Skip to content
       

Blog

The Audit Trail Is a Balance Sheet Item Now

The Audit Trail Is a Balance Sheet Item Now

Ask most property CFOs where the audit trail sits in their thinking, and it lands somewhere near the bottom of the list, filed under compliance, delegated to systems, remembered once a year when the auditors arrive. It is treated as hygiene: necessary, unglamorous, and fundamentally a cost. Something you maintain because you have to, not something that earns anything.

That framing is wrong, and it is expensive. The audit trail is not a compliance artifact. It is a financial instrument. The quality of your evidence, whether you can show what happened, when, who did it, and why, feeds directly into what your auditors charge you, what your capital costs, and what your business is worth. These are not soft consequences. They are measurable, they appear in the accounting research, and they land squarely on the CFO's numbers.

This piece makes that case in the CFO's own currency. Not why a good audit trail is responsible, but why it pays, and why a weak one is a liability the business is already carrying whether or not anyone has written it down.

The Chain That Turns Evidence Into Money

The reason an audit trail reaches the balance sheet is a chain of consequences, and each link in it is documented in the accounting literature.

The link What happens The financial consequence
Weak or reconstructed evidence An auditor cannot verify a control operated as intended The control is treated as deficient
Control deficiency Auditors expand their procedures to compensate Audit fees rise materially
Degraded accounting quality Information risk rises for investors and lenders They demand a higher return
Higher required return Same cash flows, higher cost of capital Lower valuation

It starts with control quality. Your audit trail is the evidence that your controls actually work. When the trail is weak, incomplete, reconstructed after the fact, or scattered across systems that disagree, what an auditor sees is not a documentation problem. They see a control deficiency, because a control you cannot evidence is a control you cannot prove exists.

From there the costs cascade. Auditors respond to control weakness by doing more work, and they charge for it. Audit-fee research finds that companies with an internal control deficiency pay roughly a third more in audit fees on average, and Hogan and Wilkins (2008) show that fees climb further as the severity of the underlying control problem increases, because auditors increase their effort in proportion to the risk. That is a hard, recurring cash cost, arriving every year, caused directly by the state of your evidence.

Then it reaches capital, which is where it stops being an expense and starts being a valuation issue. In the landmark study on this question, Ashbaugh-Skaife, Collins, Kinney, and LaFond (2009), published in the Journal of Accounting Research, found clear evidence that firms with internal control deficiencies carry a significantly higher cost of equity. The mechanism, articulated by Ogneva, Subramanyam, and Raghunandan (2007), is worth understanding because it is not punitive, it is rational: weak internal control degrades accounting quality, degraded accounting quality raises information risk for the people providing capital, and investors price information risk into the return they demand. Higher required return means higher cost of capital, and higher cost of capital means a lower valuation on the same cash flows. The relationship runs the other way too, with research finding that higher audit quality is associated with a lower cost of equity.

Follow that chain to its end and the conclusion is unavoidable. Your audit trail affects what you pay to be audited, what you pay for capital, and therefore what your business is worth. That is not an IT concern. That is a balance sheet item that happens to be maintained by systems.

A Framework: The Three Prices of a Weak Audit Trail

A CFO who wants to size this can think of a weak trail as carrying three prices, paid at different times, in different currencies. Most finance leaders can see the first, occasionally feel the second, and rarely connect the third, which is the largest.

Price 1: The Audit Fee Premium

This is the visible, annual price. When your evidence is hard to produce, auditors expand their procedures, and the fee reflects it. The premium associated with control deficiencies is not a penalty for bad behavior; it is the auditor pricing the additional work your poor evidence forces on them. A weak trail also lengthens the audit, and research has linked material internal control weakness to significantly longer audit report lag.

The important thing for a CFO is that this price is recurring and compounding. It is not paid once when a problem is found; it is paid every year the underlying weakness persists, and it grows if the weakness worsens. Most companies absorb it as "audit fees went up again" without ever tracing it back to its cause.

Price 2: The Remediation and Disclosure Price

This is the price paid when a weakness is formally identified. Under Sarbanes-Oxley, a material weakness must be disclosed in public filings, must be remediated, and must have its remediation validated. That means real cost in consulting, staff time, and management attention, and it means the weakness is now public information rather than an internal issue.

The reputational component here is not a soft cost. Investors lose confidence when controls are shown to be weak, because it tells them the numbers they have been relying on were produced by a process that could not guarantee them. The disclosure turns an internal problem into a market-facing one, at which point it starts affecting how the business is valued rather than just how much its audit costs.

Price 3: The Cost-of-Capital Price

This is the biggest and the least visible. If weak controls raise information risk, and information risk raises the return investors and lenders demand, then a weak audit trail is quietly raising the price of every dollar of capital the business uses. That price is paid on the entire capital base, continuously, and it never appears as a line item anywhere. It shows up instead as a slightly worse rate, a slightly lower valuation multiple, a slightly harder negotiation, none of which the CFO can trace back to the evidence problem that caused them.

This is the price that turns the audit trail into a balance sheet item. A business with strong, complete, immediately producible evidence is, all else equal, a lower-information-risk business, and lower-information-risk businesses are cheaper to fund and worth more. The trail is not protecting you from a fine. It is protecting your multiple.

Why Property Companies Are Structurally Exposed

Property businesses carry more of this risk than most, for reasons that have nothing to do with effort or intent.

The evidence is spread across more systems. When a single transaction, a tenant payment, a maintenance cost, a lease modification, is recorded in one system and reflected in another, the audit trail for that transaction is not one trail. It is two partial trails that have to be joined, and the join is often manual. An auditor asking "show me how this number came to be" is asking a question that requires reconstruction rather than retrieval, and reconstruction is exactly what looks like weak control.

The entity structure multiplies it. Every SPV, joint venture, and legal entity is another set of books, another set of intercompany transactions, and another surface where the evidence must hold together. And the volume is high, thousands of small recurring transactions, each of which is a potential gap.

So the property CFO is more likely than most to have an audit trail that is technically present but practically weak: the data exists somewhere, but proving what happened requires assembling it. That distinction, between having the data and being able to evidence the truth, is precisely the one auditors and investors price.

What Turns the Trail From Liability Into Asset

The characteristics that make an audit trail financially valuable are not exotic. It should be complete, covering every consequential transaction rather than most of them. It should be immediate, produced from the system rather than reconstructed by a person. It should be immutable, so a record of what happened cannot be quietly changed after the fact. And it should be traceable end to end, so any reported number can be followed back to the events that produced it without crossing a gap where the evidence has to be re-created.

The unifying property is that a strong trail is a byproduct of how the business records itself, not a document assembled when someone asks. When the operational event and the financial record are the same record, the trail exists automatically, because there was only ever one version of what happened. When they are separate, the trail has to be manufactured, and a manufactured trail is exactly what a skeptical auditor discounts.

This is why the audit trail belongs in the CFO's economic thinking rather than the IT budget. You are not choosing between spending on systems or not. You are choosing between paying for evidence once, in the architecture, or paying for it repeatedly, in audit fees, remediation, and the cost of capital, forever.

Looking Ahead

The direction of travel makes this more consequential, not less. Regulators and auditors are asking for more granular evidence of data lineage, investors are scrutinizing operational controls harder before they commit capital, and the emerging use of AI in financial processes raises the bar again, because a decision made by a system needs an even clearer trail than a decision made by a person.

In that environment, the companies whose evidence is a natural byproduct of how they operate will find the whole cycle cheaper, faster, and less fraught, while the companies reconstructing their trail every year will pay for it in fees, in scrutiny, and in the price of their own capital. The audit trail stopped being a compliance formality some time ago. It is now one of the quieter determinants of what a business costs to run and what it is worth, which makes it exactly the kind of thing that belongs on a CFO's balance sheet, whether or not accounting standards have caught up to putting it there.

Frequently Asked Questions

Q1. Why call the audit trail a balance sheet item?
Because its quality has measurable financial consequences. Weak evidence reads as a control deficiency, control deficiencies raise audit fees and information risk, and higher information risk raises the cost of capital, which lowers valuation on the same cash flows. The trail affects what you pay and what you are worth, which makes it economic rather than administrative.

Q2. How much do weak controls actually cost in audit fees?
Audit-fee research finds companies with an internal control deficiency pay roughly a third more on average, and Hogan and Wilkins (2008) show fees rise further with the severity of the control problem, as auditors increase effort in proportion to risk. It is a recurring annual cost, paid every year the weakness persists, and most companies never trace it back to its cause.

Q3. How does an audit trail affect the cost of capital?
Weak internal controls degrade accounting quality, which raises information risk for investors and lenders, who price that risk into the return they require. Ashbaugh-Skaife, Collins, Kinney, and LaFond (2009), in the Journal of Accounting Research, found firms with internal control deficiencies carry a significantly higher cost of equity, while higher audit quality is associated with a lower cost of equity.

Q4. What are the three prices of a weak audit trail?
The audit fee premium, paid annually as auditors expand procedures; the remediation and disclosure price, paid when a weakness is formally identified and must be fixed and reported publicly; and the cost-of-capital price, paid continuously on the entire capital base and almost never traced back to its source. The third is the largest and least visible.

Q5. Why are property companies more exposed than most?
Because the evidence for a single transaction is often split across separate leasing, maintenance, and accounting systems, so proving what happened requires reconstruction rather than retrieval. Multiple legal entities multiply the surfaces where evidence must hold together, and high transaction volume multiplies the potential gaps.

Q6. What makes an audit trail financially strong?
Completeness (it covers every consequential transaction), immediacy (it is produced by the system, not assembled by a person), immutability (records cannot be quietly changed after the fact), and end-to-end traceability (any reported number can be followed back to the events that produced it without a gap).

Q7. Isn't having the data the same as having an audit trail?
No, and the difference is what gets priced. Having the data means the information exists somewhere. Having an audit trail means you can evidence what happened, immediately and completely, without reconstructing it. Auditors and investors discount evidence that has to be assembled, because assembly is exactly where errors and manipulation could hide.

Q8. Does AI change any of this?
It raises the bar. When a system rather than a person makes or informs a financial decision, the evidence of how that decision was reached becomes more important, not less. A business that already produces a clean, complete trail as a byproduct of operating is far better placed for that scrutiny than one that reconstructs its evidence annually.