What gets monitored gets detected
Not too long ago, only large organizations with vast resources were
able to take advantage of technology to monitor their information
systems and aid in the identification of fraud and other anomalies.
But these days, as hardware and software have proliferated—and come
down in price—businesses of all types and sizes have software
configurations and tools at their disposal to implement continuous
The benefits of continuous monitoring go well beyond fraud detection.
For example, monitoring late payment charges may identify a training
issue that needs to be addressed. Monitoring sales returns may
identify quality issues that can be addressed earlier, rather than
later, saving not only money but also customer loyalty.
Here are a few simple ways that small and medium-size entities can
test the waters and get involved on a small but important scale. The
examples below may help you think through an organization’s processes
and uncover how continuous monitoring may help your organization.
Use security settings. Unfortunately, it is common
for users to have access to segments of an accounting system that are
not relevant to their jobs. With such access, the system often
provides an individual the opportunity to commit fraud without the
need for collusion.
Through the thoughtful application of security settings, you can let
the system monitor and prevent access to unauthorized processes that
allow a fraudster the opportunity to steal and cover his or her
tracks. Most of today’s accounting systems make this preventive
monitoring as simple as possible, by having predefined roles (e.g.,
accounts payable clerk) within the security setup. If the predefined
roles are not adequate, they can be tailored to a specific
QuickBooks, for example, not only permits assigned roles but also
allows changes to areas and activities that may occur within a role,
as well as providing the control of the access level (such as
printing, deleting, or changing customer information). For example,
you can control the access of an employee who may need to view, but
not change, a customer credit limit. Exhibit 1 shows how the role of
Accounts Receivable, with regard to “Customers & Receivables,” can
be set up for QuickBooks.
The only thing better than you monitoring the information system is
letting the system do the monitoring. As with any instance where the
system is performing the process, the monitoring can easily happen in
real time. The benefits can go well beyond the information system; you
can also use technology to effectively control and monitor physical
access to restricted areas of facilities where high-value items
including tools and inventory are stored. Based on the organization’s
needs and budget, locking devices are available with keypads, card
access, and biometrics.
Use built-in automatic electronic notifications.
Accounting software frequently has options to notify a specific person
if a predefined event occurs. It may be called a reminder or an alert
within the software, but odds are the capability exists at some level.
These alerts may be used in instances where you are comfortable with
the current status of roles, balances, or transaction recording, but
you want to know if circumstances change.
It works like this: User A has administrator status and can change
the rights for other users. You (or the person in your system security
role) should probably be notified if User A changes Co-Worker B’s
rights to change payroll rates. Automatic alerts can be set up to
notify people by email or other method when almost any event occurs
within the system. Exhibit 2 is an example from the Business Alerts
wizard within Microsoft Dynamics GP. The formula alerts management
when the general ledger checking account balance goes negative. It is
as simple as identifying the account within the database table and
specifying that you want to know when the balance is “<0.”
The wizard uses well-documented data fields. After you use it to
create one or two alerts, the simplicity and power of the tool is
revealed, as it allows you to monitor almost any data item that is
important to your organization.
Review adjusting entries. Using an integrated
accounting system should eliminate the need for almost all standard
adjusting journal entries. The general ledger should be updated
through the feeder systems, such as cash collections, sales, and
accounts payable. All automated adjusting entries that are above a
predetermined limit should be monitored and reviewed in real time, or
as quickly as possible after entry. If any adjustments are abnormally
high for your organization or there are a lot of adjusting entries,
find out why; then address the core problem so the underlying events
can be handled by the system that was implemented to make the
Once security settings are tied down, automatic notifications are in
place, and you are reviewing reports to identify potential anomalies,
then you should consider exporting data for some simple, yet
sophisticated analysis using third-party software. There are many
options, but for the purposes of this example, stick with tools your
auditor probably already uses—ACL and IDEA software.
Again, before the first process is implemented, you must determine
what specific accounts are critical to your organization, although
some areas, such as cash disbursements, are a point of risk for most
organizations. Here are a few items that you may want to consider
relative to disbursements:
1. Consider a Benford analysis. A Benford analysis
is based on statistical probabilities and, within accounting, is
usually used to analyze the first digits of monetary amounts. When
used to analyze cash disbursements, a Benford analysis helps identify
anomalies related to avoiding controls built into a system, such as
approval levels, as well as repetitive frauds in amounts that are
often “under the radar” of materiality. Typically, when fraudsters
make up monetary amounts, they do not consider the expected
distribution of the data set they are creating. One example of using a
Benford analysis is to raise red flags to help identify fraudulent
disbursements such as those that are slightly below a level that
requires another level of authorization.
ACL and IDEA include Benford routines, and they make it easy to
perform this analysis on a wide range of data sets. You can import
transactions into either software and run Benford procedures to
identify possible anomalies (where the actual distribution is not
equal to the expected distribution). Once the potential issues are
identified, inquire about explanations for the anomalies.
2. Monitor credit/debit card payments. Virtually all
credit/debit cards allow downloading of transactions for easy import
into software such as IDEA, ACL, or a spreadsheet. Monitoring can
include analysis of the data related to transactions. Data that might
prove interesting include employee weekend purchases or purchases at
vendors that are not consistent with the organization’s mission. If
you perform this type of analysis, be prepared to find things that
Real-life finds include racetrack charges discovered by simply
reviewing charges on the debit card of a small not-for-profit, and the
identification of cash advances made by an employee who was not
working at the time, discovered by reviewing the bank statement for
weekend debit card disbursements. The software can usually sort by
employee, vendor, and date. Providing cards (and other methods) for
employees to easily spend money is sometimes necessary—as is
monitoring how the cards are used.
3. Monitor sales returns. A variety of reasons can
trigger returns within a system, including inferior product quality,
overzealous salespeople, channel stuffing, and covering theft, to name
a few. Any of these items can hurt an organization’s reputation or
financial stability. By analyzing the data using standard reports,
spreadsheets, ACL, or IDEA, you can identify return-related trends,
which may raise questions regarding a manufacturer’s product quality.
You may also identify a specific relationship between a salesperson
and customer. You may, as in an actual case, identify a manager who is
recording erroneous returns after hours and keeping the money—which
may also result in inflated inventories as well as stock-out issues.
By monitoring transaction dates, times, employees, customers, vendors,
and items, you may identify issues that significantly affect profitability.
4. Monitor employee and payroll data. Two common
payroll frauds are overstatement of hours and the creation of fake, or
“ghost,” employees. To monitor for overstatement of hours, a system
can usually be configured to reject overtime hours without a
supervisor’s electronic approval; this electronic intervention is an
excellent preventive control. To identify ghost employees, you may
incorporate a routine that checks information on each new employee
against existing employees. Those checks should include the Social
Security number (SSN), address, bank routing number, and account
number. Obviously, two employees should never have the same SSN. A
duplicate address may merely indicate that roommates or family members
work at the organization, which, unless this is against company
policy, does not usually indicate a problem. But it may also be a sign
of a ghost employee. When a ghost employee fraud exists, it can be a
large drain on resources. The risk is higher if your organization has
remote locations or you have too many people for management to know
Another payroll-related area where monitoring may be useful is
employee benefits. Monitoring can apply rules to help identify
employees who do not qualify for, but are receiving benefits from your
benefit plan. For example, retirement plan matching amounts may apply
only to employees working more than a certain number of hours per
year. Monitoring the data can identify if the implemented controls are
working properly. Additionally, benefits monitoring can ensure
compliance with applicable government regulations.
5. Associate and monitor data from multiple areas.
To this point, this article has considered only single related data
sets. The power of continuous monitoring expands greatly when you
relate data across boundaries. One such example is using software such
as IDEA or ACL to link the employee master file to the vendor master
file. Matches between employee SSNs or addresses with vendor tax IDs
or addresses may indicate an employee who is also a vendor. While this
link may not be a problem, in some circumstances, it can help uncover
an employee who is not acting consistent with his or her fiduciary relationship.
The Importance of Monitoring: The COSO Perspective
Continuous monitoring can be used in many circumstances. When
monitoring controls and changes in controls, it can help improve an
organization’s governance. The Committee of Sponsoring Organizations
of the Treadway Commission’s (COSO’s) Guidance on Monitoring
Internal Control Systems supports using continuous monitoring
technology and reports tailored to an organization.
How can continuous monitoring help? According to COSO, if you
monitor, you are more likely to:
Organizations of all sizes should find the first three, and
possibly all, of these items very important when managing an
organization’s efficiency and effectiveness.
According to COSO’s Internal Control—Integrated Framework
(May 2013), using technology-based continuous monitoring techniques
may be an efficient and low-cost way to review large volumes of data.
When these techniques are embedded within a system, all business-event
transactions may be examined in real time, rather than the traditional
review of a subset of transactions after business events occur. An
ongoing evaluation program of controls may be efficiently and
effectively implemented using the embedded continuous monitoring
techniques along with thorough reviews of the results of monitoring.
Security settings can help track access to
information. Organizations can use security settings to
monitor and prevent access to unauthorized processes that allow a
fraudster the opportunity to steal and cover his or her tracks.
Automatic electronic notifications can raise red flags. Reminders and
alerts can notify a specific person if a certain condition exists.
Integrated accounting systems should eliminate most journal
adjustments. All adjusting entries that are above a
predetermined limit should be monitored and reviewed in real time, or
as quickly as possible after entry.
Monitor credit/debit card payments, sales returns, and payroll
data. Such monitoring could reveal purchases at vendors that
are not consistent with the organization’s mission, a specific
relationship between a salesperson and customer, or overstatement of
Associate and monitor data from multiple areas.
Matches between employee Social Security numbers or addresses with
vendor tax IDs or addresses may indicate an employee who is also a
vendor, which, in some cases, can identify an employee who is not
acting consistent with his or her fiduciary relationship.
Richard Dull (
) is an associate professor of accounting at West Virginia
University in Morgantown, W.Va.
To comment on this article or to suggest an idea for another
article, contact Jack Hagel, editorial director, at
Internal Control: Essentials for Financial Managers, Accountants
& Auditors (#731905, text; and #181859, DVD/manual)
Research & References of What gets monitored gets detected|A&C Accounting And Tax Services