Ledgers Data Manipulation Detection and Fraud Prevention

Version Relevance: All versions (although some functions mentioned are post-V3.1008)

Issue: I want to ensure that my accounts are not being abused. What are your recommendations?

Jan 24th, 2012

Feedback: There are a number of review tools available to establish if and by whom low level ledger data manipulation has taken place.

Data Peek and Poke Logging

From version 3.0008 (May 2007) we introduced Data Peek and Poke logging. This records a session of Peek and Poke activity in the Period Activity Log (File -- System Manager -- Period Routines, then Print Activity Log).  The activity code is XXXX and the comment shows the file(s) poked with the number of field updates, record deletions and additions performed in the form "PandP: VISION:TRAFILE: 23xU 1xD 0xA" meaning 23 field updates (where data has changed), 1 record deletion and 0 record additions. This does not show the changes made to the data but it does show that some manipulation has taken place, when and by whom. For obvious supervisory reasons this capability of the system is best kept confidential.

Using Peek and Poke to manipulate account transaction data may, AND ONLY rarely, be useful in correcting data corruption. It is never useful, potentially destructive and can cover fraud when it is carried out to "correct errors". Under all circumstances any Peek and Poke of the TRAFILE requires subsequently running File -- Advanced -- Reset Data Files, then Reset General Ledger Balances. Modifying transactions to move them in or out of closed periods, or any value changes in closed periods, is especially destructive.

Ledger Audit Tools

There are a number of useful tools available to check ledger integrity besides the basic balancing tests: A/R and A/P Control Analysis and G/L Review Account List. These are all located on right of the Reports and Analysis tab pane of the Ledgers -- Ledger Manager -- Audit Trail window. Some have been introduced only recently (2011).

History Integrity looks through the selected closed periods and compares history values (those set at month-end and used in financial statements) with the underlying transactions. For periods that have been archived will inevitably show a disparity as some transactions will have been deleted in the month-end process. But for recent closed periods where no archiving has been processed, under normal circumstances the transactions should always add up to the history from which it has been set at month-end. If not transactions or history has been changed after the month-end process, probably by peek and poke activity.

Transaction Id Check looks for missing Transaction Id numbers (TRASEQ) which indicates transactionS have been manually deleted. In normal operation no transactions should ever be deleted, other than when archiving takes place at month-end. Deleting transactions leaves no trace other than missing Id numbers in the file. If the datafile is re-created using Data Fix all transactions are re-numbered sequentially, so this analysis is only useful for datafiles that have not been recently Data Fixed.

Future G/L Balances looks at all transactions in the current and future periods only and identifies any future imbalances.

How to Avoid Ledger Problems and avoid Fraud

The following are recommendations for sensible management of Ledger activity:

  1. Have a rigorous security policy with appropriate function access privileges. Passwords should be sensible and users should be discouraged from using colleague's user IDs. The Ledgers -- Ledger Manager, File -- System Manager and Advanced menus should have highly restricted access and Special Functions should be extremely restricted.
  2. You should use Ledgers -- Accounts Receivable -- Control Analysis, Ledgers -- Accounts Payable -- Control Analysis and Ledgers -- General Ledger -- Review Account List should all be checked regularly for any imbalances. Imbalances should always be investigated and resolved when found.
  3. Bank and Cash accounts should be routinely and regularly reconciled so that cleared balances match bank statements or cash boxes. This is the best check that competent management of the accounts is taking place. In effect normal trading activity always moves through bank or cash accounts and reconciling it with externally reported values confirms the veracity of the book-keeping.
  4. Top enterprise executives should always scrutinise monthly P & L Statements and Balance Sheets, comparing them with both past results and expectations. Spotting errors or miss-judgements by staff is easier identify and investigate soon after problems occur rather than month later.

Avoiding fraud by a determined insider can be tricky. The temptation is to trust, as it should be. But there are simple ways of making fraud less likely without imposing a culture of suspicion. These are our recommendations:

  1. Manage the accounting functions as recommended above, particularly the security in 1.
  2. Spread functions across different staff members if possible. Opportunists rarely operate with others.
  3. Know your suppliers, particularly service suppliers.
  4. Check for Peek and Poke activity (see above). There should be no need for it without very good and documented reason.

Chris Ross - Caliach Consultant