The digital tax audit – Preparation is essential

The tax authorities are likewise going digital. Companies are currently noticing this, in particular, during tax audits by the authorities. The deployment of digital assistance systems is frequently already common practice. During the initial phase of digital tax audits, due to the lack of experience, it was still possible to bank on the auditor still showing some leniency. However, at the present time, companies should no longer rely on that.


Companies are obliged to retain tax-relevant business records, such as invoices, receipts or accounts, for ten years. However, since 2002, these records have also had to be documented electronically or digitally and, upon request, made available to the respective tax authority (Sections 146, 147 of the Fiscal Code (Abgabenordnung, AO)). These also include records such as, e.g. the asset accounts, payroll accounts or financial accounts. Further provisions can be found in the ‘Principles of Proper Keeping and Retention of Accounts, Records and Documents in Electronic Form as well as Access to Data’ (Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form sowie zum Datenzugriff, or “GoBD” for short). (These were published by the Federal Ministry of Finance (Bundesministerium der Finanzen, BMF) in its circular from 11.7.2019).

Scope of the data access

The fiscal authorities may access all the digital data that are relevant for taxation. Besides the original accounting programs, these could also be, e.g. ERP systems, cash register systems, time recording systems and document management systems. Here, there are three ways available to tax auditors for accessing data (a combination of several types of access is also permitted):

(1) There is direct data access if the auditor is able to directly access the in-house hardware and software that are used to carry out the accounting processes. In the course of this, the auditor will be able to read, filter and sort the data. Access authorisations will have to be provided for the auditor and s/he will have to have the possibility of evaluating all the tax-relevant data.

(2) Indirect data access assumes that the auditor will be able to issue instructions to a suitable company staff member for the provision and evaluation of internal company data. In such a case, the auditor would obtain readonly access. Moreover, the auditor may only request those data that the company’s IT system is also able to provide.

(3) A data media transfer is characterised by the handing over to the auditor of data that are relevant for the tax audit on a machine-readable and machine-assessable data carrier (CD, DVD, USB stick) for evaluation using the authority’s proprietary audit software. In this case, the fiscal authority would not be entitled to extract the data from the IT system by itself.

Preparing for a digital tax audit

Prior to a digital tax audit, it is recommended that you uncover the internal company strengths and weaknesses in relation to the GoBD. As part of this review, you should identify and document all the tax-relevant processes, data and programs. Here, the typical problem areas stem from electronically generated data such as, e.g. e-mails or online banking.

All the application systems that are used in the company and could potentially be relevant for a tax audit should be scrutinised so as to establish whether or not they are “GoBD” compliant. There should be appropriate certifications from the software providers. In this context, the documentation of procedures for existing systems and for all programs should be part of a mandatory policy for every business.

While preparing for a digital tax audit, if deficiencies in terms of content or form already emerge (e.g. lack of data transparency or posting errors) then these should be eliminated as quickly as possible. If this does not happen then the auditor will generally be authorised to reject the company’s accounting procedures and carry out a reassessment of the net income or loss.

Retention and archiving requirements

Accuracy is a requirement for electronic storage. For example, incoming letters and booking vouchers have to be stored in the format in which they were also received. Here, PDF or image formats are options for invoices or statements of account. In order to satisfy the retention requirements, under certain circumstances, it is permissible to convert paper documents into an electronic format by scanning them. The requirements that have to be taken into account are specified in the GoBD. Here, the inalterability of the archived records and data should be noted. Moreover, in the case of electronic data, the same retention periods apply as exist for records in paper form. In addition, data processing systems no longer in use that, in the past, were deployed for accounting processes, have to be kept in the company for audit purposes for a period of up to 10 years.

Possibility of simulating a tax audit

IDEA, an analysis and evaluation program used throughout Germany, assists the tax auditors in checking company data. In doing so, the software provides auditors with different data analysis functions. In order to prepare yourself for a tax audit and not cede the data analysis field entirely to the tax auditors, you should carry out a simulation of a tax audit beforehand using the internal company data. The advantage of this is that you will be able to rectify process and data errors before they lead to problems in the “real” tax audit.

It is possible to carry out a simulated tax audit using, e.g. Microsoft’s ‘EXCEL’ program. To this end, in an example on page 6, we have outlined a qualitative test for the completeness of digital basic records pursuant to Section 146(1) clause 1 AO. As regards the principle of completeness, – which is a key criterion for assessing whether or not the financial accounting conforms with the applicable rules and regulations – a check is made, in particular, to determine if there are digital records for all the business transactions. It should be noted here that every database system works with unique criteria.

Example: Sales transactions are given, e.g. a unique and sequential number. For the purpose of verifying compliance with the principle of completeness, a pivot table is created here from the data platform. In the process, a check is carried out to determine if the consecutive numbering of the sales transactions exhibits any interruptions (e.g. sales transaction 238 follows on from sales transaction 236). By means of a simple what-if function, every interruption between the individual numbers is shown with the value =1 in the adjacent cell. If there is no break in the number sequence then the value = 0 is recorded in the adjacent cell. Once the verification process is completed, the column with the values 0 and 1 is filtered and the value = 0 is hidden. As a result of this filtering only those cells with the value =1 are displayed in the table. This value indicates that two consecutive numbers are not sequential and that a business transaction that occurred in between has not been included in the data. On the basis of this report it would be possible to take further measures to clarify this situation.

Please note: This example shows that it is possible to verify your data with a reasonable amount of effort prior to the actual tax audit in order to identify problems and eliminate them in advance.

Costs and sanctions

The costs incurred for the digital data access will generally have to be borne by the companies. Here, the data will have to be kept in standard file formats, or alternatively it will have to be possible to convert them into these formats. Taxpayers would be responsible for purchasing any software or hardware necessary to perform such conversions.

If a business fails to comply with the requirements under the GoBD, especially those related to the digital tax audit then, depending on the offence, various sanctions would be possible. These include:

  • fines,
  • coercive means,
  • estimates.

Recommendation: In view of the ongoing digitalisation, every business should prepare itself for the digital tax audit. Here, digital preparation creates not only security but is also increasingly an important factor in national and international competition. It is advisable to hand over data on a CD, DVD or a USB stick to the tax auditor. In that way, you will prevent the tax auditor from blocking operating resources, in the context of directly accessing data, over a longer period of time.


RAin/StBin [German lawyer/tax consultant] Antje Ahlert

From: PKF newsletter 09/2019