The Audit Trail Report Hidden in Most Accounting Software

When it comes to fraud investigations, the Audit Report, found in most accounting software, is a very important tool. In years past, the Audit Report for software like Peachtree or QuickBooks could be turned off.  Today the Audit Log or Report operates automatically in most accounting software.  In my opinion, it is imperative to operate and maintain the Report by all companies using accounting software.  The following will explain how the Report is used by fraud investigators to determine cases of fraud.

In an investigation of a Non-Profit Organization (NPO) that was experiencing a decrease in cash flow; we found that the Chief Financial Officer (CFO) had created a “ghost vendor” to funnel money from the NPO to himself over a three-year period.  A review of the Audit Report for Peachtree delivered in Excel format revealed each person who had access to the system, and further identified that they each had their own sign-in.  A sort of the report by the sign-in list revealed that the CFO accessed the software periodically but only after the Accounts Payable Clerk signed off for the day.  At that time he entered an invoice in the accounts payable and went to the stored checks; the CFO removed one check, printed it, as well as the check register.  He then signed out of the software.

The CFO circumvented established controls by taking the actions above and printing a check to the “ghost vendor.”  Normal procedure was when the Accounts Payable Clerk (AP) used checks, she would then update the check log to show the number of the checks used, and the total amount of the checks printed.  The Accounts Payable Clerk then provided the checks with their related invoices to the CFO for his review and signature.  The checks and invoices would then be forwarded to another employee to be scanned and mailed out.  The invoices and checks for the “ghost vendor” were never scanned.  Additionally, the Accounts Payable Clerk just added the missing check and amount to her check log and did not question it.  At the end of the year, the CFO instructed his staff not to prepare Forms 1099 for the vendors.  This “ghost vendor” fraud by the CFO cost the NPO over $500,000.

Recommended Solutions:

  1. Checks in excess of an agreed upon number (i.e. $2,500) should require dual signatures.
  2. A committee should review vendors before adding them to the Vendor List.  Background information as simple as an Internet, Corporate Wiki, or Secretary of State search should be used to verify the existence of the company and who is involved; if necessary, delve further into the Vendor’s background.  (Vendor fraud is one of the leading methods of fraud according to the Association of Certified Fraud Examiners, ACFE.)
    1. Require a Form W-9 from all Vendors before issuance of a check.
    2. Accounts Payable Clerks should to be trained to look for anomalies from normal practices.
      1. In the above scenario, the AP Clerk input the Vendor on the same day the first check was issued to the ghost vendor.
      2. The AP Clerk was not confident how to code the expenditure because the Vendor was new. When the AP Clerk contacted the CFO, he said, ‘He would handle it.’  That response was not the usual response for the CFO since it appears he seldomly accessed the Accounting System.
  3. There should be a monthly review by a committee of any new vendors.
  4. Accounts Payable Clerks should always enter the number and amount of all checks on the check log and print a check register on the same day the checks are printed.  If the AP Clerk notices a check missing or one printed that she did not print, then she should email the CFO, Controller, and her immediate superior questioning what happened.  This will create a record of the anomaly that will require further review.  The secret nature of the issuance of the checks in the scenario above would have been revealed earlier with that scrutiny.  Also, reinforce the whistle blower hot line concept with employees.
  5. The accounting audit trail feature should always be active in the accounting software no matter what anyone says (CEO or CFO).  It needs to be an unyielding company policy.
  6. The Controller should review, at least monthly, the audit report exported to Excel and reviewed for anomalies.  The audit committee could review this information quarterly.
  7. An operational review from a fraud standpoint looking at procedures and internal controls should be done periodically to keep people alert.

If you or your client needs a knowledgeable retired IRS Special Agent, fraud investigator, and forensic accountant call Edmond J. Martin Chief Investigator, at Sage Investigations, LLC at 512-659-3179 or email edmartin@sageinvestigations.comand visit our website at  Sage Investigations is not a CPA firm and does not perform audits or attestation of financial statements.  If you need the services of a CPA in your fraud investigation we are associated with some very competent and experienced CPAs.