QuickBooks Internal Controls
  Follow us: Follow QBalance QuickBooks Help on Twitter Follow QBalance QuickBooks Help on FaceBook QuickBooks Help Blog
QuickBooks E-News for Small Business
QuickBooks Solutions 800-216-0763

I'm a small business with few employees, what are some internal controls that will help me protect my business against fraud?  

Internal controls are financial checks and balances designed to protect your organization.  They are intended to make sure money is being spent as planned. Controls also provide some assurance that money or valuable assets do not disappear and that mistakes do not occur. It is managements responsibility to design procedures and programs that will prevent, deter and detect fraud.

Types of control procedures include
Segregation of duties
Policies that authorize and verify transactions
Establishing a corporate code of ethics and communicating these ethics including a policy on encouraging whistleblowers. Determining the risk of theft that exist in each sector of the business 
processes including all phases of the purchase cycle and sales cycle.
Setting up processes and systems that support the exchange of only the information in a form and time frame that enable people to carry out their responsibilities.  Set up policies that keep insider information from leaking  
to competition. Procedures that monitor if the control procedures are working.

Internal controls protect:
 Physical assets (property, plant, equipment)
 Intangible Assets (customer lists, and proposals)
 Discourage fraud, theft and waste.

Some internal control procedures are designed to discourage errors or irregularities before they happen.  These controls are supported by other controls designed to identify an error or irregularity after it has occurred.  The most effective internal control procedures require that no one person handle all aspects of a financial transaction. When you hear about fraud cases, very often you find a trusted employee was give too much control and not enough supervision. Types of common fraud schemes small business encounters includes accounts payable/billing fraud (issuing payment for fictitious goods), check tampering (altering or forging checks) , corruption, cash larceny (cash stolen after the cash has been received by company but before deposited at bank), cash on hand theft, expense reimbursement fraud, skimming (cash stolen before it is received by company), payroll fraud, financial statement fraud, disbursements fraud (entries into the register to conceal theft of cash). It is difficult to defraud someone who has enough knowledge to recognize the warning signs that fraud may exist, so read on, while it is not always possible to segregate duties in a small company, here are some that are:
Internal Controls Procedures
  • The owner should never give up check signing authority or online pin access to another employee. And source documents (bills, receiving tickets, purchase orders) should be presented and reviewed during the check signing process. Have someone other than the person who printed the checks, stuff the envelopes and mail the checks to prevent altering.
  • Bank Reconciliations should balance and be performed timely.  Statements that consistently do not reconcile may be an indication of sloppy bookkeeping or a more serious indication of employees helping themselves to company assets.   Unreconciled differences will appear in a QuickBooks equity account "opening balance equity or reconciliation discrepancies on the P&L". Check this account regularly, except for QuickBooks set-up transactions, this account should not hold any transactions. Review bank statements very carefully, check for unfamiliar fees charged by third parties, and check bank statements online at least twice a month. Have your bank mail the bank statement and all correspondence to the owners home address or a PO box- this can deter attempts to alter or remove fraud transactions from the statement). Research any uncleared transaction older than 30 days.  These could represent duplicate entries or a fraudulent transactions.
  • Download your banking transactions regularly and research transactions that are not already entered into QuickBooks.
    Fraudsters might transfer money between company accounts before dipping into the account attempting to avoid detection due to lower bank balances.
  • Print every reconciliation report and file with the original bank statement.
  • Bank balance adjustments should require approval from an employee other than the individual(s) entering the transactions.
  • Periodic review of the checking account register by the owner/controller, will deter thoughts of misdeeds. Create and memorize the following QuickBooks report for this purpose:
    • Reports Menu > Company & Financial Reports > Balance Sheet Standard
    • Drill down on the checking account balance
    • Modify the date range
    • For companies that assign customer names to expenses: Modify Report and include the payee by placing a check next to "source name"
  • Periodically, run an expenses by vendor detail (found under Reports menu > company & financial).   Look for multiple (or double) bills/payments to the same vendor, especially credit card vendors where the fraudster would apply the payment to a personal credit card account.
  • Keep blank checks locked up, account for missing numbers and periodically inventory the remaining stock. Review the petty cash reconciliation including receipts. Have someone reconcile petty cash when it gets low that is different from the person who has access to the petty cash key. Check tampering accounts for 15% of all employee fraud, where an employee steals blank company checks and makes them out to themselves or an accomplice.
  • Review the following reports under accountants report group in QuickBooks
    "Voided/Deleted transactions"  - Look for supporting voided documentation
    Make a policy that all voids, returns, refunds should require management approval, or be reviewed daily by management.
    "Closing Date Exception Report"- determine why the changes were needed
    "Audit Trail report" - look at changes made to transactions
  • Have an  Employee Handbook that includes a policy that all cases of fraud will be prosecuted, with a zero tolerance. Value company integrity.  Workers who observe illegal or unethical conduct at their jobs during the previous year are more likely to rationalize fraudulent behavior. So keep a squeaky clean office and speak openly with employees about theft and dishonesty.  Set up a anonymous hotline for other employees to report fraud without fear of consequences, then take prompt action to investigate reports. A study by KMPG showed that only 4 in 10 of individuals who suspected that colleagues were committing a fraud, stood up to the plate and reported the infraction. Fraud is a serious accusation and if a colleague does not have proof but simply a suspicion and if being wrong results in job loss or demotion, or,  a fear that having knowledge may backlash into being considered as a co-conspirator, are all fears that hinder a potential whistleblowers from coming forth. Create policies in your employee handbook that reward information on nonconforming business practices.  Assure employees that all reports will be fully investigated and no action will be taken until proof is obtained.
  • Find a means for dissatisfied employees to voice their frustrations.  The motivation for many fraud cases is 'getting back/even' with the employer.
  • Track all assets (computers, telephones, equipment, furniture by employee/location and have employees who leave the company return all assets.
  • Review accounts receivable aging report monthly and identify transactions over 30 days. Review documentation of collection efforts and select several random customers to make collection calls to. Require all credit memos be approved in writing by the supervisor and filed with the invoice. For credits/refunds for website purchases, spot check the documentation for all returns, calculate the % of refunds to sales and look for spikes.  Run a report containing only credit memos and review frequently. audit/spot check 1 or 2 a month to make sure procedures are being followed.  Reports > transaction detail report > modify >
    filter tab > select transaction type > select credit memo> click on display tab, add the item field.  Memorized for easy access.
  • Downloaded debit and credit card transactions should be matched to a paper receipt submitted by the person responsible for the charge. Have a separate credit card number for each person authorized to spend on behalf of the business for accountability. Analysis of gas purchases- or budgets/limits set for gas purchases is a good idea to help deter employees filling their vehicles for personal use.
  • Consider installing a computer monitoring software that enables employers, employees and parents/guardians to audit computer use through activity tracking. How much time do your employees spend on the internet?

  • A typical fraud scheme is where an employee creates a payment to a nonexistent vendor or a company controlled by the employee. In these situations it is common for the employee to have the checks mailed to his/her personal residence. Before adding a vendor to the vendor list, make sure they exist - check the phone book to see if they are listed and call them.  Make sure the same employee who is authorized to set up new vendors does not have check-writing or check-approval authority. Periodically run a list of vendor addresses against a list of employee addresses to see if there is a match and lookup in phone book or run an internet search to see if they can be found. (QuickBooks Enterprise edition offers a list of 115 permissions you can choose from when setting up user permission access - We sell, install and implement QuickBooks Enterprise, call us for more information 800-216-0763)
    Reports menu > Lists > Vendor> Sort by field address one
    Make sure you review Inactive vendors as well, as a fraudster can activate the vendor
    make a payment then inactivate the vendor.
  • Payroll fraud accounts for 10% of business fraud cases, be sure to divide payroll tasks between two trusted employees who are responsible for data input and the review process. Make sure all payroll information is totally secure and password protected. Don't write passwords down or make them too easy to hack.  Red flags  that would suggest review are high federal or state payroll taxes; or a payroll provider that delivers multiple packages during the payroll period.
    Honest employees don't know what fraud looks like.  Educating employees on what a dishonest employee can do will help to create policies that will discourage and uncover any fraud actions.  For example:  Payroll fraud includes paying employees for more hours than worked, paying overtime rates for hours not worked, setting up fictitious employees and creating paychecks, continuing to pay employee's that have been terminated (perpetrator will intercept and cash the check) and while you would think the terminated employee would recognize an inaccurate W2, this is not reality, as long as they receive a tax refund at year end, they are happy.  Sit down with your employees and brainstorm for policies that help to prevent these acts from occurring.
    Run a report from QuickBooks and look for modified hourly rates
    Payroll item detail> modify > display tab - under columns as Qty and Sales price. Run report for last 6 months and review hours pd and hourly rate.
    Make sure all payroll rate changes are documented on paper and signed by the owner and filed in the employee's file.
  • Make sure every employee takes regular vacations. If fraud activity exists it is likely to be detected when someone else assumes the job temporarily.
  • If your employee is collecting payment at time work is performed, consider automating the process with Intuit Field service management, or giving employee consecutively numbered sales receipts which should be accounted for.  Consider random calls to customers to survey work performance and price of job. Keep statistics on number of incoming calls to the number of new job requests. Monitor to make sure work is not diverted to an employee "after hours", follow-up on inquiries that did not result in a work order placed.
  • Have someone other than the person preparing payroll deliver the paychecks to the employees. After the bookkeeper prints them, the owner signs them, then the owner or 3rd employee delivers the checks. Doing so will prevent the bookkeeper from printing checks to phantom employees as he/she will surely be questioned when phantom employee does not show up to collect his paycheck. .
  • Consider implementing job rotation to reduce the likelihood of an employee feeling secure in the fact that no one knows how to do his/her job
  • Print timesheets from QuickBooks and have the supervisor familiar with employees hours approve the time sheet and initial off on the overtime. If possible purchase an integrated time clock system. Without human intervention, time theft is difficult to accomplish. Technology has advanced to the extent that purchasing a time clock that uses biometric devices to confirm that the employee in only clocking themselves in and out.
  • A sophisticated employee knowledgeable in all aspects of payroll and payroll taxes could make a payroll liability adjustment, increasing federal and state withholding on their pay.
    This amount is submitted to the government agency without being transparent to the owner and then refunded to the employee at year end with the filing of his/her 1040 tax return. To prevent this from happening, running a report on payroll liability adjustments in QuickBooks and reviewing periodically will easily uncover this scheme.
  • Stealing cash register disbursements by voiding a sale or not ringing up a sale or an employee stealing cash from a vault only accounts for 3% of fraud cases. Tight inventory controls will help. For example - if you sell coffee - keeping inventory count on paper cups purchased and comparing to number of coffees sold will deter employees from failing to ring up coffee purchases.
  • Make frequent unannounced visits to the shop/warehouse, walk around and look at where stock is held and ask questions about stock located by the door, or separated from others of its kind.  Randomly open a few deliveries from vendors and compare against purchase orders. Randomly check a box prepared to ship to you customer and check against sales orders.  Require a form to be completed and approved when inventory is taken (damaged, samples or obsolete)  or purchased by an employee. Take physical inventory counts regularly and compare with amounts in QuickBooks. Employee theft of inventory accounts for 16.3% of all fraud cases. Write off obsolete inventory so changes in inventory values become more noticeable.. Consider installing security cameras to deter theft.
  • Run a profit & loss by month in QuickBooks for last 12 months and look at trends of spending.
  • Pay commissions on sales after payment from customer has been made. That will deter fraudulent activity to boost sales dollars and will enlist salesmen with the collection efforts.
  • 14.5% of all fraud cases involve an employee receiving payment from a customer but does not record the sale and embezzles the funds. A check for missing Invoice numbers
    (using Reports > Banking> Missing Checks Report > Switch account to Accounts Receivable) is a helpful report.
  • Consider having credit cards billed to the employee rather than to the company with a policy that the bill will only be paid if original receipts are submitted before the due date on the card. Set budget limits per card per type of expense to control how much can be spent. Set up the online banking feature for each credit card and download transactions daily/weekly. Early detection of abusive spending will save the company money!
  • Audit paid bills, randomly pull company records from the files and ask the responsible employee if they compared pricing, and verify if their are matching packing slips (signed by the warehouse staff with a date and time and notes as to condition of goods upon arrival) and Purchase Orders signed by authorized employee.
  • No more than 3 days of Undeposited Funds activity should appear in the make deposit window, weekly check online for the weeks deposit amounts be group customer deposits for checks and credit cards payments.  Old ungrouped deposits could be a result of error or an unscrupulous employee recording a fraudulent transaction or an employee stealing cash and checks from daily receipts before they can be deposited into bank.  Review the undeposited funds account and ensure that funds are being deposited into the regular business bank accounts (not fake accounts used to hide transactions)
  • Have someone other than the bookkeeper open the mail and log the checks received onto a deposit slip, then make a copy of the deposit slip and give one to the owner and the other to the bookkeeper. The owner should check the deposit slips against the bank statement
  • Watch out for employees making a claim for reimbursement of fictitious or inflated business expenses (claiming personal travel, meals as business).  Get receipts along with a log of discussions. Have a policy of randomly auditing an expense report by   calling the client who was entertained to verify the meeting took place - be sure employees are aware of this procedure. Setting budgets per expense type is also helpful.
  • Watch for business red flags and investigate promptly
    • New hires quit soon after starting
    • Vendors who insist on dealing with just one individual
    • Unable to identify the cause of lower gross margins or high overhead
    • Employees with unreasonable close relationships with suppliers
    • Photocopies of invoices and packing slips should be rejected. Only pay against original documents.
    • Customer complaints of missing invoices or transactions on invoices that were not ordered or received.
    • Employees that have external businesses may find your coffers to be a means to reduce their overhead.
  • Perform background checks on employees  Don't forget to check on your temporary employees as well,  Include employment verification, criminal and civil background checks, credit checks, drug screening, education verification and references checks.
  • Be aware of employee actions.
    • Are they living a life style not commensurate with their wage income? Is there unexplained wealth or sudden change in lifestyle?
    • Are they the first to arrive at work and the last to leave?
    • Do they show signs of reluctance to take leave? Are they taking vacations?
    • Are they adequately supervised?
    • Look into unexplained employee absences.
    • Are they repeatedly forced to manually make journal entries, batches, etc... that should have normally been handled by the system?* Staff under stress without a high workload - marked personality changes
    • Do they refuse promotion?

    Implement a support program at work that can assist employees struggling with mental/emotional health, family or financial problems. Conduct anonymous surveys to assess employee morale and find an outlet for employees to talk about pressures so management can find ways to alleviate pressures before they reach a boiling point.

    Don't hire individuals who may have the motivation (financial need) to embezzle  Ask potential employees these questions:

    • We do background checks on all finalists. Do you have any concerns about that?
    • We do a criminal check on all finalists. Do you have any concerns about that?
    • We contact all past employers. What do you think they will say?
    • Will your past employer tell us about any negative job-related issues?
    • Can you explain where you were during these gaps in your resume?

    A study conducted by by KPMG uncovered a few trends about about who the typical perpetrator of a fraud is likely to be:
    - directors/senior managers committed almost two  
      thirds of the 100 cases surveyed
    - 32 percent of fraudsters had been working for their
      companies for 10 to 25 years
    - 51% of fraudsters did not work alone

  • Password protect your QuickBooks file. Download our free QuickBooks passwords and permissions checklist
    Passwords, anti-virus software, and firewalls on computers should be maintained.
    Limit access to employee records to prevent Identity theft. Limit access to customer records to prevent Credit Card theft.
    Choose your administrator wisely. QuickBooks audit trail will track transaction history and prevent users from creating or modifying transactions undetected. Changing certain fields on a transaction that has been saved into QuickBooks triggers the audit trail to save a record of the change and the audit trail report will display in bold italics the value that has been changed and previous version of the transactions value.. If a user attempts to print or e-mail a transaction, by default QuickBooks forces the user to save the transaction first which posts to the audit trail. However, the administrator can override this preference (edit menu > preferences > general)  The following fields trigger an audit trail record
    Name, account, amount, qty, class, unit price, item, payment method, transaction type, transaction date, ship date, billed date, due date, terms, discount, payment terms, sales rep, document number, modifying user, reconciliation status, posting status. If the transaction was entered in a version prior to 2006 (without audit trail preference) converted to the current version, the audit trail report would show modified but it would not include a prior entry.
    The audit trail is not designed as an employee-tracking tool. It records changes made to transactions, but it does not track attempts to access areas of the program by people who do not have permission to use those areas. The audit trail does not capture changes to lists, (although client data review - a QuickBooks tool available to accountants)  will  display changes to the accounts, items, fixed asset items and payroll items, since the last data review
  • Back up your QuickBooks file and keep the backup off premises away from the harm of a disgruntled employee. Think about using the remote access in the QuickBooks Premier version to easily transfer data files to safe offsite locations
  • A few do's and don'ts to improve your internal controls:
    • Former owners may not make for good employees
    • Banks do not check the endorsement on each check you write, so make sure you make it a step in your monthly bank reconciliation. Look at checks made payable to unknown vendors or persons; checks made out in even amounts; dual endorsements; and checks to cash and to employees.
    • Segregate financial duties- approve payments, write checks, bank reconciliations, place orders, customer billing, apply customer payments, etc.
    • Have a complete written supporting  documentation for each financial transaction. Do not allow accounting to rely continuous verbal assurances from the employees who hold supervisory positions.
    • Zero Tolerance policy - Prosecute those who commit fraud. It will help deter future crimes from being committed.
    • If you uncover questionable transactions, and do not have concrete proof, take care before confronting an employee, a mistaken accusation will cause damage to employee moral and could result in a lawsuit. Consult with your attorney before taking action.
    • Do employees know what fraud looks like? Discuss the cost to the business of Fraud including lost profits, adverse publicity, job loss, and decreased morale and productivity. Select several individuals as ethics counselors so employees can seek advice when faced with a problem.
    • Auditing software is available to help detect fraud. In fact, beginning with the 2010 version of QuickBooks, you can subscribe to continuous auditing software fully integrated with QuickBooks, by clicking on "APPS" on your icon bar!

A ripe environment for fraud is when an opportunity arises that can be rationalized by the employee who has additional outside pressure or incentive to respond to that opportunity.  So keep the guard up with watchful eyes, always evaluating - is there opportunity? is there financial pressure or gain? is the employee content?.  Set the tone at top executive level of honesty.  Review periodically what areas of your business could be vulnerable to fraud, set policy and procedures, communicate to employees what is expected of them and then monitor to make sure policies and procedures are being followed. If possible have employees switch procedures on a irregular interval, making cover-up more difficult.   Don't wait for signs of fraud to grab your attention.  Doing so could mean significant loss of income to the company  Create proactive fraud policies that include procedures to aggressively seek out fraudulent conduct and insist that these procedures be conducted at regular intervals.  Doing so means you will reap the benefit of accurate financial statements from which you can make prudent business decisions, mistakes will be detected and the ramification of those mistakes minimized.

Click here for a Fraud control checklist and whistleblower hotline considerations issued by the
AICPA Anitfraud programs and controls task force

Review your policies and procedures regularly:
Identify who has access-
Who is responsible
How are records kept
How have work responsibilities been segregated
Determine if assets are adequately insured
Review manual processes to see if it can be automated
Identify areas where a weakness can encourage fraud


How can I print vendor telephone numbers and vendor contact information on my purchase orders?

The vendor file default fields for phone number and contact information can not be pointed to a purchase order.  But there is a work around that you will find acceptable 
                            Read more

Spend less time on bookkeeping with memorized transactions:

Set-up recurring transactions to record at regular intervals over a period of time.  Choose to record automatically or have QuickBooks remind you to record.   Or, if you prefer, just add the transaction to a list and recall it with one mouse click at any time.   A recurring transaction that has been set-up in QuickBooks is called a memorized transaction.  Memorized transactions reduce mistakes, keep better tabs of cash in bank and increase accuracy: Examples of recurring transactions include

Outgoing cash flows

  • Loan or lease payments, Monthly health insurance bills, Monthly electronic withdrawals from checking such as internet access payments or business insurance installment payments, Rent


  • Repeat sales to customers, Rent collections, Monthly installments payments due from customers, Tuition invoices

Purchases Orders

  • Orders that are repeated with many of the same items

Journal Entries

  • Monthly depreciation entries. Allocation of overhead to other departments

Estimates - if you frequently choose the same line items when creating a quote.

For more information on how to set up a memorized transaction, click here


Visit Us

Need a QuickBooks Tune-up?

Starting a new company file and need some direction?

Looking for a seminar in your area?

We provide help, support, training, & customizing to fit your needs

On-site or remotely


Subscribe to our newsletter

Have a QuickBooks question?

QuickBooks checks and supplies

Make 5 free pdf files for free



Whether you are 2 miles or 2000 miles from our office, technology has provided us with the means to solve your QuickBooks problems.

If you find this page helpful:

GMail users - -
please click on the plus one button in the top right corner of this page

Tweeters- re-tweet

Facebook users - tell your friends

 Bloggers - link back! 

Call us when you are ready to buy QuickBooks Enterprise and other software,  QuickBooks Support, QuickBooks Checks & Forms. 

 Thank you.

QBalance respects the personal nature of e-mail communication. Every effort is made to offer only information on products and services that may be of value to you and your business.  If you do not wish to receive this newsletter in the future, click remove and type "remove" in the subject line of the message.

Intuit, the Intuit logo, Quicken, QuickBooks Pro , among others, are registered trademarks of Intuit Inc., QBalance, LLC is not affiliated with Intuit.