Ganz allgemein gesagt: „Revisionssichere Archivierung“ bedeutet, dass archivierte Daten vor einer nachträglichen Änderung geschützt sind. Es geht also um Manipulationsschutz. Den gesetzlichen Rahmen für ein revisionssicheres Archiv geben die GoBD bzw. die Kassensicherungsverordnung – kurz KassenSichV - before. In the guidelines, the authorities point out that the information must not only be protected from modification. It must also be archived in a traceable, retrievable and unchangeable manner.
How can auditability be ensured?
Audit-proof archiving refers to the verifiability of the procedure used. Verified is:
- the user organization
- the safe operation and process
- the proper use
- proof of procedural documentation
You can find detailed information about the requirements HERE.
So what does this mean for POS data? Der Gesetzgeber schreibt eine revisionssichere Archivierung von Cash register data, d.h. von Bons und Kassenberichten, vor. Diese Daten müssen Händler mit Kennung tagesgenau, summengerecht und auswertbar zur Verfügung stellen können! In technical terms, this means that electronic cash registers must be upgraded with a Technical Security Device (TSE) and a Archiving solution needed.
The TSE provides each business transaction with a signature and generates a so-called TAR file. Retailers can purchase a TSE as a hardware or cloud solution. In addition, the POS data migrates to the POS system of the respective provider and finally ends up in SAP modules such as SAP CAR, BW, FI CO, etc. Depending on the structure of the ERP system, the archive is available physically or via cloud.
GoBD /KassenSichV stipulate that Z1, Z2 and Z3 access to POS data must be guaranteed. Z1 and Z2 refer to access in that an auditor of the financial authorities is shown the data in the system or is allowed to retrieve it himself. Z3 refers to the transfer of data, e.g. on a USB stick. This means that not only audit-proof archiving, but also data retrieval must be ensured at the same time. Für dieses Datenformat gibt es ebenfalls Vorgaben: DSFinV-K. Der DSFinV-K Export ermöglicht den Prüfern eine einheitliche Auswertung mit Tools wie IDEA.
In addition to the technical requirements, there must be process documentation that makes it possible to trace exactly where and how the POS data moves in the system. The path from the receipt to the FI document and vice versa must be clearly visible through this document!
Übrigens: Unter die Regelungen der KassenSichV fallen auch public administrations and Disposer!
