« Follow the Missing Checks | Main | Don't Pass on Passwords »
Sunday
Nov072010

How to Breach QuickBooks Access Protection

DateSunday, November 7, 2010 at 06:06PM

If I were the type of person who was intrigued with tattoos I’d probably have the words "segregation of duties" on my arm surrounded by a heart.  (Trust me, there's no danger of this actually occurring, it was just a thought.)  It’s not the only component of internal control that’s important, but it’s an action you can take that immediately provides a layer of additional protection.  This protection is from both errors and abuse, so the benefit to your business is quickly larger than the effort expended.

Quickbooks provides a tool for de facto segregation as you set up a new user.

 

Creating different access points for different users is the obvious intended use of this feature.  I'd like to highlight one other important component of this selective access capability.   You can configure rights for existing transactions.  This option controls the users ability to manipulate existing transactions.  In particular this feature stops the user from changing or deleting a transaction, even if he or she created it in the first place.    This is one case though, where the fine print is really important.  Here’s the key info directly from the QuickBooks 2010 Manual.

 - Note: If you do not give a user permission to delete transactions, he or she can still delete a transaction they create as long as it was created during the same QuickBooks session.

 The emphasis is added.  So if your bookkeeper leaves QuickBooks open and just puts the computer in power save mode rather than turn it off, the session never ends.  You’ve put in the safety feature, but it’s in effect disabled. 

This is a vivid example of why it's important to consider your control environment, not just the technology.  The software protection can only take you so far.  Having policies and procedures around how financial recording and reporting is done is a key success factor for internal control.  Consistently enforcing and practicing them is another equally essential step.  The combination is a winner each and every time.  Remember, a thief only has to get lucky once. 

 

AuthorJudith Herron-Arango | CommentPost a Comment |
tagged , , in

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.