QuickBooks Audit Trail: Leveraging This Tool to Expose the Footprints of a Fraudster

Employers, if you use QuickBooks for your company’s accounting needs, you have a built-in tool for fraud prevention and detection at no additional cost to you: the QuickBooks Audit Trail.

What Is It?

If you’re operating a software version of QuickBooks, you have the capability to run a built-in report called the Audit Trail.  (For QuickBooks Online users, this report is called the Activity Log.)  The Audit Trail lists each accounting transaction and any additions, deletions, or modifications affecting the accounting integrity of the transaction.

What Does It Capture?

The Audit Trail captures each transaction as it is initially entered into QuickBooks and certain subsequent changes made to the transactions.  The Audit Trail may pick up changes to the following QuickBooks fields:

  • Transaction Date
  • Transaction Type
  • Account
  • Vendor/Customer Name
  • Amount
  • Quantity
  • Price

Additionally, the Audit Trail portrays the User ID under which the entry, deletion, or modification was made.  (This is only as valuable as you allow it to be.  See #3 in “What Steps Should I Take?”)

Is It Easy to Use? Yes!  This report comes standard with QuickBooks – it’s already built for you in the QuickBooks ReportCenter.  Just click a button to run the report.  And it couldn’t be simpler to read:

  • The Audit Report is grouped by unique transaction numbers.  It includes the initial entry of each transaction and any subsequent changes to that transaction.
  • When a transaction is modified or deleted, a “Prior” entry displays in system date/time order.
  • Specific changes to each transaction are in bold so that you can easily determine the differences from the prior version of the transaction.

So, I Can Use It to Prevent and Detect Fraud?

Definitely.  The QuickBooks Audit Trail is a powerful resource, and it’s right at your fingertips.  At Forensic Strategic Solutions (FSS), we frequently encounter instances in which the fraudster has used QuickBooks to conceal his or her embezzlement. But the footprints exist, and the Audit Trail exposes them.

Transactions that have been modified, unauthorized, deleted, reclassified, and reversed: these are what FSS President Ralph Summerford identifies in his March 2012 blog post as “anomalies” indicative of fraud.  The Audit Trail is the first report we run when examining QuickBooks files for potential fraud – it’s that valuable!

What Steps Should I Take?

As an employer, there are four simple steps you can take to be sure you leverage the capabilities of the Audit Trail to reveal the footprints of fraud:

  1. Enable It – In versions of QuickBooks prior to 2006, you have the option to disable the Audit Trail.  Later versions no longer have this option.  If you are operating on an earlier version, be sure the Audit Trail is enabled.
  2. Control It – Restrict QuickBooks user access so that no user has more rights than their job requires.
  3. Secure It – Enforce strict username and password security measures.  Each user should have a unique username, and passwords should not be shared.  Otherwise, the Audit Trail’s capability to track user activity is rendered useless!
  4. Monitor It – Periodically run the Audit Trail report to see what entries are being entered, changed, or deleted.  QuickBooks allows for reports to be easily exported to Microsoft Excel if you prefer to work with them in this format.

Now that you know about the usefulness of the Audit Trail, don’t let it go to waste!  It may just uncover some footprints…

Guarding Against Embezzlement Fraud: Defensive Measures

Now that you’ve gained valuable information from the first and second parts of our educational series, Guarding Against Embezzlement Fraud, we offer insight into defensive measures.

It is extremely important to understand the necessity of an adequately controlled investigation.  The moment embezzlement or fraud is suspected, steps should be taken to mitigate the company’s damages while assuring that the criminal activities cannot be repeated.

However, as with all investigations, there is a right way and a wrong way to approach embezzlement activities. When an employer has been financially victimized by an employee who is suspected of fraud or embezzlement, the defensive measures listed below should be followed. These steps should help a company avoid various legal landmines associated with an internally focused investigation.

  • Time is of the essence
    • Scheme has probably been in place for a while.
    • Financial impact likely much higher than it originally appears.
    • Management must mitigate the company’s losses by moving quickly to curtail further criminal activity.
  • Prompt notification
    • Contact insurance provider.
    • Failure to promptly notify the insurance company may void coverage.
  • Contact legal counsel
    • An attorney with fraud experience can be invaluable in developing and executing a litigation plan.
    • An attorney with employment experience can be helpful in guiding you through the maze of employer and employee rights.
  • Develop an investigative plan
    • Hire Certified Fraud Examiner (CFE).
    • Organize and review pertinent documents.
    • Conduct confidential meetings with management and staff to find those who will be useful to the investigation.
    • Arrange for identified individuals to be made available for interviews.
  • Preserve evidential materials
    • Assemble copies of computer data, files, and reports.
    • Secure all pertinent original data and catalog all documents.
    • Secure any related computer data or media.
    • Review plans with your attorney to search the employee’s desk and office to avoid making any mistakes.
    • Once an employee has been notified he/she is the subject of investigation, the employee should not be allowed to handle or remove anything from the office with the exception of personal items.
    • Don’t overlook offsite and remote computers this employee may have used for work-related purposes.
    • Restrict the employee’s access to company computers while changing all passwords to prevent unauthorized access or destruction of evidence.
  • Decide how to deal with the alleged perpetrator
    • Avoid the urge to terminate to avoid wrongful termination, defamation, slander or libel suits.
    • Retaining employees can be advantageous: (1) employees have a common law responsibility to cooperate with employers in a legitimate investigation and (2) may make obtaining records needed to prove fraud easier.
  • Know your employer rights
    • You have the right to conduct a fraud examination.
    • You have a responsibility to stockholders to investigate and recover any losses suffered via theft.
    • Laws regarding employee rights in the workplace do not have to hamper your investigation but do have to be followed.
  • Where there is smoke, there is fire
    • What may initially seem like a simple scheme may ultimately prove to be a much bigger operation with fraudsters inside and outside the company.
    • Common embezzlement schemes may involve outside vendors and associated accomplices.
    • Perpetrator’s first admission is likely only a small part of the whole story, so don’t stop digging too soon.

A successful outcome when embezzlement fraud is discovered requires interplay of many diverse elements, not to mention a delicate balance between the rights and responsibilities of both the employer and the employee.

Hiring seasoned professionals on the legal and accounting fronts will help an employer avoid missteps that could result in further loss of revenue and assets. Professional assistance may also prove helpful in identifying failed accounting procedures and remedial actions.

Finally, a professionally managed fraud investigation is often a major catalyst in protecting the employer from further fraud, embezzlement, and related criminal activities.