For auditors

Archive audit files.
Redact third-party data.
Document ISQM 1.

Docuflair for chartered accountants and statutory auditors: audit-proof file archive, automatic third-party redaction under IFAC Code of Ethics Sec. 114 (Confidentiality), ISQM 1 audit trail, mid-market focus instead of Big Four. 100% on-premises.

Start auditor demo Consulting
Audit documentation ready IFAC-aligned On-premises
Docuflair for auditors
The challenge

Audit files, confidentiality, ISQM 1 — all at once

Audit-file volume

An average audit file runs to 2,000+ pages of working papers, vouchers, consolidation schedules and correspondence. Without full-text search and structured storage, it is unmanageable.

Confidentiality vs. cloud

Professional confidentiality on US cloud services is legally risky (CLOUD Act, Schrems II). Client files must remain in controlled infrastructure.

ISQM 1 audit trail

ISQM 1 requires a gap-free record of the system of quality management: EQR, consultations, approvals. Excel checklists do not survive peer review.

10-year retention

Audit documentation retention requirements demand 10 years of audit-proof storage. Liability cases require additional legal holds — sometimes for decades.

The solution

How Docuflair supports audit firms

Audit-proof long-term archive

Audit files are archived with SHA-256 hash, 10-year retention by default, legal holds for open liability cases. Export for tax-authority review is available any time.

More on Archive

Automatic third-party redaction

For audit reports, third-party data (suppliers, employee salaries, customer lists) is redacted automatically. The report can be shared with authorised recipients (supervisory board, lenders) without breaching professional confidentiality.

More on Redact

ISQM 1 quality-management workflow

Engagement Quality Reviews, consultations, independence checks and final approvals are modelled as a structured workflow. Every step is time-stamped, peer-review-ready.

More on Workflow

DATEV Audit Bridge compatible

Client bookkeeping data, financial statements and account proofs are imported directly from DATEV. Integration with common audit software (AuditAgent, CaseWare) via standardised interfaces.

More on integrations
The workflow

Statutory audit in 5 steps

1

Capture the engagement

Create the audit engagement as a project. Client master data, audit team, engagement partner and independence check are documented.

2

Digitise the audit file

Vouchers, balance sheet, P&L, notes, management report and bookkeeping are digitised to audit-documentation standards. Full-text index enables fast evidence retrieval.

3

Redact third-party data

For the audit report, PII and third-party data (supplier names, employee salaries, customer lists) are redacted automatically.

4

Produce the audit report with full audit trail

Working papers, EQR approvals and consultations are linked in the SHA-256 audit trail. The audit report is signed with a qualified electronic signature.

5

Archive for 10 years

The audit file is archived in an audit-proof manner for 10 years. Legal holds for liability cases prevent premature deletion.

Use cases

Typical auditor scenarios

01

Statutory year-end audit

A Next-Ten firm audits a mid-market group under statutory audit requirements. 3,000-page audit file, DATEV integration for bookkeeping data, EQR before sign-off.

  • Full-text search in seconds
  • Consistent DATEV integration
  • Audit-proof archiving
02

Special investigation (§ 142 AktG)

A shareholder-requested special investigation of a listed company. Highest confidentiality, tight deadlines, extensive evidence preservation — legal hold from day one.

  • Role-based access control
  • Tamper-proof evidence preservation
  • Full audit trail
03

ISQM 1 quality-management system

An audit firm implements ISQM 1 in an auditable way. Docuflair documents risk assessment, EQR coverage, consultations and monitoring outcomes — ready for oversight bodies and peer review.

  • Structured QM workflow
  • Peer-review-ready
  • Oversight inspections covered
Recommended modules

The key modules for auditors

Top 3 core products plus complementary modules for everyday audit work

Docuflair Archive

Audit-proof long-term archive with SHA-256, 10-year retention, legal holds for liability cases.

Learn more

Docuflair Workflow

ISQM 1 quality-management documentation with EQR, consultations, independence checks and approvals.

Learn more

Docuflair Redact

Automatic third-party redaction for audit reports — IFAC-aligned, auditable.

Learn more

Other relevant modules

View all products
Legal framework

Legal bases that Docuflair supports

IFAC Code of Ethics Sec. 114

Confidentiality of the auditor — on-premises architecture eliminates public-cloud risks.

ISQM 1

International Standard on Quality Management 1 — gap-free audit trail for the QM system, peer-review-ready.

Statutory audit requirements

Scope and content of the statutory audit — structured audit file with full-text search.

10-year retention

Audit documentation retention requirements — audit-proof storage with SHA-256 hash and legal holds.

Frequently Asked Questions

Answers to the most important questions for auditors

Does Docuflair meet the confidentiality requirements of the IFAC Code of Ethics?

Yes. Docuflair is a strictly on-premises or private-cloud solution. Audit files remain inside the audit firm's infrastructure — no external cloud components, no US services, no cross-border transfers. Role-based access control ensures that only engagement-assigned auditors can access the relevant audit files. This eliminates the confidentiality risks associated with public cloud services under IFAC Code of Ethics Sec. 114 (Confidentiality).

How does Docuflair support the ISQM 1 audit trail?

Docuflair records every change, every access and every approval with a SHA-256 hash in the audit trail. For the system of quality management under ISQM 1 (International Standard on Quality Management 1) this means: Engagement Quality Reviews, consultations and final approvals are traceable with precise timestamps. During peer review or regulatory inspection, complete evidence of all quality-management activities is immediately available.

Is Docuflair suitable for Big Four audit firms?

Docuflair is designed primarily for Next-Ten audit firms (Mazars, BDO, Baker Tilly, Rödl & Partner, PKF) and mid-size audit practices that need a GDPR-compliant on-premises alternative to the global cloud platforms of the Big Four. The focus is on mid-market clients and group audits up to IFRS single-entity scale. For Big Four engagements involving globally networked groups across 50+ jurisdictions, Docuflair is not the first-line choice.

How does Docuflair integrate with DATEV Audit Bridge?

Docuflair DATEV is compatible with DATEV Audit Bridge: client bookkeeping data, financial statements and account proofs are imported directly from DATEV and centralised in the audit file. Audit software (e.g. AuditAgent, CaseWare) can access the centralised evidence without duplicating data.

Why is on-premises so important for statutory audits?

Audit files contain highly sensitive client data: pre-publication balance sheets, strategic forecasts, acquisition due diligence, group consolidation. Auditors are legally bound to confidentiality towards third parties. With US-parented cloud services (CLOUD Act) or unclear data sovereignty, there is legal risk. On-premises at Docuflair means: the audit file never leaves the firm's infrastructure.

Audit files, ISQM 1, confidentiality — all in one platform

A 15-minute demo — on a real statutory audit we show you how Docuflair archives audit files, redacts third-party data and documents ISQM 1 without gaps.

Request a free demo Discover Docuflair Archive