Andrew: My thoughts are, without knowing what you are tracking, from my experience, your additional features to the application is due to the Sarbanes-Oxley Act of 2002 (SOX). This act has impacted private companies both in the USA and International. SOX directly addresses and garauntees that there are Financial Controls in place that mitigates risks and downfalls of private companies like Ensron, Tyco, etc. However since IT supports financial operations, IT has had to "jump thru hoops" also, following COBIT and/or ITIL framework. Your application, as you indicated is PCT-tracking. Directly or Indirectly this application may or impacts financial reporting, which means it hits the general ledger, or the tracking impacts security and/or Access and/or Operations. If this is the case, then you, your application, must provide substantial evidence, that the control is in place. Unaware of what PCT's acronym, it is important that the delete operation, should not occur and/or if it does, tracking the id is significant. You may even be required to print a report where the Manager of Operations signs of on it. The more signatures on a report, the more Internal and External Auditors like it. Another reason for your additions to the application is if somewhere in an accounting process their control in place is said to be systematic, which means that the system or application is validating the control, then the control had best exist.
A List of New Policies and Procedures have been developed and implemented, For example, Password Policy, the Change Control Policy, Computer Access Policy, Backup/Recovery or Business Continuity Policy, etc.
Dont be disheartened, it could call for a total re-write, I have seen and been involved in much worse.
Hope this helps.