Handling Fraud with QuickBooks Desktop | Cyber Security
Whether your accounting tasks are done on a single PC or you have multiple users working on different screens, it’s critical you make use of all that QuickBooks offers in terms of internal controls to tighten data security.
QuickBooks Desktop has progressively responded to evolving threats. It has been working on compatibility with multiple Antivirus solutions. It also has included Multi-Factor Authentication as a means of validating users, in accessing certain aspects of QuickBooks Desktop. To learn more about using MFA, review our article on account security. Less often discussed, though, is the existing reports and tools already in QuickBooks Desktop.
Here is a quick overview of how you can leverage these very tools in researching for existing fraud; and how you can prevent it. Since this is a walk through, feel free to use the comments section to bring up what you would like to be discussed further.
What Tools and Features are Already Available in QuickBooks Desktop to Help With Fraud?
QuickBooks Reports: Audit Trail
An audit trail is a very large report that displays every addition, deletion and modification of every transaction. In older versions of QuickBooks you could turn it on and off, but it’s permanently on now. Access the Audit Trail by going to “Reports” from the top menu, then “Accountant & Taxes,” then you will see “Audit Trail.” From the start, the immediately useful columns to look at are “entered/last modified,” and “Last modified.”
Because of its size, you’ll probably have to use QuickBooks’ filtering tools to zero in on the user and/or date(s) you’re looking for; you can start with clicking “Customize Report.”
Using the “Modify Report” window and its “Display” tab, you can customize the audit trail to specify a date range in which fraud may have occurred. You have the preset date ranges, but can always set a custom date range.
The toggle “Show Deleted Transactions, a recent addition to QuickBooks Desktop, can be strengthened by having historic backups. They will allow you, provided having the transactions available in them, to see the full details of those transactions having been deleted.
Clicking the “Filters” tab gives you the ability to get a much closer look at reporting data, zooming into specific pieces of data, like “item,” “account,” “Customer Type,” “Rep,” and so on.
Keep in mind, your audit trail won’t alert you when someone tries to enter a prohibited area, and it won’t detect changes to lists. Setting up permissions will help, but you need more than that; these will be discussed later in this post.
If the size of the audit trail is affecting your company file size and performance, you may want to look at a feature released in QuickBooks 2019 surrounding the Condense Utility. Briefly, whatever audit trail data you are opting to take out of the file will be archived in a backup copy during the process.
QuickBooks Reports: Closing Date Exception
The Closing Date Exception report is accessed in “Accountant & Taxes” within “Reports” from the top menu. It displays transactions having been changed ore entered, after the closing date was established. It will give the you the opportunity to see why those changes were made, and by whom.
QuickBooks Reports: Voided/Deleted Transactions
You will given the detail to every voided or deleted transaction in your company file. It will start displaying transactions having posted. To see all transactions, you can click on “Customize Report,” just as with any other QuickBooks reports. From there, you can go to the “Filter” tab within the main “Modify Reports” window.
Within the “Choose Filter” text field, start typing “posting” and it should isolate to “Posting Status.” You can change the “Posting Status” you want on display to “Either,” so you can view invoices, bills, and sales or purchase orders; or any other non-posting transaction.
QuickBooks Reports: Expenses by Vendor
This report will help you look for irregularities, especially multiple payments made to a vendor in a short period of time. To start, it will show posting transactions – like bills, vendor credits, or checks. Like with any report, you can filter it to include non-posting transactions – like Purchase Orders. Though many companies may not use Purchase Orders in practice, they can aid in reducing occurrences where you may have been unaware of why your company was given a bill from a vendor.
QuickBooks Reports: Balance Sheet
Use the Balance Sheet to check account registers. You will start with an overview of a certain period of time. You can investigate anomalies around trends regarding your business’ asset value vs what it owes in liabilities. With the ability to see multiple instances of any report – especially with multi-monitor support available in recent versions of QuickBooks – you will be able to manage report comparisons more easily.
What Are Fraud Preventing Practices or Measures I Can Take Within QuickBooks Desktop?
QuickBooks Security: Password Protection
You undoubtedly implement financial best practices in your personal life. You reconcile your accounts. You don’t give your online banking password to anyone. And you glance through your recently-posted transactions on your financial institutions’ websites.
It goes without saying that you should password-protect your QuickBooks company file and change the password regularly, even–and especially–if you are the entire accounting department. Even though QuickBooks will automatically (upon recognition of sensitive information in your company file) force you to set a complex password; and change it every 90 days, you may want to change it more frequently. It’s important to protect yourself from external fraud too. We can do a review of your security procedures and make suggestions.
QuickBooks Security: User Roles and Permissions
Know who your employees are (consider running background checks) and, if you can, rotate the duties assigned to accounting staff. If you have only one person managing all of your bookkeeping work, conduct an even more thorough background search: credit, references, and criminal activity.
QuickBooks Security: Working With Your Employee List
To help determine permissions settings, you can look to your QuickBooks Employee List. You can customize it to include a custom field, or a set of custom fields. You would map out a set of criteria and, based on that, determine if a specific employee should be given access at all, and to what degree.
The way a screener will use this is set the flags for the properties listed. You can add multiple attributes to flag, also. In this example, you can add another one to include a flag for QuickBooks Access. If you want to be detailed, you can use multiple facets to QuickBooks access.
Working with these flags and attributes will quickly bring user permissions into the picture. Reason is you likely will only want to provide view access to certain users, while eliminating access altogether for others.
QuickBooks Security: What Tightening Access May Look Like
In this, we see how employee access is completely inaccessible for that specific role. It wasn’t modified at all. If the user in question was to log into the file, attempting to access those areas having no access to will receive the following response:
This image implies the user has already seen the basic list of employees for the company, meaning it has view access of QuickBooks’ “Employee Center.” You can easily remove that view access, by going into a different area within the process of editing a user role. In this case, it will be in “Centers.”
You can click “None” in the “Activity Access Level” section. Clicking OK confirms the change looking to be made. The next time the user logs in, trying to access the “Employee Center” itself, it will be provided a slightly different response.
Say you do need to further customize access levels for every user in the company file: look into setting up individualized roles for each user. To make things easier during this process is copying the role closest to role you want to set up for users, as opposed to making an entirely new role from scratch.
All that’s needed is to highlight a desired role to copy, and click “Duplicate.” From there, you can start making necessary changes to distinguish the copy from the source.
In case you didn’t notice them in “Area and Activities,” specific sections have asterisks to the right of them. At the bottom of the window, there is a clear explanation about what those signify: unrestricted access to view all transactions, including payroll. To take advantage of this feature, you will want to get your business on QuickBooks Desktop 2019.
Putting Everything Together to Handle Fraud Using QuickBooks
Make sure all employees understand the definition and consequences of fraud. Let them know about the steps being taken to prevent it, but do some unannounced auditing on your own. Include a session on fraud in orientation and get current staff up to speed. Explain that this is necessary for their protection, too. Make it easy to report fraud anonymously, with no fear of repercussions.
You have the reports to see if fraud may be happening in your business. You also have the ways to control access levels – in terms of viewing, creating, and editing properties. You have a way to work your “Employee List” by managing custom fields to determine who can have access, and to what degree.
This may seem like a lot of extra tasks in your workday, but imagine the time you’ll lose tracking down fraudulent activity if it occurs. So spend a fraction of that time upfront.
If you have questions on this subject, or anything else accounting or QuickBooks related, give us a call or email. We’re here to be your partner.
With our recent pickup of Dawn Brolin and her team at Powerful Accounting, we’re excited to have her present on Fraud in Our Industry – as part of Out Of The Box Technology. It will take place on October 1, 2019 via webinar format. What’s more is you will be able to earn CPE credit for attending the webinar live.