GoBD Compliance

The digital tax audit complements the existing form of the tax audit. For many years now, all companies that use electronic data processing have been obliged to maintain corresponding data in digital form. The tax authorities have specified the requirements of the German Fiscal Code (AO) in more detail in the "Principles for the proper management and storage of books, records and documents in electronic form and for data access" (GoBD, see BMF letter dated November 28, 2019). These relate not only to the audit-proof storage of documents, but also to the entire processing chain from the creation and recording of the business transaction, through its processing in the business processes (and IT applications), to the tax balance sheet, and therefore not only affect financial accounting, but also upstream systems. A documentation of these processes must be created, which should also include aspects such as authorization concepts, internal control system and general processes for IT operations.

The IT & Controls Assurance department supports you in evaluating the conformity of your processes, systems and procedural documentation.

The objective of the digital tax audit is the structured analysis of tax-relevant company data instead of the previously common single document audits, especially to find tax loopholes more easily. Employees of the tax authorities must be granted access to tax-relevant electronic company data during an external audit. In order to guarantee this access, rules have been defined in the GoBD.

Data access can be granted in three different ways:

  • direct access: Z1

The employee of the tax authority checks himself in the company, whereby all necessary data must be made accessible to him. For this purpose, a read-only access must be set up. The auditor cannot be held liable for any damage caused by misuse, so we strongly recommend read-only access.

  • indirect access: Z2

The auditor comes to the company to have the relevant data shown to him. The enterprise concerned must evaluate the tax-relevant data itself by machine according to the specifications of the tester, in order to then allow the tester read access to the prepared data.

  • data medium provision: Z3

The inspector requests the relevant data to be checked by the authority. The company concerned must submit all data in digital form and in a format that can be evaluated by machine.


The digital tax audit has legal and organizational effects on companies: In addition to the audit-proof documentation and archiving of all relevant data, possibly also the acquisition of suitable hardware and software that enables "machine readability" and "random access".

In this context, "audit-proof" means that once data has been created, it can no longer be changed (unnoticed) afterwards. "Machine readability" means that the data is available in a format that enables structured evaluation. Important links must be documented. Archiving in the form of e.g. PDF documents or in document archives is therefore by no means sufficient.

The "IDEA" software used by the auditors supports numerous financial accounting, database and text formats. "Optional access" means independence from the programs that generated the data, i.e. in the concrete case again mainly the choice of a format that can be read by IDEA.

Target group:

  • all companies that use business software
  • all companies that originally exchange electronic tax-relevant data, i.e. data that is received electronically, e.g. by e-mail or as an electronic invoice, also process it electronically
  • all companies in which electronic data is generated by the computer system itself, i.e. accounting records of the financial accounting etc.

The term of the tax-relevant data is unfortunately not clearly defined. Generally, it applies however that the extent of the exterior examination did not change, i.e. the same data as before as tax-relevant are considered, thus e.g.:

  • Financial accounting
  • Asset Accounting
  • Wage & Salary
  • Order processing / Ordering
  • Warehouse / Inventory

In addition to the books, inventories, annual financial statements and accounting vouchers listed in § 147 para. 1 AO as examples, this includes in particular all data from financial, payroll and asset accounting.

Tax-relevant data in the sense of § 147 para. 1 No. 5 AO can also be generated, however, e.g. in the merchandise and materials management system, in customer relationship management, in invoicing, in electronic banking, in the cash book, in time recording and travel expense accounting. If, for example, a company runs its own system for travel expense accounting and only the totals postings are transferred to payroll accounting, then the travel expense accounting system would also be relevant for payroll tax.

Similarly, all calculation bases created electronically (e.g. as an Excel file) must be opened for data access if only the calculation results have been entered into the accounting. For example, price calculations may be tax-relevant if they were used to determine the manufacturing costs or as a benchmark for intra-group transfer prices. For this reason, no module or subsystem of the company's own IT system may be excluded from the identification of tax-relevant data.

It is problematic that tax-relevant data can be available in different formats, e.g. invoices by e-mail, EDIFACT data, etc. All this data must be archived and made available to an auditor.

Rules for storage:

  • Data must be retained for six or ten years, depending on the type of company, regardless of any system changes in hardware and software
  • The data must be available at all times, including from external service providers such as tax consultants, DATEV, etc.
  • The data must be made readable immediately
  • The data are by machine evaluable (via IDEA)

To Do list:

  • Check your business software to see if it can generate audit-proof data.
  • Check all areas of your company (e.g. EDI, e-mail, web, online banking) to see whether tax-relevant data is generated there.
  • Perform regular backups of all tax-relevant data.
  • Define company work instructions for deleting or changing data in compliance with regulations.
  • Avoid private data on the company computer.
  • Play through a tax audit once and prepare for the new focal points of the audit: Complete audit, instead of random checks.
  • Talk to us!

Contact us!