A POS system in the Philippines is not BIR-compliant just because it can print invoices. For accreditation, the Bureau of Internal Revenue looks at whether the system can preserve a reliable audit trail: a clear, tamper-resistant record of sales, voids, refunds, reprints, backend edits, user actions, daily readings, and electronic journals that BIR examiners can verify later. This matters because a weak audit trail can delay accreditation, expose the business to tax mapping issues, or create problems during a BIR audit.

What “audit trail” means for BIR POS accreditation

In simple terms, an audit trail is the POS system’s history book. It should answer basic audit questions such as:

• Who created, edited, voided, refunded, cancelled, reprinted, extracted, pushed, or pulled a transaction?
• What transaction or data value was affected?
• When did the action happen?
• Was the user a cashier, supervisor, administrator, supplier, or remote support account?
• Did the sales transaction appear in the e-journal, Z-reading, backend report, books, and BIR sales reporting?
• Can the record still be viewed, exported, printed, and verified years later?

For BIR purposes, the audit trail is not only one report. It is usually a combination of:

POS control	What BIR wants to see
Activity log / transaction log	User ID, date and time stamp, action performed, and data values involved
E-journal / audit journal	Electronic or duplicate record of invoices and related transactions
X-reading / cashier accountability report	End-of-shift cashier accountability
Z-reading / end-of-day report	Daily sales reading, accumulated grand total, serial range, and sales breakdown
Backend reports	VATable, VAT-exempt, zero-rated, discounts, voids, returns, refunds, and other summaries
Sequential invoice numbering	No missing, duplicated, or tampered invoice series without explanation
Backup and disaster recovery	Ability to recover and preserve records after power loss, server failure, or cloud access issues

BIR’s current accreditation framework under Revenue Memorandum Order (RMO) No. 24-2023 expressly lists activity or transaction logs, non-volatile memory, e-journals or audit journals, backend reports, reprint functionality, data retention, and sales data transmission among the specifications/features that sales machines or software must comply with.

Legal basis for POS audit trail requirements in the Philippines

The main rules come from the National Internal Revenue Code (NIRC), BIR revenue regulations, and BIR memoranda on CRM/POS accreditation.

Legal source	Why it matters
NIRC, Section 237, as amended by RA No. 11976 or the Ease of Paying Taxes Act	Requires duly registered sales or commercial invoices at the point of sale for taxable persons, with VAT-registered persons required to issue invoices regardless of transaction amount. (LawPhil)
RA No. 11976, Ease of Paying Taxes Act	Modernized tax administration, taxpayer classification, invoicing, and BIR digitalization policy. (LawPhil)
Revenue Regulations (RR) No. 11-2004	The basic CRM/POS accreditation rule requiring tamper-free machines, non-resettable accumulating grand totals, non-volatile memory, audit journal/e-journal controls, server recording, and BIR-verifiable reports. (Supreme Court E-Library)
RMO No. 24-2023	Current revised procedure for accreditation of CRMs, POS systems, e-invoicing/e-receipting systems, and similar sales machines/software through the Enhanced eAccReg System.
RMO No. 27-2014	Allows post-audit and inspection of CRM/POS systems; refusal to allow inspection or provide backend reports can lead to sealing and possible revocation of the Permit to Use. (Supreme Court E-Library)
RR No. 17-2013, as amended by RR No. 5-2014	Requires preservation of books of accounts, subsidiary books, and other accounting records for ten years. (Supreme Court E-Library)
RR No. 11-2025 and RR No. 26-2025	Implements electronic invoicing and electronic sales reporting rules for covered taxpayers, with POS users included in the broader electronic sales reporting framework once the BIR system and implementing rules apply.
RA No. 10173, Data Privacy Act of 2012	Relevant because POS audit trails may contain customer names, TINs, IDs, senior citizen/PWD details, and user activity logs; processing must follow transparency, legitimate purpose, proportionality, and security principles. (National Privacy Commission)

What BIR usually checks in the POS audit trail

1. The POS must be tamper-free

The system should not allow sales to disappear, be edited silently, or be excluded from reports. RR No. 11-2004 requires CRM/POS machines to be tamper-free and not switchable to training mode, no-sale transaction mode, or similar manipulations that avoid recording a sale. (Supreme Court E-Library)

A practical test is simple: after a sale is issued, can an ordinary user or administrator delete it from the database without leaving a trace? If yes, the system is risky.

2. Sales must be completely recorded

For POS machines connected to a server, all sales per POS must be automatically and completely recorded in the central server. The BIR must also be able to view, validate, and verify sales or receipt summaries submitted by the taxpayer. (Supreme Court E-Library)

For cloud-based POS systems, this means the business should be able to show:

• Where sales are stored;
• How local branches sync with the server;
• What happens during internet downtime;
• Whether offline sales are uploaded later;
• Whether duplicate or skipped invoice numbers are prevented;
• How BIR can access or verify backend reports during audit or tax mapping.

3. The system must have an activity log or transaction log

RMO No. 24-2023 requires an activity log or transaction log as part of the POS accreditation features. Annex B to RMO No. 24-2023 also requires a printed copy of the system audit trail or activity log containing the date and time stamp, user name or ID, activity performed, and values of data involved.

A useful audit trail should capture at least:

• Login and logout;
• Sales creation;
• Voids, cancellations, refunds, returns, and other adjustments;
• Price overrides and discounts;
• Reprints;
• Changes to tax classification;
• Backend edits;
• Manual invoice replacement;
• Export, extraction, push, pull, or transmission of data;
• Remote support access by the supplier or developer;
• Administrator or root account activity.

4. The POS must maintain an e-journal or audit journal

RR No. 11-2004 states that no POS machine shall be operated without the corresponding electronic journal. For cash register machines, the rule requires audit journal tape or equivalent duplicate records intended for audit and internal revenue tax purposes. (Supreme Court E-Library)

For modern POS software, the e-journal should be exportable and readable. It should not be a hidden database table that only the vendor can access. During accreditation, BIR may ask for a sample e-journal in soft copy and hard copy format, including sample sales and adjustments.

5. Voids, refunds, returns, and cancellations must be traceable

A common accreditation problem is that the POS can void or refund sales, but the adjustment document does not clearly identify the original invoice being adjusted.

The better setup is:

1. Original invoice is preserved.
2. Adjustment document has its own separate serial number series.
3. Adjustment document references the original invoice number.
4. The activity log shows the user, date, time, and reason.
5. Z-reading and backend reports summarize the adjustment.
6. Books and VAT reports reconcile with the adjustment.

BIR’s functional checklist asks whether the system can generate documents with distinct serial numbers for returns, refunds, voids, cancellations, and similar adjustments, and whether those documents reflect the reference number of the invoice being adjusted. (Bir Cdn)

6. Reprints must be clearly marked

If the POS can reprint an invoice, the reprint should not create a new sale or alter the original stored data. The reprinted invoice should show that it is a REPRINT, including the date and time of reprinting. This helps BIR distinguish a legitimate copy from a duplicate sale or a manipulated invoice series. (Bir Cdn)

7. Z-readings and backend reports must reconcile

The Z-reading or end-of-day report is one of the most important audit documents. It should normally show:

• Z-counter;
• Reset counter, if applicable;
• beginning and ending invoice number series;
• previous and present reading;
• sales for the day;
• gross sales and net sales;
• discounts;
• VATable sales;
• VAT amount;
• VAT-exempt sales;
• zero-rated sales;
• refunds, voids, returns, and cancellations.

If the Z-reading does not tie up with the e-journal, backend report, VAT return, eSales report, and books of accounts, expect questions during tax mapping or audit.

Accreditation vs Permit to Use: know the difference

Many business owners confuse POS accreditation with Permit to Use (PTU).

Item	Meaning	Who usually handles it
Accreditation / Certificate of Accreditation (COA)	BIR approval that the POS machine/software model, version, or system meets BIR functional and technical requirements	Supplier, developer, provider, pseudo-supplier, or taxpayer-user applying for accreditation
Registration / Permit to Use (PTU)	BIR authority to use a specific registered machine/software at a specific taxpayer branch or business location	Taxpayer-user, often assisted by the POS provider

Under RMO No. 24-2023, sales machines/software such as CRM, POS, e-invoicing/e-receipting systems used under subscription-based arrangements, taximeters, handheld/mobile devices linked to a server, and vending machines issuing invoices are generally subject to accreditation and registration. Special Purpose Machines that do not generate principal invoices are not subject to accreditation but must still be registered for PTU purposes.

RMC No. 72-2025 clarified that developers, dealers, suppliers, and pseudo-suppliers with Certificates of Accreditation expiring July 31, 2025 and onward must apply for new accreditation under RMO No. 24-2023, while existing PTUs for CRMs, POS, and similar sales machines/software do not expire merely because the software COA expires.

Step-by-step guide to preparing the POS audit trail for accreditation

Step 1: Confirm whether your system is covered

Check if the system generates principal invoices or records sales transactions. If it does, it will likely fall under the BIR sales machine/software rules.

Common covered systems include:

• Retail POS;
• restaurant POS;
• hotel front-desk billing systems issuing invoices;
• pharmacy POS;
• grocery POS;
• cloud POS;
• handheld/mobile sales devices;
• kiosks or vending machines issuing invoices;
• POS modules connected to CAS or ERP systems.

Step 2: Check the invoice format under current EOPT rules

Since the Ease of Paying Taxes Act, the invoice is now the primary evidence of sale for both goods and services. RMC No. 77-2024 explains that taxpayers using CRM/POS/e-receipting/e-invoicing systems may replace “Official Receipt” with “Invoice,” “Cash Invoice,” “Charge Invoice,” “Credit Invoice,” “Billing Invoice,” “Service Invoice,” or another descriptive term, subject to the required notice and transition rules.

Do not treat old “OR” wording as a harmless formatting issue. After the applicable transition period, issuing an Official Receipt as the primary sales document may be treated as failure to issue the required invoice and may trigger penalties under Section 264(a) of the Tax Code.

Step 3: Build the audit trail before the BIR demo

Before applying, test whether the system can generate:

• Activity log by date range;
• activity log by user;
• e-journal by terminal or branch;
• void/refund/return/cancellation report;
• reprint report;
• X-reading;
• Z-reading;
• VATable/VAT-exempt/zero-rated sales report;
• senior citizen, PWD, national athletes/coaches, and solo parent discount reports, if applicable;
• manual invoice replacement report;
• backend sales summary report;
• data export in readable format.

A BIR evaluator will not be impressed by a verbal explanation that “the database has everything.” The system should generate readable reports that an examiner can print, export, and compare.

Step 4: Prepare the documentary requirements

For accreditation under RMO No. 24-2023, the usual file should include:

Document or evidence	Why it matters
Company profile	Shows the applicant’s business background
Proof of online application via Enhanced eAccReg	Confirms online filing
Notarized sworn statement	Attests to compliance with required system features
Sample invoices	Shows required invoice fields and actual layout
Sample adjustment documents	Shows treatment of voids, refunds, returns, and cancellations
X-reading and Z-reading samples	Shows cashier and daily sales reports
Backend report samples	Shows summaries by tax type and transaction type
Sample e-journal	Shows detailed transaction records
System description and design	Explains architecture, database, server, branch setup, and modules
Software version screenshots	Helps match the exact version being accredited
Online/offline indicator screenshot, if applicable	Shows whether the POS identifies connectivity status
Printed audit trail/activity log	Shows user, timestamp, activity, and values involved
Backup procedure and disaster recovery plan	Shows how records are preserved and restored

The practical mistake to avoid is submitting polished invoice samples but weak backend evidence. BIR accreditation is not only about receipt layout; it is about whether the records behind the invoice are reliable.

Step 5: Prepare a realistic system demonstration

The Technical Working Group evaluates the system through a demonstration. RMO No. 24-2023 states that the demo schedule is coordinated within three working days from receipt of complete documentary requirements or depending on the taxpayer-applicant’s readiness, and the evaluation may be done online depending on the situation.

A strong demo script should include:

1. Cash sale;
2. credit sale or charge invoice, if applicable;
3. VATable sale;
4. VAT-exempt or zero-rated sale, if applicable;
5. mixed transaction;
6. senior citizen or PWD discount;
7. void before end-of-day;
8. refund or return after invoice issuance;
9. invoice reprint;
10. offline sale and later synchronization;
11. X-reading;
12. Z-reading;
13. e-journal export;
14. audit trail export;
15. backend report generation;
16. backup and restore explanation.

Step 6: Address BIR comments promptly

RMO No. 24-2023 requires minutes of meeting for each system demonstration, and items for compliance, submission issues, and peculiar system features must be recorded.

Common BIR comments include:

• “No activity log for administrator actions.”
• “No timestamp for reprints.”
• “Void report does not show original invoice reference.”
• “Offline transactions do not have distinct controls.”
• “Backend report does not match Z-reading.”
• “Invoice numbering is not padded with leading zeroes.”
• “System cannot show VATable, VAT-exempt, and zero-rated breakdown.”
• “Cloud data cannot be accessed by taxpayer after subscription termination.”

Step 7: Keep the same version after accreditation

A major enhancement or upgrade may require new accreditation. RMO No. 24-2023 treats additional functionality, improved field or batch validations, additional reports, database platform changes, parameter-setting changes, and hardware changes for bundled systems as examples of major enhancements. Minor enhancements do not require reaccreditation but must be reported to the LT Office/RDO.

This is especially important for SaaS or cloud POS systems that update automatically. The accredited version should be tracked, and updates affecting tax, invoice, audit trail, backend reporting, or database behavior should be reviewed before deployment.

Practical timelines, fees, and government offices involved

Item	Usual rule or practical point
Where accreditation is filed	Through Enhanced eAccReg, with manual submission of documentary requirements to the RDO/LT Office where the applicant’s head office is registered
Demo scheduling	TWG Secretariat coordinates the demo within three working days from complete requirements or taxpayer readiness
COA issuance	RMO No. 24-2023 states that the Certificate of Accreditation is issued within 20 working days from compliance with complete requirements and system demonstration, except certain existing-accreditation cases
Existing related company/reseller case	COA may be issued within seven working days if system demonstration is dispensed with and complete documents are submitted
Accreditation fee	Free; RMO No. 24-2023 states that no charge or fee shall be imposed for application for accreditation
PTU/registration	Registration of POS/CRM/SPM/other similar sales machines is done through Enhanced eAccReg and processed by the LT Office/RDO within two days after receipt of application
Post-audit risk	BIR can inspect machines during store hours and require backend reports; refusal may lead to sealing and possible revocation of PTU

Ongoing recordkeeping after accreditation

Accreditation is not the end of compliance. Once the POS is live, the business should maintain a routine that can survive a tax mapping visit or formal audit.

Daily

• Generate Z-reading or EOD report.
• Check invoice number sequence.
• Review voids, refunds, returns, and cancellations.
• Confirm that offline transactions synced.
• Back up sales data and e-journal.

Monthly

• Reconcile POS gross sales with books, VAT/percentage tax reports, and bank/payment gateway settlements.
• Submit eSales reports per machine, if applicable. RMO No. 12-2012 requires taxpayers using CRMs, POS machines, and other invoice/receipt-generating machines to submit monthly sales reports per machine through the eSales System, including machines with no sales transaction. (Bir Cdn)
• Investigate gaps in invoice numbers before they become audit findings.

Annually

• Preserve books, subsidiary books, invoices, e-journals, reports, and other accounting records for the required retention period.
• Review whether POS version changes are major or minor.
• Validate that branch PTUs, machine identification numbers, invoice formats, and user access remain current.

For safety, businesses should treat POS e-journals, audit logs, Z-readings, backend reports, and supporting invoices as part of the accounting records that must be retained for ten years under RR No. 17-2013, as amended, especially because these records support the entries in the books. (Supreme Court E-Library)

Common POS audit trail problems in the Philippines

The POS can delete transactions without leaving a trace

This is the fastest way to fail an audit trail review. Even administrators should not be able to delete, alter, or suppress sales without a permanent log.

The e-journal exists but cannot be exported

If only the developer can open the e-journal, the taxpayer may struggle during BIR examination. The taxpayer-user should be able to produce readable reports without waiting days for vendor support.

The cloud POS does not preserve data after termination

For subscription-based systems, the taxpayer-user remains responsible for tax records even after the contract ends. The system should allow the client to download or maintain relevant sales data and accounting records.

Offline mode creates numbering gaps

A POS should handle internet downtime without duplicate invoices, missing numbers, or unposted sales. If the system issues offline invoices, it should clearly show what happens when the system goes back online.

Reprints look like original invoices

A reprint should be marked as a reprint. Otherwise, BIR may question whether the duplicate document represents a second sale or an attempt to manipulate records.

Voids and refunds are treated as simple deletions

Voids, refunds, returns, and cancellations should generate traceable adjustment records. They should not erase the original invoice.

Backend reports do not match tax returns

BIR examiners often compare POS reports, Z-readings, eSales submissions, VAT returns, income tax returns, bank deposits, and accounting books. Differences are not automatically illegal, but unexplained differences invite questions.

Foreign or generic POS software is not localized

Foreign-owned businesses and expats operating Philippine businesses often bring in POS software designed for another country. The problem is that Philippine compliance requires local tax categories, BIR invoice fields, senior citizen/PWD discount rules, VAT breakdowns, serial numbering, e-journals, audit logs, PTU registration, and local record retention. A foreign vendor may also need Philippine-facing documentation, authorized representatives, notarized documents, or, for documents executed abroad, apostille/authentication depending on the document and BIR office practice.

Frequently Asked Questions

Is an audit trail required for BIR POS accreditation in the Philippines?

Yes. RMO No. 24-2023 includes activity or transaction logs, e-journals/audit journals, backend reports, data retention, reprint functionality, and other controls among the specifications for sales machines/software. Annex B also requires a printed audit trail or activity log showing date and time stamp, user name or ID, activity performed, and data values involved.

What should a POS activity log contain?

At minimum, it should show who performed the action, the date and time, the activity performed, and the values or data affected. Better systems also show user role, terminal, branch, original invoice number, adjustment reason, remote access activity, and before-and-after values.

Does a small business still need a BIR-accredited POS?

If the business uses a POS or sales machine/software to issue invoices or record sales, the POS rules may apply regardless of size. Micro and small taxpayers may enjoy certain reduced penalties and simplified rules under RA No. 11976, but that does not automatically exempt a sales-generating POS from BIR registration or audit trail requirements. (LawPhil)

Can I use a foreign cloud POS in the Philippines?

Yes, but only if it can satisfy Philippine BIR requirements. It must support local invoice rules, audit trails, e-journals, backend reports, VAT and non-VAT treatment, discounts, serial numbering, data retention, and BIR inspection. The taxpayer-user should also ensure continued access to records even if the subscription ends.

What is the difference between an e-journal and an activity log?

The e-journal is the electronic record of invoices and transactions. The activity log records actions taken in the system, such as edits, voids, refunds, reprints, exports, and administrator activity. BIR generally needs both because the e-journal shows what was issued, while the activity log shows what users did to the data.

Do POS records need to be kept for three years or ten years?

For practical tax compliance, keep POS audit logs, e-journals, Z-readings, backend reports, invoices, and related accounting records for ten years. RR No. 17-2013 requires books of accounts and other accounting records, including supporting source documents, to be preserved for ten years. (Supreme Court E-Library)

What happens if BIR asks to inspect the POS and the store refuses?

Under RMO No. 27-2014, refusal to allow inspection or reading of the CRM/POS or refusal to provide backend reports may lead to sealing of the machine, and continued refusal after the 48-hour demand period may be a ground for revocation of the PTU. (Supreme Court E-Library)

Does changing from “Official Receipt” to “Invoice” require reaccreditation?

RMC No. 77-2024 allowed taxpayers using CRM/POS/e-receipting/e-invoicing systems to replace “Official Receipt” with appropriate invoice terminology, subject to notice and transition requirements. But if the change affects major functionality, reports, database fields, tax treatment, or system architecture, it should be reviewed under the major/minor enhancement rules of RMO No. 24-2023.

Is POS accreditation free?

Yes. RMO No. 24-2023 states that application for accreditation of sales machines/software is free and that no charge or fee shall be imposed by any Region, LT Office, or RDO.

Key Takeaways

• A BIR-compliant POS needs more than invoice printing; it needs a reliable audit trail.
• The audit trail should show user identity, date and time, activity performed, and data values affected.
• The POS should preserve e-journals, Z-readings, backend reports, void/refund/return records, and reprint logs.
• BIR accreditation applies to the POS system/software, while PTU registration applies to the actual machine or system used by the taxpayer.
• Cloud and foreign POS systems must still meet Philippine BIR rules and allow taxpayer access to records.
• Major POS upgrades may require reaccreditation; minor enhancements must still be reported when required.
• Keep POS records for ten years as part of tax and accounting records.
• Weak audit trails can lead to accreditation delays, tax mapping findings, PTU issues, and audit exposure.