Audit Trail Software

Every change signed, chained, replayable

Audit trail software for fund compliance must do three things: log every operationally significant event, make the log tamper-evident, and let auditors reconstruct any past state on demand. CapitalBridge implements this as a SHA-256 chained ledger covering submissions, approvals, threshold changes, covenant recalculations, status transitions, permission changes, and alert dispatches. Auditors and credit committees see full provenance in seconds, not weeks.

Book a Demo See Security
Audit Trail / Northern Energy
Submission approved 14:23:07 UTC

Q3 2025 QMA approved by alex.morgan@cygnum

sha256: 7a3f...c91e -> 2b8d...4f02

Threshold changed 14:18:42 UTC

DSCR threshold 1.20x -> 1.25x by daniel.carter@cygnum

Reason: Q3 amendment; sha256: 2b8d...4f02 -> 9e1c...a8b7

Covenant recalculated 14:23:09 UTC

DSCR 1.42x -> 1.39x (status: Compliant)

Source: Q3 QMA, period 2025-Q3; sha256: 9e1c...a8b7 -> 4f7a...d2c5

Alert dispatched 14:23:11 UTC

PM + credit analyst notified of covenant recalc

2 recipients, 0 errors; sha256: 4f7a...d2c5 -> b1e9...37a4

Five Audit-Trail Pillars

What an auditor-grade trail requires

1. Every event signed + timestamped

Who made the change, exactly when (UTC, millisecond resolution). No "Sarah changed the threshold sometime last quarter" reconstruction; every event has an actor and an exact time, recorded at the moment it happened.

2. Tamper-evident chain

Every event carries a SHA-256 hash linking back to the previous event's hash. Modify any historical event and the chain breaks; auditors can verify chain integrity in seconds. This is the property that turns an audit log into auditor-grade.

3. Before-and-after capture

"Threshold changed" is not enough. The audit log records before-and-after values for every change: DSCR threshold 1.20x -> 1.25x, headroom buffer 15% -> 10%, covenant assignment added or removed. Auditors see the delta, not just the event.

4. State-at-date reconstruction

Replay any past state. "Show me Northern Energy's covenant package on 2025-09-30 at 17:00 UTC" returns the exact thresholds, headroom buffers, and last-known covenant values as they were at that moment. Critical for credit committee post-mortems and regulator inquiries.

5. Auditor-friendly export

CSV, JSON, and PDF export of the audit log scoped to the auditor's request. Native integration with read-only auditor accounts (scoped permissions, no write access, full read of the audit trail and underlying data).

What Gets Logged

Every operationally significant event

Submission lifecycle

Submission received, validated, approved, rejected, returned for revision.

Covenant changes

Threshold change, operator change, headroom buffer change, scope change.

Covenant recalculation

New covenant value computed, status transition, source submission referenced.

Assignment changes

Reporting requirement assigned, unassigned, scope override applied.

User + permission

User created, role granted/revoked, permission scope changed.

Alert dispatch

Alert fired, recipient list, delivery success/failure, suppression decisions.

Related

Continue exploring

Sibling

Security + Compliance

Encryption, MFA, RBAC, infrastructure posture.
Sibling pillar

CFO Compliance Dashboard

Where the audit trail surfaces in the CFO view.
Roundup

Best Audit-Trail Tools 2026

Comparison of platforms with audit trail + reporting.
Ready?

See how it works with your portfolio structure

Book a 30-minute demo. We configure it with your actual portfolios, categories, and counterparties so you see exactly how CapitalBridge fits. No generic product tour. You talk to the team that built it.

Book a Demo See it in motion 4 tours or email info@proceptio.com
Why we built this

"The gap between a $200K enterprise platform and a shared spreadsheet should not be this wide. We built the thing that belongs in that gap."