Is QuickBooks Causing a Weak Audit Trail?

Audits in Quickbooks

When you notice that numbers in the books have mysteriously changed, it is likely not a glitch; it’s probably a manual entry that was rewritten. Many basic accounting software programs, QuickBooks included, allow any user to login and edit data at will, without any restrictions or an audit trail. Unless you keep a close eye on your data, these seemingly small changes can create larger problems – inaccurate numbers and skewed data. Imagine being unable to fulfill a sales order because the “available” inventory was incorrect. Or worse, having inaccurate reports causing your business to go in the wrong direction and introduce a whole new level of risk. Not to mention the nightmares caused during audit time!

Lack of Financial Controls and Audit Trails are Putting You at Risk

Audit Trail in QuickbooksWhen changes are made in QuickBooks, do you know why those changes were made? When they were made? Or even who made that change?

If the answer is ‘no’ you may be putting your business at risk. You won’t always be there, but not knowing who is making decisions on your behalf (or even having the ability to authorize the appropriate decision makers within your organization) makes it difficult to have the proper control to protect your business. In addition, not having insight into certain decisions makes it difficult, if not impossible, to verify the reasons for the changes or the integrity of the resulting data. You know you’ve outgrown QuickBooks when you can’t trust your data to provide a complete financial audit trail.

QuickBooks does not enable users to set fine-grained permissions for different types of users. The controls are activity-based rather than permissions-based, so if a user can edit invoices, they can edit any invoice connected to any account. Further, the audit trail is transactional only, and does not record login/logoff, or changes to master records. The transactional audit trail can be circumvented in some cases, or can be entirely deleted or cleared!

Stop the Madness

Protecting your data and putting the right controls in place is not only possible; it’s easy with a business solution like Microsoft Dynamics or Acumatica. You can restrict access to confidential or sensitive portions of your data, such as proprietary data or customer credit card information. You can also provide each of your users with access to the software features that pertain to their immediate job tasks and restrict access to the remainder of your data and functions.

Electronic audit features within the “next step up” software solutions will track data changes, as well as control them. With the introduction of forms requiring approvals for certain types of data changes or by creating alerts to notify managers and directors with each occurrence, records maintain their integrity. An archive of all data changes can be maintained to protect data integrity, ensure compliance, and reduce the chance for human error.

Though most “next step” solutions perform the same basic functions, the best ones can be customized for your unique needs. For example, Microsoft Dynamics 365 Business Central allows the user to set up as many “business units” as possible, then assign permissions within them. Acumatica allows for the dashboards and permissions to be completely customized, and is intuitive enough that you don’t need to involve tech support (though, working with the right VAR partner ensures that you can call them for support, if you need it!) Customizing access, dashboards, views, etc. ensures that no user can access or change data on a whim – meaning your paper trail is easy to follow, and your audits are airtight.


Leave a Reply