Audit Trail & Governance
How changes are tracked, attributed, and reviewed
Reading time: ~7 minutes
1. What the Audit Trail Is
Purpose of the Audit Trail
The audit trail is a record of significant actions and changes that occur within FinanceModel. It creates a historical log that allows you to understand who did what, when they did it, and what changed as a result.
Why Traceability Matters
Financial models are used for important decisions. Being able to trace how a model evolved—what assumptions changed, who made updates, and when outputs were generated—provides transparency and accountability. This supports:
- Internal review and quality assurance
- External audit and compliance requirements
- Understanding how conclusions were reached
- Identifying and correcting errors
A Record, Not a Guarantee
The audit trail documents what happened in the platform. It does not guarantee that the underlying analysis is correct or appropriate. Traceability supports accountability, but human judgment remains essential for ensuring quality.
2. What Is Tracked
The audit trail captures significant actions and changes across the platform. The following types of events are recorded:
Model Creation and Updates
When a model is created, the audit trail records the creation event along with the user and timestamp. Subsequent updates to the model structure are also recorded.
Input Changes
Changes to model inputs and assumptions are tracked. This includes updates to values, addition of new inputs, and removal of existing inputs.
Scenario Changes
When scenarios are created, modified, or deleted, these actions are recorded. This allows reviewers to understand how different cases were developed and updated over time.
Exports
Export events are logged, including the format (Excel, Word, PowerPoint), the user who initiated the export, and the timestamp. This helps track what versions were shared externally.
Key User Actions
Other significant actions—such as sharing a model, changing permissions, or submitting for review—are recorded to maintain a complete picture of model activity.
3. Attribution & Accountability
Every tracked action is attributed to a specific user, enabling clear accountability.
Actions Tied to Users
Each recorded event includes the identity of the user who performed the action. This attribution is based on authenticated user sessions and cannot be changed retroactively.
Organizational Context
Actions are recorded within the context of your organization. This allows enterprise administrators to review activity across their teams while maintaining appropriate access boundaries.
Time-Based Tracking
All events include timestamps that record when actions occurred. This creates a chronological history that supports understanding the sequence of changes.
Responsibility Remains with Users
The audit trail documents actions but does not transfer responsibility. Users remain accountable for the quality and appropriateness of their work. The audit trail supports accountability by making actions visible and traceable.
4. Review & Oversight
The audit trail supports review processes by providing visibility into model history and changes.
Review Mode
Review Mode provides a read-only view of models for reviewers and approvers. Reviewers can examine the current state of a model and its history without risk of making unintended changes.
Change Summaries
The platform provides summaries of changes that have occurred since a previous point in time. This helps reviewers quickly understand what has been modified without reviewing every individual event.
How Reviewers Use the Audit Trail
- Verify that expected changes were made by authorized users
- Identify when key assumptions were last updated
- Confirm that appropriate review occurred before export
- Trace the history of a specific input or output
5. Governance Controls
FinanceModel is designed with governance principles that keep humans in control of important decisions.
Human-in-the-Loop
Significant actions require explicit user confirmation. The platform does not make autonomous changes to models or execute actions without user involvement. This ensures that humans remain responsible for decisions.
No Autonomous Decisions
Even with AI assistance (Finny), the platform does not make changes without your approval. Suggestions are surfaced, but you decide whether to accept them. This preserves accountability and prevents unintended modifications.
User Approvals
Where workflows require approval—such as before sharing or finalizing—the platform requires explicit user action. These approval events are recorded in the audit trail.
Governance Best Practices
- Establish clear ownership for each model
- Require review before sharing models externally
- Periodically audit the change history of critical models
- Use appropriate access controls to limit who can edit
6. Limitations & Scope
Understanding what the audit trail does and does not cover helps you use it appropriately.
What Is Not Tracked
- Every keystroke or micro-action — The audit trail captures significant events, not every minor interaction
- Actions outside the platform — Edits made to exported files are not captured
- Content of conversations — While AI interactions are logged, detailed conversation content may not be fully retained
- External sharing or forwarding — What happens to files after export is outside the platform's visibility
What the Audit Trail Is Not Intended to Do
- Replace your organization's internal controls or approval processes
- Guarantee correctness or quality of models
- Provide legally certified compliance records without additional validation
- Capture activity that occurs outside FinanceModel
Using the Audit Trail Responsibly
The audit trail is a tool to support your governance processes, not a replacement for them. Use it alongside your organization's established controls, review procedures, and quality standards. For formal compliance requirements, consult with your compliance and legal teams.