There is a moment that comes at some point in almost every year-end audit. The auditor asks a question. Not a difficult question about complex accounting matters. A simple question: Can you show me how this number came about?
In a well-set-up finance organization, the answer to this question takes five minutes. In a poorly set-up one, it takes three days and produces a search movement across the team that blocks every other work process.
The ability to answer this question in five minutes is no sign of bureaucracy. It is a sign of governance. And the inability to do so is no operational problem; it is a structural one that burdens the entire audit and costs trust that is hard to rebuild.
This article is for CFOs who want to understand why documentation keeps becoming a problem in year-end audits, what stands behind it structurally, and what concretely must be done to set up a finance organization that responds to auditor inquiries with composure rather than scrambling reactively.
The Wrong Question
Most discussions about documentation in finance organizations begin with the wrong question. The wrong question is: How do we document better?
The right question is: Why don’t we document well enough, even though we have known for years that it is a problem?
This question is more uncomfortable because its answer doesn’t lie in a process manual. It lies in a leadership decision that has either been made or not.
Bad documentation in finance organizations is almost never the result of ignorance. No one preparing a year-end close seriously believes that documentation is unimportant. It is the result of an implicit prioritization decision: the day-to-day is more urgent than the documentation of the day-to-day. The close has to be ready on time, the documentation comes afterward. Afterward it doesn’t come.
This implicit prioritization is either reinforced or broken by leadership. A CFO who views documentation as an administrative act to be done at some point will have an organization in which documentation always comes up short. A CFO who understands documentation as a strategic steering instrument and leads accordingly will have an organization that can answer auditor inquiries in five minutes.
The difference does not lie in the processes. It lies in the leadership stance.
What Auditors Really See and What That Says About an Organization
Before a CFO thinks about documentation standards, they should understand how auditors perceive documentation and what their observations communicate about a finance organization.
Auditors evaluate not only the content of documentation. They evaluate how quickly and how confidently inquiries are responded to. Whether the team knows where which information can be found. Whether process descriptions exist or are created ad hoc when the auditor asks. And whether the documentation is consistent — whether different people describe the same processes in the same way.
What auditors conclude from these observations is an assessment of the control environment of the entire finance organization. An organization responding quickly, consistently, and completely to documentation inquiries signals: here the processes have substance, not just on paper. An organization responding slowly, inconsistently, and incompletely signals the opposite.
This assessment has direct consequences. Auditors assessing the control environment as weak increase their audit depth. They ask more questions, demand more evidence, and invest more time validating numbers they would accept as given in a well-controlled environment. That costs time, creates stress in the team, and increases audit costs.
The first insight for a CFO is therefore: documentation is not primarily a compliance task. It is an investment in a positive control environment that pays off in lower audit costs, shorter audit times, and fewer findings.
What HGB Actually Demands and What That Means in Practice
Section 238 of the German Commercial Code (HGB) formulates a requirement that sounds simple and has substantial consequences in practice: bookkeeping — and therefore the entire documentation — must be designed so that a knowledgeable third party can comprehend the business transactions in reasonable time.
Three terms in this sentence deserve special attention.
Knowledgeable third party means: not the person performing the process daily, not someone who knows the organization, not someone who can have the background explained to them. Someone who does not know the company but is professionally qualified must be able to understand from the documentation alone what happened.
That is a standard many documentations don’t meet.
Process descriptions interspersed with internal abbreviations.
Booking documents understandable only to someone who knows the context.
Valuation papers based on oral explanations not recorded anywhere.
All of that violates the knowledgeable-third-party standard.
Reasonable time means: not three days, not after multiple email inquiries, not after an internal search action. Reasonable is a relative term, interpreted by auditors under time pressure. In practice it means: immediately or within a few hours.
Comprehend means: not only that the information exists somewhere, but that it is structured, accessible, and understandable.
These three requirements together yield a standard that goes far beyond what many CFOs understand by documentation.
The Structural Causes of Bad Documentation
Bad documentation rarely has a single cause. It arises from an interplay of structural factors that would individually be manageable, but together create a system in which good documentation is the exception, not the rule.
The first structural cause is missing ownership. In most finance organizations, documentation is no one’s explicit responsibility. It falls into the area of responsibility of all and therefore of no one. Everyone knows it is important. No one feels accountable when it is missing.
The second structural cause is missing standards. When there is no uniform format for process descriptions, when each person designs their documentation at their own discretion, a patchwork of formats, depths, and qualities arises that is neither internally consistent nor matches the requirements of an auditor. Standardization is no bureaucracy. It is the precondition for consistency.
The third structural cause is missing integration into the work process. Documentation created after the close — as rework — is always worse than documentation created during the process. Motivation is lower, memory is fuzzier, and capacity is limited because the next project is already waiting. Documentation must be part of the process, not appendix to the process.
The fourth structural cause is missing updating. Documentation created once and never touched again is often irrelevant after a year. Processes change, systems are updated, responsibilities switch. An outdated process description is not only useless, it is dangerous because it conveys a false picture and can lead auditors to wrong conclusions.
The fifth and most important structural cause is missing leadership. All other causes can be addressed through leadership. A CFO decision that documentation has priority, that there are standards to be followed, that ownership is clearly regulated, and that updating is part of the regular process can compensate for all other weaknesses.
What Good Documentation Concretely Delivers
There is a view of documentation that arises in finance organizations under pressure and is wrong: documentation is overhead creating no direct added value.
The right view is the opposite.
Good documentation is first a protection against the single point of knowledge
An organization in which critical knowledge exists only in the heads of individual persons is fragile. When these persons fail or leave the company, the knowledge is gone. Documentation makes knowledge independent of persons. That is no theoretical advantage; it is operational protection.
Good documentation is second an accelerator for onboarding
New employees, new interim managers, new auditors: all need time to understand a process. Good documentation reduces this time substantially. What without documentation takes weeks takes days with good documentation.
Good documentation is third a quality control instrument
Whoever documents a process thinks it through. In doing so, gaps, inconsistencies, and risks become visible that remain invisible in the daily running of the process. Documentation is therefore not only the description of a process; it is the verification of its quality.
Good documentation is fourth a steering instrument for the CFO
Complete, current process documentation gives the CFO an overview of their finance organization that they otherwise wouldn’t have. Not based on reports someone has prepared, but based on the actual processes, controls, and responsibilities.
These four added values together yield an argument that goes beyond compliance:
Good documentation is a strategic asset of a finance organization.
The Seven Critical Documentation Areas
A CFO who wants to set up their finance organization audit-ready must keep seven documentation areas in view that together yield the complete picture of an audit-secure organization.
Process documentation
Process documentation is the basis. It describes how the central finance processes in the organization run: what is done, who does it, in what order, with which systems, and with which controls at which points.
Effective process documentation has a clear structure that applies uniformly to all processes. It describes not only the normal path but also exceptions and how they are handled. And it is written so that a knowledgeable third party can comprehend the process without additional explanations.
The five core processes that must be documented in every finance organization:
Procurement and accounts payable management,
Sales and accounts receivable management,
Fixed asset accounting,
Cash management, and
The entire close process including all sub-steps.
Valuation papers
Valuation papers are in many audits the most critical area. Auditors want to see not only the numbers but their derivation. Why was a provision booked at this amount? On what basis was the bad-debt provision for receivables calculated? How was the useful life of capitalized assets determined?
These questions must be answered through documentation, not through oral explanations. What is explained orally is not reproducible and not auditable. What is documented is both.
For every material valuation decision there should be documentation containing four elements: the valuation assumptions and their bases, the calculation logic with traceable intermediate steps, the approval by the responsible person, and a plausibility check showing that the result is consistent with comparable prior periods or market values.
Internal control system documentation
The internal control system, ICS for short, is the structured network of controls ensuring that the finance organization works correctly and errors are detected before they enter the close.
Auditors check not only whether controls exist but whether they are demonstrably performed. A control described in the documentation but lacking evidence of its performance is, from the auditor’s perspective, considered nonexistent.
The ICS documentation must record for every control who performs it, when it is performed, what is checked, what result is expected, and how proof of performance is secured. The four-eyes principle is a control. But only if it is documented and demonstrable.
System documentation
ERP systems, interfaces, automated booking logics: all these system components must be documented. Not as IT documentation that only IT specialists understand, but as finance-relevant documentation explaining how the system maps the accounting requirements.
The system documentation relevant for auditors comprises
the role and authorization concept,
interface overviews showing which systems communicate how with each other,
change logs showing which system changes were made when, and
the documentation of automated controls the system itself performs.
GoBD compliance evidence
The Principles for the Proper Keeping and Storage of Books, Records and Documents in Electronic Form and for Data Access — GoBD for short — define binding requirements for digital bookkeeping.
The GoBD demand
traceability,
completeness,
correctness,
timeliness,
immutability, and
availability.
For each of these principles, an organization must be able to demonstrate that its digital systems and processes meet these requirements.
The most common GoBD deficiency in practice is the missing documentation of immutability: how does the organization ensure that booked documents cannot be subsequently changed? And how is it documented when a justified correction is made?
Close documentation
For every monthly and year-end close, structured close documentation should exist that makes the entire close process traceable.
It contains
the close checklist with proof of completion of each step,
the material bookings and adjustments made in this close,
the justifications for bookings deviating from the norm, and
the approval documentation showing who approved which part of the close.
This documentation is not only relevant for auditors. It is the institutional memory of the close. When six months later a question arises about a booking from the March close, the close documentation is the first port of call.
ESG documentation
With the CSRD and the associated reporting obligations, ESG documentation becomes a new and still inadequately addressed area for many finance organizations.
The requirement is conceptually simple and operationally demanding: sustainability information must meet the same documentation standards as financial data. That means traceability, completeness, and verifiability.
CFOs who understand ESG documentation as a communication task will have problems when external auditors assess data quality. CFOs who understand ESG documentation as a finance task and set it up accordingly are better prepared.
The Three Most Common Mistakes and What They Cost
Mistake 1: Documentation as rework
The most common mistake in finance organizations is that documentation is viewed as a task to be done after the close. The result is predictable: it is never fully done because the next project is already waiting.
What this mistake costs is not abstract. When auditors request documentation that does not exist, rework arises under time pressure. This rework is qualitatively worse than documentation created during the process. It binds capacity needed for the actual audit. And it signals to the auditor that the control environment is weak, with all consequences for audit depth.
The solution is structural in nature:
Documentation must be part of the process, not appendix to the process. Every close step is only considered completed when it is documented. That requires more time per step initially. It saves substantially more in the long term.
Mistake 2: Documentation without ownership
When documentation is no one’s explicit responsibility, it is not maintained. Outdated process descriptions are more dangerous than no process descriptions because they create false security.
The solution is unambiguous ownership:
For every documented process there is a named responsible person who ensures that the documentation is current. This responsibility must be explicitly assigned, in job descriptions, in performance objectives, and in the CFO’s communication.
Mistake 3: Documentation without standard
When each person documents processes at their own discretion, a patchwork arises that is neither consistent nor complete. Auditors who read different process descriptions of the same company and find fundamental differences in format, depth, and quality draw conclusions about the maturity of the organization that are not positive.
The solution is a uniform documentation template applying to all processes. The template need not be complex. It must be consistent.
What Leads a CFO from a Reactive to a Proactive Documentation Culture
Most finance organizations have a reactive documentation culture:
Documentation happens when an auditor asks,
when an incident occurs, or
when someone resigns and the knowledge has to be secured.
A proactive documentation culture works the other way around:
Documentation is a continuous process happening independently of external pressure because it is understood as a leadership instrument.
The transition from reactive to proactive is no question of effort. It is a question of leadership decision.
And this decision has three components.
The first component is communication
A CFO who communicates documentation as a strategic instrument, not as administrative duty, changes perception in the team. The difference between “We have to document this because the auditor wants it” and “We document this because it protects us and makes us more efficient” is not semantic. It is cultural.
The second component is measurement
What is not measured is not steered. A CFO who includes documentation quality in their regular reviews — whether through a simple status check or through a more structured review process — makes clear that the topic is taken seriously.
The third component is the resource decision
Good documentation costs time. This time must be planned in; it cannot be done in addition to a full workload. A CFO who considers documentation important but creates no capacity for it will not get better documentation.
The Structured Build-Up of Audit-Ready Documentation
For a CFO who wants to systematically convert their finance organization to good documentation, a structured approach in six steps is recommended.
The first step is the stocktaking. What already exists? Which processes are documented and how well? Which areas are completely unaddressed? This analysis must be honest. It is not about what theoretically exists but what is actually audit-ready.
The second step is the gap analysis. Where are the biggest gaps? Which processes are audit-relevant and not documented? Which documentations exist but are outdated or incomplete? This gap analysis must be prioritized by audit relevance, not alphabetically or by department.
The third step is standardization. Before documentation is created or revised, the uniform format must be defined. The template must cover the essential elements: title, version, date, responsible person, systems and tools, process description with control points, exceptions, and evidence references.
The fourth step is creation with clear deadlines and named ownership. Every gap identified in step two gets a responsible person and a completion date. These assignments must be documented and tracked.
The fifth step is quality assurance. Completed documentations are reviewed by a second person, ideally someone who knows the process but doesn’t work on it daily. The test is simple: can this person understand the process from the documentation alone?
The sixth step is the establishment of the update rhythm. At least once a year, ideally quarterly, all process documentations are checked for currency. After material process or system changes, the affected documentations are immediately updated.
What Should Be Different After the Next Audit
There is a productive question a CFO should ask after every year-end audit: What did the audit teach about the documentation state of our finance organization, and what do we concretely change before the next audit?
This question sounds simple. It is rarely truly answered because after an audit the relief about its end is greater than the willingness to engage with the weaknesses that became visible.
A structured post-audit review answering the following questions is the most effective instrument for continuous improvement:
Which documentation requests took more than one day to be answered?
What was the reason for the delay and how is it remedied?
Which findings or follow-up questions were due to inadequate documentation?
Which documentations were created ad hoc during the audit and how are they permanently anchored?
The answers to these questions are the basis for a concrete action plan implemented before the next audit.
What I Bring
I am Nicole Vekonj, interim manager for finance & controlling. I accompany finance organizations in building audit-secure documentation structures, from stocktaking through standardization to sustainable anchoring in the work processes.
My approach does not begin with templates. It begins with the honest question: Why is the documentation not where it should be, and what must change structurally so that it sustainably gets better?
A finance organization answering auditor inquiries in five minutes is not better documented than one needing three days. It is better led.
If your next audit begins in less than six months, now is the right time for a 30-minute conversation, not three weeks before the first auditor appointment.
Nicole Vekonj | Interim Manager Finance & Controlling | zahlenkompetenz.de
