- About Us
- News & Events
- Locations
- Career Opportunities
- Rea Strategic Solutions
- Investment Partners Ltd
- Contact Us
- Press Room
Beware of Holes in Your Accounting Software
Beware of Holes in Your Accounting Software
This is the second of a four-part series discussing areas of your business you can examine to determine whether fraud is taking place.
There’s no arguing the fact that QuickBooks® is a quality accounting software package. In fact, it’s one of the top-selling programs of its kind. And while the 2008 release is relatively fraud-resistant, if you use an older version, be aware of areas of the software that could expose you to fraud.
And while all of these items are important, no accounting software will be all that effective in fending off fraud if proper management oversight and company procedures aren’t in place.
Audit Trail
Starting in the 2006 release of QuickBooks, the audit trail is set to “on” by default – and it can’t be turned off. This means that all activities are tracked – you can tell who did what, when, but only if the users are set up individually and required to protect their passwords.
But users of older versions (those released before 2006) should be aware that the audit trail can easily be turned off.
“Many users deactivate the audit trail feature because it tends to take up a lot of memory,” said Marcia Calhoun, CPA, a Certified QuickBooks ProAdvisor® in Millersburg. “But memory-hog or not, the audit trail is an essential ingredient of your fraud prevention. Without it, someone could alter a record and you would never know.”
“Of course, you must review the audit trail report regularly for this feature to be effective,” she added.
Password Use
Even in the 2008 version of QuickBooks, a password is not required. “Using a unique user ID and password for each user is one of the most important things you can do to protect yourself from fraud,” recommended Tim Hefty, CPA, CFE, a member of Rea’s forensic accounting team. “You can set QuickBooks up so users only have access to the items required by their job descriptions.” By restricting who has access to the different types information, said Hefty, you have fewer people unnecessarily accessing sensitive information and therefore a reduced risk of fraud.
“A lot of businesses have many employees accessing QuickBooks on one computer,” said Calhoun. “This is fine, but make sure that each user has his or her own password so you are able to monitor use more closely.”
Data File Storage
“If your fraudster knows enough about the software,” said Hefty, “he or she can delete all of your data files and effectively destroy your company records, making fraud completely untraceable.” To protect your company data from potential ruin, you should back-up your files daily.
“As an added measure, you should keep a back-up copy of your files off-site.Consider contracting with a vendor who can copy of your files remotely once a week and store them on an external server,” said Hefty. “If someone were to destroy all of the historical financial data of your company, you’ll be glad you have a copy off-site.”
Other Areas to Watch
Also in older releases, it’s possible for a user to print a transaction without saving it. So an ill-meaning cashier could print a receipt from QuickBooks, pocket the cash from your customer and clear the transaction without saving, and it would never show on the Audit Trail.
Calhoun also noted that no transaction is ever closed – even in the 2008 release. “This feature is great for an environment with no fraud. QuickBooks is very user-friendly in the sense that you can always make corrections. If you notice an error in your books from last year and haven’t turned your information in to your accountant, it’s not too late to fix it,” she said.
“I once had a client who could not figure out why things weren’t adding up, and we went in to discover that he was posting his entries in 3003 instead of 2003. We were able to easily correct the problem. But, of course, if someone were to change a past entry with malicious intent, that could expose you to fraud. That’s why the audit trail is so important.”It is also recommended to set a closing date with a password once the accounting has been completed for a year.This does not totally prevent entries from being made in a previous year, but gives the owner one more layer of protection from entries being changed unobserved.
While QuickBooks is just as secure as any other accounting program, no software exists to guarantee that your business will not fall victim to fraud. It’s important to watch out for areas, like those mentioned here, that could expose you to risk if you have a dishonest employee.
If you have any questions about how you the use of QuickBooks at your company, ask your Rea professional to introduce you to one of our QuickBooks ProAdvisors.