Strengthening Fraud Prevention with Accounting Software Controls

According to the Association of Certified Fraud Examiners (ACFE), organizations lose approximately 5% of annual revenues to fraud. The ACFE’s 2024 Report to the Nations indicates that more than half of occupational frauds occur either due to a lack of internal controls (32%) or an override of existing controls (19%). These statistics demonstrate that companies need to both establish and enforce the use of internal controls to help mitigate the potential for losses related to fraud.  

Understanding Fraud Concealment Methods 

Three of the top 10 methods of fraud concealment relate to the accounting system:

• Creation of fraudulent transactions 
• Alteration of transactions 
• Deletion or omission of transactions 

Similarly, fraud concealment methods may involve journal entries, specifically the fraudulent creation, alteration, deletion, or omission of entries. Since fraud can be concealed within your accounting software, it’s critical to leverage preventative and detective controls at every possible step. Preventative controls discourage fraud from occurring, while detective controls identify fraud after it has already happened. 

Preventative Internal Controls & Reduction of Fraud Risk 

One of the most essential preventative controls is the segregation of duties. This is the division of three main functions: 

• Custody of assets 
• Authorizing the use of assets  
• Recordkeeping of assets 

Segregation of duties reduces fraud risk since it divides up responsibilities for key processes and makes it more difficult for employees to commit and conceal fraud. For example, if an employee has custody over a check, can authorize and cash it, and performs accounting services like recordkeeping, then there is ample opportunity to commit and conceal fraud. Separating these duties between multiple employees can help your organization decrease fraud risk. It may be difficult to enact this change, especially in small organizations, but the potential benefits outweigh the challenges. 

Other preventative internal controls may include: 

• Access controls
• Authorization and approval processes  
• Safeguarding information and documentation 
• Verification of data entry accuracy 

Even with the implementation of preventative controls, detective controls are still needed to discover any potential fraud quickly. The ACFE reports that companies with anti-fraud controls, including active detection methods, have quicker detection of fraud incidents and more effectively mitigate losses from the fraud. 

Key Accounting Software Features for Fraud Control 

Leveraging your accounting software’s fraud control capabilities is crucial to help your organization prevent and detect fraudulent activities. These software solutions incorporate advanced features such as transaction monitoring, segregation of duties, and real-time data analysis to identify anomalies and potential fraud risks. 

What Are Preventative Controls in Accounting Software?  
Many preventative internal controls exist within popular accounting software, helping organizations implement separation of duties and access controls. Sage Intacct, for example, enhances internal controls by imposing user-specific restrictions. Each person is assigned as a named user, creating a detailed audit trail within the system. User definitions dictate everything from viewing and editing reports to AP approvals and dashboard access. This separation of duties, combined with other advanced IT and security features, helps create a more secure and controlled environment. 

The Role of Audit Trails in Fraud Detection  

Although login credentials can be set up to prevent a user from accessing or changing information, these restrictions cannot prevent fraud entirely. Most accounting software programs include an audit trail feature that cannot be disabled. For example, QuickBooks offers reports labeled “Audit Trail” and “Void/Deleted Transactions Summary.” The audit trail records the following information: 

• Relevant dates (e.g., the date a transaction was entered and the date(s) the transaction was modified) 
• User who entered the transaction and/or modified the transaction 
• Change type 
• Details regarding the transaction including the original transaction 

Management or forensic accountants should review audit trails. The information within this report will aid in a fraud investigation by identifying suspicious transactions and the individual(s) who modified transactions.  

Additional Detective Controls in Accounting Software 

Most accounting software contains standardized reports and capabilities, which companies can utilize as detective controls. Bank reconciliations and other reports should be generated and reviewed regularly.  Examples of reports that may exist in accounting software include: 

• Missing checks report, which identifies missing and duplicative transaction numbers
• Aging reports (accounts receivable and accounts payable), which can be used for trend detection and analysis to determine anomalies from established patterns or acceptable thresholds 
• Reports related to bank reconciliation process including a reconciliation discrepancy report, which shows any transactions which were changed since the last reconciliation. 

Best Practices for Implementing Internal Controls 

Organizations of any size must implement and enforce internal controls to reduce fraud risk. Consider taking the following steps: 

• Conduct a fraud risk assessment. Consider hiring a forensic accountant to aid management in determining risk areas and recommending appropriate controls. 
• Segregate duties to the best extent possible. Complete separation may not be possible, but companies may benefit from reducing instances where a particular individual has complete control. 
• Utilize automation features in accounting software. 
• Monitor records. Utilize features within accounting software to monitor both the company’s transactions and the recordkeeping. 

Why Preventative and Detective Controls Are Essential 

Leveraging preventative and detective internal controls within your accounting software will make it much more difficult for an employee to commit fraud, but complete prevention is not guaranteed. If fraud does occur in your organization, seek help from a forensic accountant to uncover any wrongdoings. Having specific controls in place will aid both the organization and the forensic accountant in the fraud investigation. If your organization has experienced employee fraud, has detected any discrepancies, or needs to expand your preventative and detective fraud controls, contact us below.