Skip to content

Preventative and Detective Fraud Controls in Accounting Software

Nov 13, 2015


According to the Association of Certified Fraud Examiners, companies lose approximately 5% of annual revenues to fraud. Therefore, it is important for companies to secure their data and utilize preventative and detective internal controls within their accounting software to help decrease their potential losses due to fraud. Preventative controls discourage fraud from occurring, while detective controls identify fraud after it has already occurred.
One of the most important preventative controls is separation of duties. This is the division of 3 main functions:

  1. custody of assets, 
  2. authorizing the use of assets and 
  3. recordkeeping of assets.

It may be difficult to separate these three functions, especially in small companies. However, when properly implemented, separation of duties can make it difficult for fraud to occur. Internal accounting software can aid companies in implementing separation of duties. QuickBooks, for example, has the ability to create different login credentials, such as usernames and passwords, for all employees that have access to the accounting records. Restrictions can be unique to each account, allowing employees to only have access to the necessary information required for their accounting roles. In addition, login credentials for external accountants can be utilized to allow access to all areas of the accounting software, except for sensitive customer data, such as credit card numbers. Restriction capabilities are often available for sales and accounts receivable, purchases and accounts payable, checking and credit cards, payroll and employees, sensitive accounting activities, sensitive financial reporting, and changing or deleting transactions. A user can be limited to no access, selective access or full access to any of the sections mentioned above. Companies should be cautious and selective in allowing full access to employees, unless completely necessary.

Although login credentials can be set up to prevent a user from accessing or changing information, detective controls are still needed to ensure that fraud has not occurred. Majority of the internal accounting software programs offer an audit trail feature that cannot be disabled.  Specifically, QuickBooks offers reports labeled as “Audit Trail” and “Void/Deleted Transactions Summary.”  These reports will keep track of any transactions that will impact the financial reports or management information, such as names, dates, shipping location and bank reconciliation detail. The reports provide the check number, the action that occurred, the date and time the transaction was entered and last modified, as well as the transaction details.

All too often, internal controls are available but are ignored or overridden in the daily operations of the company. In a recent case involving a county utilities authority (“CUA”), the bank which held majority of the CUA bank accounts accused the comptroller of committing fraud. Prior to hiring our firm to investigate the fraudulent activity, the bank reviewed the comptroller’s business and personal banking activity and found unauthorized disbursements from the CUA bank accounts.  During our investigation, we noted significant internal control deficiencies that allowed for the fraud to occur. The comptroller had control over all of the accounting records and was able to easily override internal controls in place, as the employees in the accounting department never questioned any of the comptroller’s requests. This weakened the CUA’s protection against fraud that was strengthened by separation of duties. Because of the comptroller’s ability to control the accounting department and override the controls, the employee was able to commit fraud and steal from the CUA for approximately a year and a half before getting caught by the bank. The comptroller ultimately pled guilty for theft and was prosecuted.

Although preventative and detective internal controls within the accounting software cannot guarantee that fraud will not occur, it will make it extremely difficult for an employee to commit fraud if the proper controls are in place. If fraud does occur, the company may need a forensic accountant to help uncover any wrongdoings.


Contact EisnerAmper

If you have any questions, we'd like to hear from you.

Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.