What is GoBD?
And what does GoBD mean for companies?
GoBD are the Principles for properly maintaining, keeping and storing books, records and documents in electronic form and for data access, as provided by the German tax authorities. Put simply, the GoBD deals with how to store information electronically and how to handle tax-relevant documents. The documentation requirements, as well as the control and the use of appropriate IT are regulated in this context. The GoBD also regulates the access of auditors and the scope of the guidelines. Compliance with accounting processes and logging are also addressed.
Who is affected by GoBD?
Generally, GoBD affects taxpayers with income from profit as well as all entrepreneurs who make their profit determination based on a revenue-surplus bill. In the event of an infringement of these requirements, appropriate fines may be set, and implementation of the specified measures could be ordered by the authorities.
It’s generally recommended to archive all email communication, not only the portion that may be in question. This applies especially to any tax-relevant information. As of 01.01.2017, the new requirements have replaced the former GDPdU (principles for data access and verifiability of digital documents) and the GoBS (principles of lawful computer-aided accounting systems).
What relevance does GoBD have for individual companies?
The relevant change relates primarily to the recognition of digitally recorded documents. At first glance, they are basically on par with paper documents—so originals may be destroyed after digitization. However, a more refined approach is necessary because originals must still be submitted on request of the auditor.
The provision of digital documents explicitly requires that the storage fully conform to GoBD requirements. Simply storing emails on the hard disk is not enough. The hurdles are set significantly higher.
In addition, companies should consider that not all paper documents may be digitized and destroyed. From a legal point of view, the actual nature of a document also plays an important role. This applies, for example for notary contracts or authorizations.
This refers to a complete list of all business transactions. An expert third party – usually a tax auditor – must be able to audit the transactions within a reasonable amount of time.
It includes all business transactions as well as the economic situation of the company. In addition, each business transaction must have a corresponding document. This ultimately makes documentation of the procedure necessary. As a result, the tax authorities have the opportunity to understand the complex processes in the document management system in detail.
This is due to the fact that electronic filing systems are constructed in different ways. This is the case with file extensions as well as the use of the appropriate filing system. For this reason, it is particularly important that transactions can be presented transparently to the auditor in the event of an audit.
The criterion of immutability requires an identification of the changes made to tax-relevant data. The registration is thus absolutely necessary for the bookkeeping. This refers to whether the bookkeeping has taken place at regular intervals. If this is not the case, there is a formal deficiency in the bookkeeping system. Therefore, the commit time must be recorded in each case.
A booking record is considered unchangeable only through the final commit. Any control or authorization by other persons in the company remains unaffected, especially in the case of batch or preliminary entry.
The immutability is thus valid irrespective of whether it is an electronically supported record or a document in paper form. The records with document characteristics and the land registers (inward and outward registers) only have to be provided with a time. Furthermore, the auditor may request activity logs. This also applies to changes to the master data or in the software. For example, office formats often do not meet these requirements.
According to this GoBD principle, it must be ensured that the systematic entry must be made in a clear format. It also has to be comprehensible with regard to the accounting entries. This meansthat within a certain period of time non-digitized accounting documents must be recorded by an orderly record.
This principle can be fulfilled by timely filing, which is continuously and clearly presented. However, it is important that the system properly documents the order and the access. An according systematic file folder fulfills the principle of neatness.
Overall, there are a few deviations in retention periods. For balance sheets, contracts, invoices or inventory data, a storage period of 10 years applies. The storage requirements for commercial letters, costing or export documents are slightly lower at 6 years.
The retention period begins immediately after the end of the previous calendar year. In addition, different periods apply stating that the storage of audit-relevant documents must also take place in the case of an ongoing audit.
5. Timely bookings
According to the GoBD, cash transactions, such as income and expenses of corresponding cash accounts must be recorded daily. The same applies to corresponding land register records, which are regulated by software-based cash books. In this case, it is irrelevant what kind of POS system is used. EDP cash registers, loading and cash registers are thus equated.
In the case of non-cash business transactions, timely and consistent recording should also be carried out. The limits in the GoBD are defined in such a way that any non-operational deviation between the actual transaction and the entry itself is considered concerning. However, bookings which take place within up to 10 days, do not usually pose a problem.
Furthermore, the GoBD makes a distinction between goods and cost accounting. As a rule, accounting entries should not exceed a period of 8 days. Until then, the recorded business transactions are considered unobjectionable.
Ultimately, deviations based on an orderly and manageable document storage can be detected. The entries in the accounts may under certain circumstances not only be made until the end of the following month, but also be extended to one period.
The recording of business transactions must be in accordance with the actual circumstances in a company. The GoBD further demands compliance with legal requirements. Furthermore, archived documents always have to match the original.
Read more about IT security in our blog
Security Alert: Severe security vulnerability discovered in Microsoft Outlook — CVE-2023-23397
Microsoft Outlook users advised to urgently apply the security patches provided by Microsoft Pittsburgh, PA – 16 March 2023 – A severe security vulnerability has been discovered in Microsoft Outlook, which is currently being exploited by cybercriminals. The...
Forgetting Curve according to Dr Ebbinghaus: Why cyber awareness training is an ongoing process
People learn in different ways, at different speeds, and using different methods. The appropriate method depends on one's own learning preferences. Some people prefer to learn by listening, others by watching a video, and others by reading. These different methods...
Remote Management Survey
1 in 5 I.T. pros say remote workers are not secure, survey finds Key takeaways from the 2022 Remote Management Survey by Hornetsecurity 18% of I.T. professionals believe that remote employees are not working securely and that company data is at risk 8 out of 10...
What are the possibilities for companies with GoBD?
With the introduction of some of the latest GoBD innovations, companies have to decide whether to focus on digital document filing or continue paper-based archiving. The distinction between an original and a copy is not always immediately possible. For example, an invoice sent to you by post is an original. The same applies if an invoice arrives electronically in your mailbox. If you digitize the paper invoice by a scan, it can replace the physical paper original. Conversely, an invoice that was first in digital form and then printed on paper cannot be considered original. There is a very significant difference here.
1. The paperless office
Realizing a corporate environment that relinquishes all paper-based documents will be difficult, but not impossible in the future. The reason for this is the GoBD does not allow exclusive digital archiving for certain documents. For example, this applieds to tax or legal documents.
2. The double archiving
This might be the preferred solution for some companies, but it is time-consuming and inflexible. A double archiving effort is also extremely inefficient in terms of costs. Two side-by-side archiving systems, taken together, do not bring any significant advantages. In addition, not all information is available at any time and at any place, which is why this form of documentation is not recommended.
3. The solution: Legally compliant archiving through IT support from Hornetsecurity
A secure storage of sensitive content is of particular importance, especially when it pertains to emails. This is due to legal requirements as well as the significantly better discoverability of individual emails. Ultimately, this also allows selected third parties – in particular tax auditors – access to the relevant data over a certain period of time.
Another advantage that should not be underestimated is the simplicity of email management. Retention periods according to the GoBD can be set within a very short time by simply setting the archiving period. There is no additional administrative burdennor additional costs.
The email archiving by Aeternum of Hornetsecurity ensures legally compliant safekeeping. This applies in particular to the principle of immutability. Both inbound and outbound email traffic is duplicated on servers in an automated form by Hornetsecurity.
Visit Our Knowledge Base
Did you like our contribution from the knowledge database on the subject of GoBD ? Then you get to the overview page of our knowledge database here. There you will learn more about topics such as DDoS Attacks, crypto mining, cryptolocker virus, phishing, brute force attacks, it security, cyber kill chain, computer virus and ransomware.