Hi Janos,
since I didn't write a procedural manual for my girlfriends business (yet, of course ;-)) and reading about you and Zyrixx planning to write such a "monster" (the linked sample has 42 pages and still needs to be completed!) http://www.awv-net.de/upload/pdf/Belegablage_V1_20151026.pdf I finally took a short dive into the sample manual. I think it's REALLY good and does have quite a lot of explanations on how to apply it to your company. My opinion: If this is not enough, you're the wrong guy for this job, give it to someone who knows your company better than you do ;-) The only chapter that would really profit from your input (again, in my opinion of course) is 3.1 in which the used hard- and software needs to be explained (in regard to GoBD compliance). If you provide a good explanation of how it's possible to configure piler to be GoBD compliant for this chapter, everything else can be taken and modified from this sample document, no need to reinvent the wheel here... Interestingly, the authors recommend to use "certified software" and even provide a chapter to list the certifications... But I still don't think it relevant, especially for a small (digital) business... You have to describe how you configured the "certified" software and how you use it exactly like you would describe it for uncertified software anyway. Come to think of it, it actually might be counterproductive if you had to tweak the certified software a lot to make it work for your company. According to the authors, the more you have to "customize" the software, the more "suspicious" the auditors will get ;-) Personally I think GoBD had two main goals: 1.) A crack down on tax evasion by using cash transactions (If you use cash, you really HAVE to get a GoBD compliant cash register, no way around it) 2.) To make an auditors life easier As I already said, GoBD compliant email storage (contrary to HW handling cash transactions!) is not a law, therefore no auditor can punish you for not abiding to it (Of course it might piss the auditor off and make him look really closely at things, which can be a costly mistake too...). If you don't take cash and all the money comes in by bank transfer, Paypal et. all, there is absolutely no way you could cheat anyway, since all bank transfers can be traced... Which is the reason I didn't put too much effort into writing a manual for my girlfriend incidentally... If an auditor really is interested in such a small business, you can go like "Here's the archive. Don't trust it or don't understand the IT behind it? Fine, go and check the bank transfers and have fun..." Every time I look into the admin panel I have to laugh: Less than 400 mails since January 2017 and the archive/server will probably be full in "34755 years, 10 months, 15 days" :-) Funny side notes: - If you get invoices only per snail mail, you actually don't have to archive them electronically - If you only use a "Template" on a computer to print your invoices and do NOT save the invoice itself on the computer (Using it like a typewriter), you don't have to store the invoices electronically either Since we're talking about funny stuff, I also found a comment from a guy on a german message board, who actually called his local tax authority and asked about GoBD. He spoke to several persons including an auditor, who told him saving invoices in PDF format on his harddrive is perfectly fine, since PDFs can't be changed afterwards... ROFL! Here's the link if anyone is interested, it does have a really good explanation of GoBD requirements, even though there are some mistakes (like time-critical saving of digital invoices, which only need to be saved as a file within 10 days but NOT also archived within 10 days) in it, but it is in german: http://www.selbstaendig-im-netz.de/2017/04/12/selbstaendig/gobd-darauf-musst-du-bei-digitalen-rechnungen-und-belegen-achten/ Kind regards, Frank "[email protected]" <[email protected]> schrieb am 21:42 Dienstag, 25.Juli 2017: Hello Frank, On 2017-07-25 14:47, Frank Schmitz wrote: > > a GoBD certification would surely result in a higher "visibility" for > piler, since quite a lot of companies are basing their business > decisions on those. > > But please do NOT believe that Piler needs a GoBD certification to be > used in germany! > The ministry of finance in germany does not care whether the software > is certified, it cares about > > 1. whether the software fulfills the legal requirements (i.e. to use > piler for GoBD in germany you need to use timestamping) do you mean that it's mandatory to use an external timestamp provider with piler? Or do you refer to the timestamps piler provides and stores in the metadata table? > 2. how the company USES the software (You need a procedural > documentation) I'll make it soon. > In case of an audit, both will be checked and the auditor won't care > whether piler is certified or not... > > To prove the point: > https://www.bundesfinanzministerium.de/Content/DE/Downloads/BMF_Schreiben/Weitere_Steuerthemen/Abgabenordnung/Datenzugriff_GDPdU/2014-11-14-GoBD.pdf?__blob=publicationFile > > This is an official statement from the ministry of finance in germany, > under heading 12 / 181 (last page) it reads: > > _„Zertifikate“ oder „Testate“ Dritter können bei der Auswahl > eines Softwareproduktes _ > _dem Unternehmen als Entscheidungskriterium dienen, entfalten jedoch_ > > _ aus den in Rz. 179 genannten Gründen gegenüber der Finanzbehörde > keine Bindungswirkung._ > > Roughly translated: > > Certificates or testimonies of third parties may be used by companies > to choose a software, but they DO NOT have a binding effect for the > ministry of finance because of the reasons named in Rz. 179. I see. My point is that the usefulness of the certificate is that the auditing company has examined the given software and by providing the gobd compatible stamp they verify that the software complies with all demands by the law. > In short, those certificates for GoBD compliance aren't worth the > paper they're written on if an auditor is knocking on your door... > > You must be able to show that piler is able to fulfill all GoBD > Requirements. For a (german) "checklist" you can look those up here 15 > Kriterien für GoBD-konforme Software | Scopevisio Ratgeber [1] or > here Neue GoBD: Ein umfassender Überblick [2]. I'll check these docs. > I'm no expert by any means, but as far as I understand it, piler is > quite capable of doing all that IF you use timestamping so you can > prove the emails haven't been changed since they were > timestamped/received... > > Apart from the technical requirements, you will also need an > "extensive" documentation about what exactly you are doing with your > receipts/invoices/etc. You can even find a sample documentation to use > here: GoBD - Verfahrensdokumentation, praxisrelevante Hilfestellungen > / PSP München [3] if you have no idea what to do... Make no mistake, > THIS is what really matters to an auditor! (Well, maybe not if you use > really crappy software ;-)) > > So unless you really want to spend several thousand euros on > increasing the visibility/user base of piler, I would recommend you > forget about purchasing a GoBD certificate... > > Speaking for myself, I would certainly consider throwing a bit of > money into crowdfunding "useful" additions to piler, but for this I > won't pay anything at all, sorry... it's ok Frank, and I appreciate your feedback and advice. Janos
