From www.leyantifraude.com we want to communicate to all our current clients and interested parties some key issues that are extracted from the statement of the tax agency that, far from eliminating the responsibility of development companies, focuses its focus solely on them, for sanctions corresponding, at least temporarily.
Reading the information in the last statement from the Tax Agency, a development company may be tempted to think that its responsibility, until the definitive certification is issued, is minor, since the headings e and f will not be sanctioned for development companies.
Let’s understand several issues:
The epigraphs, which among them establish the audit dimensions such as traceability, legibility, integrity, etc. have not been eliminated from the law, they continue to be in the law. It is only spoken that now it will not be sanctioned. The reader asks himself a question, can we comply with the epigraphs from (a) to (d) where it is indicated among others?
to. allow parallel accounting:
b. allow not to reflect, totally or partially, the annotation of transactions carried out;
c. allow recording transactions other than the entries made;
d. allow altering transactions already registered in breach of applicable regulations;
Can a software development company ensure that it complies with points (a) through (d) without having security controls in the dimensions of integrity, traceability, conservation, etc.?
In other words, it seems a bit absurd to think that by removing the penalty from the control dimensions of the headings (e) and (f) indicates that we do not have to comply with them, when without complying with them we will not be able to comply with (a) to (d)
Continuing with this reflection, we can ask ourselves a question: how long does it take a development company with dozens or hundreds of implementations to modify its system in order to comply with these dimensions? Of the many companies that already work with us, we can conclude, empirically, that it takes 2-3 months of development with software changes, new versions, validations, deployments, etc.
Therefore, let’s ask ourselves another question as software developers: Does it make sense to wait for the final certification to implement measures accepted in the industry such as TicketBAI , NF525 or others? It is logical that not, especially when these measures will only increase compliance with the dimensions stipulated by this article.
In addition, we establish by contract with all our clients the following important matters:
- We now accompany in the fulfillment of these dimensions at a technical level applying what is already in operation in other geographical areas of Europe as well as we will accompany, at the moment that the certification comes out, in the fulfillment of the GAP that remains among our recommendations as CISA certified auditors. and the regulation, at a technical level, request finally, at zero cost.
- Let’s not underestimate the time to adapt our software. After the completion of our report, our clients begin a period of implementation of the measures and controls that we recommend, where if the measures to be implemented have not been clear, we will resolve the appropriate doubts. For example, if we agree that they must digitally sign the invoices, like TicketBAI, and they have any questions about how to sign, we will be happy to answer them.
- When you have implemented the improvements, you must document the actions carried out and we can verify that they are indeed aligned with our recommendations. This can be done as implementations progress.
Conclusions
As expert certified auditors , we help many companies to increase their compliance with the new anti-fraud law article 201bis, accompanying until the end of the certification, when it comes out, in the technical measures that may be different from those that we, with our expertise, already We have recommended them.
Contact us without commitment and we will propose an audit and consultancy proposal adapted to your needs.