Additional rules may apply on an individual basis.
  • Commercial Code: This primarily includes regulations on transparent accounting. Roughly broken down, this relates in particular to the comprehensible keeping and archiving of commercial letters and books as well as everything that documents relevant business transactions of any kind. Depending on the type of document, retention periods of six to ten years apply (HGB § 238f + § 257).
  • Tax Code: This extends the retention obligation to financial statements, balance sheets and inventories in even greater detail and places them in the financial context. In addition, the procedure for a tax audit is regulated, which requires the machine-interpretable provision of relevant data when a DMS is used. The use of the system by the tax authority must also be made possible, if necessary (AO § 147)
  • Tax law is in turn much more complex and detailed than the above legal texts. It should therefore always be given higher priority in the event of ambiguities in interpretation. In many cases, complete certainty can only be provided by consulting a tax advisor or specialist lawyer.
  • GDPR: Special regulations apply to the processing and storage of personal data. These, on the other hand, must be deleted after their purpose has been fulfilled, about which information must be available at all times. In many cases, this leads to conflicts with the retention periods, which is why an avoidable mixing of personal data and data subject to retention is not advisable.
  • Compliance: The internal implementation of these regulations is a challenging task that must be solved both technically and in terms of communication. A frequent pitfall is the handling of business e-mails, which must also be archived. Appropriate instruction of personnel, but also the use of suitable software for data processing and cybersecurity are indispensable.
SSL and HTTPS encryption supports data security
The main security techniques include TSL and HTTPS encryption.

Documents subject to archiving and retention periods

It is particularly important for companies to be aware of the specific documents to be archived and the associated retention periods. Accordingly, the legislator devotes the greatest attention to tax-relevant documents (Fiscal Code § 147).

10 years retention period

  • Financial statements, balance sheets, profit and loss accounts
  • Inventory
  • Books and records
  • Logbooks
  • Incoming and outgoing invoices
  • Accounting documents
  • Situation reports

6 years retention period

  • received business and commercial letters
  • mailed business and commercial letters
  • Contracts
  • Offers and order confirmations

Further archiving obligations can be added on an individual basis. It is also essential to note that business correspondence and letters are often in the form of e-mails. These must be stored in the same way as analog correspondence. Digitization of documents in paper form is permissible. It is not the presence of the original that is decisive, but the inalterability.

The most important principles - "Code of Practice

In order to facilitate the overview of these complex regulations and the digital implementation of audit-proof archiving, the Association of Organization and Information Systems (VOI) has summarized the most important principles in a standard work since 1996. This "Code of Practice" is updated over the years and helps to comply with the most important regulations. The following points are particularly relevant:

  • Security and immutability: Documents must be archived as soon as possible and protected against loss. This also concerns the avoidance of possible changes, e.g. during content digitization.
  • Completeness: None Document may be lost on the way to the archive or even in the archive.
  • Transparency and traceability: Unavoidable adjustments must be documented accordingly to allow restoration to the original condition.
  • Findability: All documents must be presentable within a reasonable time in the event of a tax audit.
  • Permissions: Only authorized persons may have access - especially with regard to the GDPR.
  • Data migration: The software used must enable secure migration without data loss.
  • Retention period: All principles must be adhered to for the entire duration of retention.

Archiving software requirements

Although there is no obligation to use a digital archive, complying with all regulations and managing large volumes of documents otherwise leads to escalating time expenditure. With a DMS, all documents are stored and available in a central location, which makes audit-proof archiving immensely easier. Requirements for such software naturally relate to the technical implementation of legal principles, but also to the safest possible usability.

  • Cloud usage: This enables the central availability of uniform documents and web-based access. In addition, different access authorizations can be easily set up.
  • Version control: If adjustments are necessary, it must be possible to trace the document history and restore the original at any time.
  • Support of diverse data sourcesDocuments that must be retained can enter the company in a variety of ways - for example, by e-mail or by Postscan. These must be seamlessly connected to prevent loss or corruption.
  • Flexible Labeling: Indexing and keywording that is as versatile as possible improves the findability of documents in the archive. Metadata, tags and automated numbering also facilitate teamwork without jeopardizing audit-proof archiving.
  • Intuitive user interface: It is not uncommon for momentous mistakes to happen due to a lack of user-friendliness. Since usually some people from the company get access, the filing of documents must be as uncomplicated as possible. Drag-and-drop import and individual search filters, for example, help here.
manual errors during archiving
Typing errors are also a frequent source of errors. A high degree of automation is therefore an advantage.

To ensure that all criteria can be met seamlessly and without errors, the use of intelligent all-in-one software is an obvious choice.

Advantages of audit-proof and intelligent archiving with Konfuzio

Konfuzio is the complete solution for automated document management that meets all these requirements and also enables unique functionalities through artificial intelligence. Compliance with GoBD, DSGVO and Co. - in other words: all criteria for audit-proof archiving - only form the basis for versatile process optimizations. As a result, companies are adding numerous advantages to classic DMS systems.

Automate audit security

Through the flexible use of various AI techniques, Konfuzio can understand documents in an automated way, classify and process them. The software recognizes whether documents are subject to retention and can then apply the appropriate rules for audit-proof archiving. For specific documents, the AI can be trained to achieve the highest accuracy and prevent human errors.

Customized workflows

In addition, custom procedures and workflows can be defined, e.g. to implement individual compliance guidelines, save time and increase the overall efficiency of archiving. In addition, individual control instances can be implemented to ensure that a document reaches the correct storage location.

Mail archiving

Through integration with various external scanning providers, Konfuzio enables high-resolution digital images of incoming mail that not only withstand any tax audit, but can also be read out automatically and archived in an audit-proof manner.

Low-code automation for emails

Also the data extraction and classification of e-mails and attachments is uncomplicated. This means they can be found and searched at any time - regardless of storage locations such as mail programs or file systems.

Highest data security

Whether operating in the cloud or in your own data center, the criteria of GoBD and DSGVO are met at all times in terms of audit-proof archiving. Sensitive data can be classified automatically and is subject to the highest level of data protection. Data exchange with external clients is exclusively HTTPS and TLS encrypted.


Audit-proof archiving is a necessary but complicated matter for companies that is subject to a wide range of requirements. These are set out in various legal texts such as the GoBD, the German Commercial Code or the German Fiscal Code. In principle, a transparent, permanent and unchanged storage of important business documents is prescribed. The most important principles, such as security, completeness and traceability, are laid down in the VOI's "Code of Practice".

Digital document management solutions are needed to ensure that all requirements can be met efficiently at all times. When it comes to technical implementation with a DMS, extensive functionalities for centralized and traceable filing are decisive. In addition, artificial intelligence enables the maximum degree of automation and the avoidance of manual errors. These advantages find their full development in the audit-proof document software Konfuzio.

Would you like to learn more about the potential of artificial intelligence for audit-proof archiving and document management? Please feel free to contact Contact to us.

Tim Filzinger Avatar

Latest articles