What is GoBD?

And what does GoBD mean for companies?

GoBD are the Principles for properly maintaining, keeping and storing books, records and documents in electronic form and for data access, as provided by the German tax authorities. Put simply, the GoBD deals with how to store information electronically or how to handle tax-relevant documents. The documentation requirements, as well as the control and the use of appropriate IT are regulated in this context. The GoBD also regulates the access of auditors and the scope of the guidelines. Ultimately, compliance with accounting processes and logging are also dealt with.

Who is affected by GoBD?

 

Generally affected by the GoBD are taxpayers with income from profit as well as all entrepreneurs who make their profit determination based on a revenue-surplus bill. In the event of an infringement of these requirements, appropriate fines may be set, and the implementation of the respective measures could be ordered by the authorities.

 

Not only in case of uncertainty, but generally it’s recommended to archive the entire email communication. This applies especially to any tax-relevant information. Since 01.01.2017, the new requirements have replaced the former GDPdU (principles for data access and verifiability of digital documents) and the GoBS (principles of lawful computer-aided accounting systems).

GoBD

What relevance does GoBD have for individual companies?

The relevant innovation relates primarily to the recognition of digitally recorded documents. At first glance, they are basically on a par with paper-based documents. Specifically, according to the GoBD, this means that the erasure of originals after digitization is entirely permitted. In practice, however, a more differentiated approach is necessary. Because in reality, the submission of originals must be made on request of the auditor.

The provision of digital documents explicitly requires that the storage fully conforms to the principles of the GoBD. The simple storage of emails on the hard disk is not enough. The hurdles are set significantly higher.

In addition, as a company, you should consider that not all paper documents may be digitized and destroyed. From a legal point of view, the actual nature of a document also plays an important role. This applies, for example for notary contracts or authorizations.

1. Transparency

 

This refers to a complete list of all business transactions. An expert third party – usually a tax auditor – must be able to audit the transactions within a reasonable amount of time.

 

It refers to all business transactions as well as the economic situation of the company. In addition, each business transaction must have a corresponding document. This ultimately makes documentation of the procedure necessary. As a result, the tax authorities have the opportunity to comprehend the very complex processes in the document management system in detail.

 

This is due to the fact that electronic filing systems are constructed in different ways. This is the case with file extensions as well as the use of the respective filing system. For this reason, it is particularly important that in the case of an audit that transactions be presented transparently to the auditor.

2. Immutability

 

The criterion of immutability requires an identification of the changes made to tax-relevant data. The registration is thus absolutely necessary for the bookkeeping. This refers to whether the bookkeeping has taken place at regular intervals. If this is not the case, there is a formal deficiency in the bookkeeping system. Therefore, the commit time must be recorded in each case.

 

A booking record is considered unchangeable only through the final commit. Any control or authorization by other persons in the company remains unaffected, especially in the case of batch or preliminary entry.

 

The immutability is thus valid irrespective of whether it is an electronically supported record or a document in paper form. The records with document characteristics and the land registers (inward and outward registers) only have to be provided with a time. Furthermore, the auditor may request activity logs. This also applies to changes to the master data or in the software. For example, office formats often do not meet these requirements.

d

3. Neatness

 

According to this GoBD principle, it must be ensured that the systematic entry must be made in a clear format. It also has to be comprehensible with regard to the accounting entries. This meansthat within a certain period of time non-digitized accounting documents must be recorded by an orderly record.

 

This principle can be fulfilled by timely filing, which is continuously and clearly presented. However, it is important that the system properly documents the order and the access. An according systematic file folder fulfills the principle of neatness.

Z

4. Completeness

 

Overall, there are isolated deviations regarding the retention periods. For the keeping of balance sheets, contracts, invoices or inventory data, a storage period of a total of 10 years applies. The periods for the storage of commercial letters, costing or export documents are slightly lower at 6 years.

 

The retention period starts immediately after the end of the previous calendar year. In addition, different periods applystating that the storage of audit-relevant documents must also take place in the case of an ongoing audit.

5. Timely bookings

 

According to the GoBD, cash transactions, such as income and expenses of corresponding cash accounts have to be recorded daily. The same applies to corresponding land register records, which are regulated by software-based cash books. In this case, it is irrelevant what kind of POS system it is. EDP cash registers, loading and cash registers are thus equated.

 

In the case of non-cash business transactions, timely and consistent recording should also be carried out. The limits in the GoBD are defined in such a way that any non-operational deviation between the actual transaction and the entry itself is considered concerning. However, bookings which take place within up to 10 days, do not usually pose a problem.

 

Furthermore, the GoBD makes a distinction between goods and cost accounting. As a rule, accounting entries should not exceed a period of 8 days. Until then, the recorded business transactions are considered as unobjectionable.

 

Ultimately, deviations based on an orderly and manageable document storage can be detected. The entries in the accounts may under certain circumstances not only be made until the end of the following month, but also be extended to one period.

R

6. Accuracy

 

The recording of business transactions must be in accordance with the actual circumstances in a company. The GoBD further demands compliance with legal requirements. Furthermore, archived documents always have to match the original.

Email archiving according to GoBD

What are the possibilities for companies with GoBD?

With the introduction of some of the latest GoBD innovations, companies have to decide whether to focus on digital document filing or continue paper-based archiving.

The distinction between an original and a copy is not always immediately possible. For example, an invoice sent to you by post is an original. The same applies if an invoice arrives electronically in your mailbox. If you digitize the paper invoice by a scan, it can replace the physical paper original. Conversely, an invoice that was first in digital form and then printed on paper cannot be considered original. There is a very significant difference here.

1. The paperless office

 

Realizing a corporate environment that relinquishes all paper-based documents will be difficult, but not impossible in the future. The reason for this is the GoBD does not allow exclusive digital archiving for certain documents. For example, this applieds to tax or legal documents.

i

2. The double archiving

 

This might be the preferred solution for some companies, but it is time-consuming and inflexible. A double archiving effort is also extremely inefficient in terms of costs. Two side-by-side archiving systems, taken together, do not bring any significant advantages. In addition, not all information is available at any time and at any place, which is why this form of documentation is not recommended.

3. The solution: Legally compliant archiving through IT support from Hornetsecurity

 

A secure storage of sensitive content is of particular importance, especially when it pertains to emails. This is due to legal requirements as well as the significantly better discoverability of individual emails. Ultimately, this also allows selected third parties – in particular tax auditors – access to the relevant data over a certain period of time.

 

Another advantage that should not be underestimated is the simplicity of email management. Retention periods according to the GoBD can be set within a very short time by simply setting the archiving period. There is no additional administrative burdennor additional costs.

 

The email archiving by Aeternum of Hornetsecurity ensures legally compliant safekeeping. This applies in particular to the principle of immutability. Both inbound and outbound email traffic is duplicated on servers in an automated form by Hornetsecurity.

GoBD

The following content may be of interest to you:

Brute-Force attacks

A brute-force attack is a trial-and-error method used to obtain information such as passwords or other access codes. Here, the attacker tries a variety of …

Cyber Kill Chain

To identify and combat attacks along the Cyber Kill Chain in time, you need to understand the strategies of the criminals …

GoBD

GoBD are the Principles for properly maintaining, keeping and storing books, records and documents in electronic form and for data access, as provided …

Ransomware Kill Chain (1)

Why ransomware is not a typical cyberattack? Normally, the data theft remains undetected. This is especially true when the systems are insufficiently protected. But it is quite a different case with ransomware …

Cryptolocker Ransomware

The cryptolocker ransomware was a polymorphic virus, which was used to encrypted computer systems. The only option affected …

Ransomware Kill Chain (2)

How to use the Ransomware Kill Chain model to devise countermeasures? The Ransomware Kill Chain using Wanna Cry as an example …

Archive your emails fully automatic and audit-proof with Hornetsecurity:

  • Select the number of email mailboxes you have in your company.
  • This field is for validation purposes and should be left unchanged.