Companies in Germany must comply with the principles of proper accounting (GoB), regardless of whether they keep and shop books and business records in physical or digital form. The legal requirements for digital data are regulated in the GoBD.
1. What are the GoBD?
1.1 Retention of documents relating to business transactions
Companies must process and store all business transactions in accordance with the GoBD. Business transactions are all legal and economic transactions that affect the composition of assets or the profit and loss in a company. In addition, non-tax and tax books must be kept as well as all documents that external auditors need to understand and check the business documents for tax purposes. On the other hand, pure drafts of commercial or business letters that were never sent, for example, do not have to be kept. In order to document that the regulations have been implemented and that compliance has been monitored, companies must retain relevant documents, regardless of whether they are in paper or digital form.
1.2 The use of data carriers
Companies may keep their books and other required records completely digitally. However, the form and procedure of the bookkeeping must comply with the GoB. Exactly which accounting procedures are permissible is determined by the tax purpose that the records are to fulfill (§ 145 paragraph 2 AO; § 146 paragraph 5 sentence 1 2nd HS AO). All company divisions in which accounting-relevant business processes are digitally mapped and which work with corresponding documents must also be organized in accordance with the GoBD. In view of the rapid digital progress, the legislator does not make any technical specifications for the concrete implementation of the GoBD.
1.3 GoB vs GoBD
The goal of the GoBD is to treat digital and paper-based accounting equally. Therefore, the regulations laid down in the principles of proper accounting also apply to digital business transactions. The GoBD builds on the GoB and specifies the regulations for digital use cases. Compliance with the GoB without digital support is increasingly unattractive for companies due to the performance of IT systems. The digital mapping of business processes offers significant cost advantages. Employees no longer have to manually check many paper documents, for example, because processing steps are automated. This simplifies and accelerates the processes.
Even posting digitally takes only a fraction of the time. In addition, controlling has an easier time because every processing step is fully documented in the application. The GoBD creates legal certainty for companies. They provide clear guidance on how companies must organize their accounting digitally in order to avoid unpleasant consequences. This should motivate many companies to switch completely to digital bookkeeping in the near future in order to secure the resulting advantages.
1.4 Data processing systems
The GoBD applies to all data processing systems (DP systems). The legislator understands this to mean all hardware and software used in the company or for company purposes with which data is recorded, generated, received, transferred, processed, stored or transmitted. Data processing systems can be categorized into main systems and upstream and downstream systems. A data processing system is, for example, a financial accounting system, fixed asset accounting system, payroll accounting system, cash register system, merchandise management system, payment transaction system, taximeter, gambling machines, electronic scales, materials management, invoicing, time recording, archiving system and document management system. Interfaces between the systems are also assessed as data processing systems. The size of the systems is irrelevant for the legal assessment. It is also irrelevant whether the hardware or software is owned or leased by the company, whether applications are hosted in the cloud or in the company's own computer center.
2. The general requirements of the GoBD
The regularity of the digital books and records and the procedures of the data processing system related to the digital documents must be ensured. Data processing systems are usually adapted to the individual company. However, this must not result in the loss of the regularity of the processing procedure and the retention period required under tax law. Companies cannot justify exceptions to the requirements on the grounds of economic efficiency. Compliance with them is mandatory.
Digital books and records are considered to be in order if they fulfill two principles:
- Principle of traceability and verifiability
- Principles of truth, clarity and continuous recording
These principles must be demonstrably observed throughout the entire retention period. This also applies if the entrepreneur keeps digital books and records voluntarily and is not obliged to do so.
2.1 Principle of traceability and verifiability
The bookkeeping must be structured in such a way that an expert third party such as the auditor can understand it in a reasonable period of time and obtain an overview of the economic situation of the enterprise. A document must be provided for each accounting transaction and other records relevant under tax law, so that traceability is ensured. It must be possible to trace the individual business transactions in their origin and processing without any gaps (progressive and retrograde auditability):
- The progressive audit starts with the voucher, goes through the basic (book) records and journals to the accounts, then to the balance sheet with profit and loss account and finally to the tax return.
- The retrograde audit is the other way round.
Progressive and retrograde auditing must be possible for the entire duration of the retention period and in each procedural step. Companies are also obliged to maintain procedural documentation. This must provide evidence of both the current and the historical procedures for the duration of the retention period. The documentation must also correspond to the versions of the IT system used in practice. What applies to the procedures themselves also applies to their documentation: traceability and verifiability must be ensured for the entire duration of the retention period.
2.2 Principles of truth, clarity and continuous recording
Businesses must record business transactions once, completely and without gaps (principle of the individual recording obligation). In the case of digital data recording, a complete and uninterrupted recording and reproduction of all business transactions is achieved through an interplay of technical and organizational controls. These include, for example, recording controls, plausibility controls, automated allocation of data record numbers, gap analysis or multiple allocation analysis for document numbers. Companies are not allowed to conceal business transactions. Therefore, for example, issuing invoices without registering the cash amounts received in the data processing system is not permitted.
The business transactions must always correspond to the actual circumstances and be documented and correctly accounted for accordingly (BFH ruling of 24 June 1997, BStBl II 1998 p. 51).
2.2.3 Timely entries and records
Business transactions must be recorded in a land record or land register immediately after they occur, but in any case promptly. Cash transactions must be recorded daily, non-cash transactions within ten days. It is the duty of companies to ensure through organizational measures that the documents are not lost until they are recorded. As a rule, transactions must be recorded on an ongoing basis. Each business transaction must be assigned to the accounting period in which it occurred. Depending on which legal norms apply to the respective invoice, the accounting period can be annual or shorter.
The principle of clarity requires that digital processing contains systematic recording and clear, unambiguous and traceable entries. In double-entry bookkeeping, companies must digitally process business transactions in such a way that it is possible to obtain an overview of the asset and income situation in a reasonable amount of time. The bookings must be made individually and factually ordered according to accounts (account function). It must be possible to read out the data immediately.
Digital bookings and records must not be altered or deleted. The processing must also not lead to it becoming unclear when the original transactions took place. These requirements also apply to digital documents and records that are subject to retention pursuant to § 147 AO. Companies must ensure that their data processing logs all operations related to the data.
3. The handling of receipts
3.1 Document function
Vouchers serve as secure proof that recorded or posted contents in books or other records correspond to actual transactions and are justified. Digital accounting vouchers, like paper vouchers, may contain one or more business transactions. Procedural documentation must be maintained from which auditors can see how digital vouchers are recorded, received, processed, issued and stored.
3.2 What information must a receipt contain
Receipts for business transactions must have the following mandatory content:
- Unique voucher number
- Voucher issuer and voucher recipient
- Quantity or value information
- Currency and exchange rate for foreign currencies
- Sufficient explanation of the transaction
- Document date
- Responsible document issuer
For VAT purposes, further information may be required, for example invoice details according to §§ 14, 14a UStG and § 33 UStDV.
4. Internal control system (ICS)
In order to comply with the regulations according to § 146 AO, companies are obliged to set up, exercise and record controls. This includes, for example:
- Access and access authorisation controls
- Separation of functions
- Data entry controls (error notes, plausibility checks)
- Reconciliation controls during data entry
- Processing controls
- Protective measures against the intentional and unintentional Falsification of programmes, data and documents
How exactly the control system must be designed depends on the complexity and nature of the entrepreneurial activity, the company organization and the IT used. Companies are obliged to review their ICS on an ad hoc basis, e.g. when changing systems. The mode of operation is to be stored in the procedural documentation.
5. Storage of the data
For digital, tax-relevant books, the retention and submission obligations of the GoB apply. It should be noted that other legal norms may influence the retention obligations (e.g. § 14b UStG). For travel expenses, for example, a retention period of ten years applies.
5.1 Electronic storage
Companies are obliged to record the receipt, archiving and, if necessary, conversion as well as the processing of digital documents. In addition, they must ensure that an expert third party can check the processes within a reasonable period of time. Companies have leeway in the format of digital storage: With a few exceptions, they can be stored on an image carrier or other data carriers if this complies with the GOB and it is ensured that the data:
- correspond visually in content with the received commercial or business letters and the accounting documents, and
- are available at all times during the retention period, can be made readable without delay and can be evaluated by machine.
Data, data records, electronic documents and electronic records that are subject to recording and retention obligations and that have been created or received in companies must be retained in this digital form. It is not permissible to archive them only in printed form. However, it is permissible for companies to retain electronically created commercial or business letters sent in paper form in physical form only. For the duration of the retention period, the digital data must be preserved in an unchangeable form, i.e. archiving Word documents is not sufficient, whereas a PDF format meets the requirements. Received documents must also be stored in the format in which they were created. Conversion into another format, e.g. MSG into PDF, is only permissible if this does not restrict machine evaluability and no changes can be made to the content.
Whether archiving takes place in the productive system or in another DP system of the enterprise is not regulated. If commercial or business letters and accounting vouchers are received in paper form and then converted into a digital image format, by scanning or photography, the digital document must be stored in such a way that the reproduction corresponds pictorially with the original. The image capture can be done with a wide variety of devices, e.g. smartphones, multifunction devices or scan lines.
If companies use OCR procedures and enrich the documents with full text information, this full text must also be stored for the entire duration of the retention period after verification and correction. It must be made available to auditors upon request. If image information is enriched, e.g. by OCR (example: generation of a full-text searchable PDF file in the capture process), the information obtained in this way must also be stored after verification and correction.
5.2 Image capture and subsequent destruction of paper documents
Paper documents can be converted into digital documents by scanning. However, the process must be documented. The documentation should answer the following questions:
- Who is allowed to record?
- At what point is recording or should recording take place? (e.g. at the time of receipt of the mail, during or after the processing)?
- Which documents are captured?
- Is a visual or textual match with the original required?
- How is the quality control of legibility and completeness to be completeness?
- How are errors to be recorded?
Scanning with a smartphone or tablet abroad is also permitted if the documents were created or received abroad and are recorded directly there. A complete color reproduction is only required if the color has an evidentiary function, e.g. if minus amounts are marked in red writing or visual, processing and drawing notes are shown in different colors. Once digitized, paper documents may be destroyed. Unless they have to be kept in the original for other non-tax or tax regulations. In any case, further processing of the digitized data must only be done digitally.
6. Procedural documentation
In procedural documentation, both the organizational and the technical process are described that digital documents go through from their creation to indexing, processing and storage, unambiguous retrieval and machine evaluability, protection against loss and falsification and reproduction. The procedural documentation usually consists of a general description, user documentation, technical system documentation and operational documentation. Companies must prepare such clearly structured procedural documentation for every DP system. The content, structure, process and results of the IT procedure must be completely and conclusively evident from it so that they can also be verified by external third parties such as auditors within a reasonable period of time.
The procedural documentation must be kept for at least as long as the retention period of the documents to which it relates. For the period of the retention period, it must be guaranteed and proven that the procedure described in the documentation fully corresponds to the procedure used in practice. Changes must always be historically traceable. Companies ensure this by means of versioning including a traceable change history. If a company's procedure documentation is faulty or insufficient, this is a formal deficiency. However, as long as it does not impair the traceability and verifiability of the data, it does not lead to the rejection of the accounting.
7. data access
The tax authorities have the right to access the documents subject to retention created with the aid of a data processing system in order to audit them. The object of the audit shall be all documents subject to recording and retention requirements under non-tax and tax regulations, in particular the data of financial accounting, fixed asset accounting, payroll accounting and all preliminary and ancillary systems containing documents subject to recording and retention requirements. In addition, upon request, those parts of the procedural documentation must be made available that enable the auditor to gain a complete system overview and are necessary for understanding the system.
If operational processes are mapped with the aid of a data processing system, the company must identify the data processing systems concerned, sift through the data contained therein, qualify data relevant to the auditor and make them available for data access. If the tax authority discovers that errors have been made in the qualification, it may, at its discretion, demand that the company subsequently provide access to the data.
According to the law, the tax office has three equal options for accessing data. It decides at its own discretion which option it will use. If necessary, it can make use of several possibilities cumulatively.
7.1 Direct data access (Z1)
The tax office itself can directly access the digital data (incl. meta, master and transaction data as well as links, e.g. between the tables of a relational database) by using the hardware and software used by the company or by a commissioned third party. Only read access is permitted here. It includes reading and analyzing the data using the evaluation options available in the DP system, such as filtering or sorting.
7.2 Indirect data access (Z2)
The tax office can demand that the company, in its place, mechanically evaluates the data subject to recording and retention according to specifications or commissions a third party to do so in order to subsequently be able to carry out a read-only access. Only an automatic evaluation using the evaluation options available in the company's IT system or those of the commissioned third party can be demanded.
7.3 Provision of data carriers (Z3)
The tax office may also demand that the data (including meta, master and transaction data as well as links) and digital documents be provided to it on a machine-readable and evaluable data carrier. The authority is not entitled to download data from the IT system itself or to make copies of existing data backups.
The GoBD applies to all companies that use tax-relevant documents and data in digital form. They build on the principles of proper accounting and provide clear guidelines for handling digital data and receipts, processing them and storing them. Travel expenses also fall under the business transactions that must be processed and archived according to the GoBD. One of the most important principles of the GoBD is the traceability and verifiability of business transactions. In addition, there are many other specific legal requirements. In order for a company to be able to organize itself in a digitally legally secure manner, it should be checked in advance when choosing software that the GoBD can be complied with technically at all. In the best case, this is ensured by the standard of the application, or at least it should make it easy for the user to comply with the corresponding regulations during use.
It is advantageous to work with a few different digital applications and to rely on a few specialized programmes. Generic programmes such as Microsoft Excel and a large number of interfaces increase the risk of making tax-related mistakes. Especially with travel expense applications, companies should make sure that a mobile app is part of the digital solution that allows employees to independently enter travel expense receipts according to the GoBD already during the trip in order to relieve clerks in the accounting department. And last but not least, companies should train their employees before introducing new software. The costs incurred are worthwhile. They minimize user errors which, if they lead to tax law violations in accounting, later cost much more than the working time spent in training.
We make employees benefit
From travel expenses to per diems and employee benefits – try out the all-in-one-app for employee finance.