You work hard for your money. Strong internal controls can keep it from disappearing unnecessarily.
You trust your employees or you wouldn't have hired them. That's what everyone says as they watch a valued staff member being hauled off in handcuffs.But I trusted him.
Whether your accounting tasks are done on one PC or you have multiple users working on different screens, it's critical that you make use of all that QuickBooks offers in terms of internal controls. You'll also need to establish some common-sense rules.
First Stop: Audit Trail
An audit trail is very large report that displays every addition, deletion and modification of every transaction. In older versions of QuickBooks you could turn it on and off, but it's permanently on now.
Because of its size, you'll probably have to use QuickBooks' filtering tools to zero in on the user and/or date(s) you're looking for. Go toReports | Accountant & Taxes | Audit Trail. Click Customize Report | Filtersto set up your search.
Your audit trail won't alert you when someone tries to enter a prohibited area, and it won't detect changes to lists. Setting up permissions will help (Company | Set Up | Users and Passwords | Set Up Users), but you need more than that.
Figure 1: Be especially careful when granting user access to areas that contain customer, vendor and employee information.
Run the Right Reports
Other QuickBooks features can help prevent fraud. Review these reports regularly:
- Closing Date Exception. Why were those changes necessary?
- Voided/Deleted Transactions. Is there supporting documentation? Should you be reviewing these daily?
- Expenses by Vendor Detail. Look for irregularities, especially multiple payments made to a vendor in a short period of time.
- Check registers. Use the Balance Sheet for this. Go to Reports | Company &Financial | Balance Sheet Standard and customize the report for the correct period and -- if necessary -- for specific customers, vendors and/or jobs.
Adhere to Best Practices
You undoubtedly implement financial best practices in your personal life. You reconcile your accounts. You don't give your online banking password to anyone. And you glance through your recently-posted transactions on your financial institutions' websites.
If your company is large enough that you have multiple accounting employees, you probably can't be as hands-on as you are at home. But you can still set up internal control procedures.
Figure 2: Debit? Credit? Reverse the transaction? No one should be making General Journal entries but you. It's easy to err here; talk to us before using this feature.
For example, if your company has grown to the point where you're removed from the daily workflow, you may still want to have approval rights for some procedures, like bank balance adjustments, refunds and credits, printed checks (you should still be signing them), timesheets and expense reports.
It goes without saying that you should password-protect your QuickBooks company file and change the password regularly, even -- and especially -- if you're the entire accounting department. And protect yourself forexternal fraud. We can do a review of your security procedures and make suggestions.
Reinforce the rules
Figure 3: Anyone in your company who has access to accounting data should have a background check.
Know who your employees are (consider running background checks) and, if you can, rotate the duties assigned to accounting staff. If you have only one person managing all of your bookkeeping work, conduct an even more thorough background search: credit, references, criminal activity, etc.
Finally, make sure that all employees understand the definition and consequences of fraud. Let them know about the steps being taken to prevent it, but do some unannounced auditing on your own. Include a session on fraud in orientation and get current staff up in orientation and get current staff up to speed. Explain that this is necessary for their protection, too. Make it easy to report fraud anonymously, with no fear of repercussions.
This may seem like a lot of extra tasks in your workday, but imagine the time you'll lose tracking down fraudulent activity if it occurs. So spend a fraction of that time upfront.