What gets monitored gets detected

Continuous monitoring ideas for small and medium entities

Not too long ago, only large organizations with vast resources were able to take advantage of technology to monitor their information systems and aid in the identification of fraud and other anomalies. But these days, as hardware and software have proliferated—and come down in price—businesses of all types and sizes have software configurations and tools at their disposal to implement continuous monitoring techniques.

The benefits of continuous monitoring go well beyond fraud detection. For example, monitoring late payment charges may identify a training issue that needs to be addressed. Monitoring sales returns may identify quality issues that can be addressed earlier, rather than later, saving not only money but also customer loyalty.

Here are a few simple ways that small and medium-size entities can test the waters and get involved on a small but important scale. The examples below may help you think through an organization’s processes and uncover how continuous monitoring may help your organization.

Use security settings. Unfortunately, it is common for users to have access to segments of an accounting system that are not relevant to their jobs. With such access, the system often provides an individual the opportunity to commit fraud without the need for collusion.

Through the thoughtful application of security settings, you can let the system monitor and prevent access to unauthorized processes that allow a fraudster the opportunity to steal and cover his or her tracks. Most of today’s accounting systems make this preventive monitoring as simple as possible, by having predefined roles (e.g., accounts payable clerk) within the security setup. If the predefined roles are not adequate, they can be tailored to a specific organization’s needs.

QuickBooks, for example, not only permits assigned roles but also allows changes to areas and activities that may occur within a role, as well as providing the control of the access level (such as printing, deleting, or changing customer information). For example, you can control the access of an employee who may need to view, but not change, a customer credit limit. Exhibit 1 shows how the role of Accounts Receivable, with regard to “Customers & Receivables,” can be set up for QuickBooks.


The only thing better than you monitoring the information system is letting the system do the monitoring. As with any instance where the system is performing the process, the monitoring can easily happen in real time. The benefits can go well beyond the information system; you can also use technology to effectively control and monitor physical access to restricted areas of facilities where high-value items including tools and inventory are stored. Based on the organization’s needs and budget, locking devices are available with keypads, card access, and biometrics.

Use built-in automatic electronic notifications. Accounting software frequently has options to notify a specific person if a predefined event occurs. It may be called a reminder or an alert within the software, but odds are the capability exists at some level. These alerts may be used in instances where you are comfortable with the current status of roles, balances, or transaction recording, but you want to know if circumstances change.

It works like this: User A has administrator status and can change the rights for other users. You (or the person in your system security role) should probably be notified if User A changes Co-Worker B’s rights to change payroll rates. Automatic alerts can be set up to notify people by email or other method when almost any event occurs within the system. Exhibit 2 is an example from the Business Alerts wizard within Microsoft Dynamics GP. The formula alerts management when the general ledger checking account balance goes negative. It is as simple as identifying the account within the database table and specifying that you want to know when the balance is “<0.”


The wizard uses well-documented data fields. After you use it to create one or two alerts, the simplicity and power of the tool is revealed, as it allows you to monitor almost any data item that is important to your organization.

Review adjusting entries. Using an integrated accounting system should eliminate the need for almost all standard adjusting journal entries. The general ledger should be updated through the feeder systems, such as cash collections, sales, and accounts payable. All automated adjusting entries that are above a predetermined limit should be monitored and reviewed in real time, or as quickly as possible after entry. If any adjustments are abnormally high for your organization or there are a lot of adjusting entries, find out why; then address the core problem so the underlying events can be handled by the system that was implemented to make the organization efficient.

Once security settings are tied down, automatic notifications are in place, and you are reviewing reports to identify potential anomalies, then you should consider exporting data for some simple, yet sophisticated analysis using third-party software. There are many options, but for the purposes of this example, stick with tools your auditor probably already uses—ACL and IDEA software.

Again, before the first process is implemented, you must determine what specific accounts are critical to your organization, although some areas, such as cash disbursements, are a point of risk for most organizations. Here are a few items that you may want to consider relative to disbursements:

1. Consider a Benford analysis. A Benford analysis is based on statistical probabilities and, within accounting, is usually used to analyze the first digits of monetary amounts. When used to analyze cash disbursements, a Benford analysis helps identify anomalies related to avoiding controls built into a system, such as approval levels, as well as repetitive frauds in amounts that are often “under the radar” of materiality. Typically, when fraudsters make up monetary amounts, they do not consider the expected distribution of the data set they are creating. One example of using a Benford analysis is to raise red flags to help identify fraudulent disbursements such as those that are slightly below a level that requires another level of authorization.

ACL and IDEA include Benford routines, and they make it easy to perform this analysis on a wide range of data sets. You can import transactions into either software and run Benford procedures to identify possible anomalies (where the actual distribution is not equal to the expected distribution). Once the potential issues are identified, inquire about explanations for the anomalies.

2. Monitor credit/debit card payments. Virtually all credit/debit cards allow downloading of transactions for easy import into software such as IDEA, ACL, or a spreadsheet. Monitoring can include analysis of the data related to transactions. Data that might prove interesting include employee weekend purchases or purchases at vendors that are not consistent with the organization’s mission. If you perform this type of analysis, be prepared to find things that surprise you.

Real-life finds include racetrack charges discovered by simply reviewing charges on the debit card of a small not-for-profit, and the identification of cash advances made by an employee who was not working at the time, discovered by reviewing the bank statement for weekend debit card disbursements. The software can usually sort by employee, vendor, and date. Providing cards (and other methods) for employees to easily spend money is sometimes necessary—as is monitoring how the cards are used.

3. Monitor sales returns. A variety of reasons can trigger returns within a system, including inferior product quality, overzealous salespeople, channel stuffing, and covering theft, to name a few. Any of these items can hurt an organization’s reputation or financial stability. By analyzing the data using standard reports, spreadsheets, ACL, or IDEA, you can identify return-related trends, which may raise questions regarding a manufacturer’s product quality. You may also identify a specific relationship between a salesperson and customer. You may, as in an actual case, identify a manager who is recording erroneous returns after hours and keeping the money—which may also result in inflated inventories as well as stock-out issues. By monitoring transaction dates, times, employees, customers, vendors, and items, you may identify issues that significantly affect profitability.

4. Monitor employee and payroll data. Two common payroll frauds are overstatement of hours and the creation of fake, or “ghost,” employees. To monitor for overstatement of hours, a system can usually be configured to reject overtime hours without a supervisor’s electronic approval; this electronic intervention is an excellent preventive control. To identify ghost employees, you may incorporate a routine that checks information on each new employee against existing employees. Those checks should include the Social Security number (SSN), address, bank routing number, and account number. Obviously, two employees should never have the same SSN. A duplicate address may merely indicate that roommates or family members work at the organization, which, unless this is against company policy, does not usually indicate a problem. But it may also be a sign of a ghost employee. When a ghost employee fraud exists, it can be a large drain on resources. The risk is higher if your organization has remote locations or you have too many people for management to know personally.

Another payroll-related area where monitoring may be useful is employee benefits. Monitoring can apply rules to help identify employees who do not qualify for, but are receiving benefits from your benefit plan. For example, retirement plan matching amounts may apply only to employees working more than a certain number of hours per year. Monitoring the data can identify if the implemented controls are working properly. Additionally, benefits monitoring can ensure compliance with applicable government regulations.

5. Associate and monitor data from multiple areas. To this point, this article has considered only single related data sets. The power of continuous monitoring expands greatly when you relate data across boundaries. One such example is using software such as IDEA or ACL to link the employee master file to the vendor master file. Matches between employee SSNs or addresses with vendor tax IDs or addresses may indicate an employee who is also a vendor. While this link may not be a problem, in some circumstances, it can help uncover an employee who is not acting consistent with his or her fiduciary relationship.

The Importance of Monitoring: The COSO Perspective
Continuous monitoring can be used in many circumstances. When monitoring controls and changes in controls, it can help improve an organization’s governance. The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Guidance on Monitoring Internal Control Systems supports using continuous monitoring technology and reports tailored to an organization.

How can continuous monitoring help? According to COSO, if you monitor, you are more likely to:

  • Identify and correct internal control problems on a timely basis;
  • Produce more accurate and reliable information for use in decision-making;
  • Prepare accurate and timely financial statements; and
  • Be in a position to provide periodic certifications or assertions on the effectiveness of internal control.

Organizations of all sizes should find the first three, and possibly all, of these items very important when managing an organization’s efficiency and effectiveness.

According to COSO’s Internal Control—Integrated Framework (May 2013), using technology-based continuous monitoring techniques may be an efficient and low-cost way to review large volumes of data. When these techniques are embedded within a system, all business-event transactions may be examined in real time, rather than the traditional review of a subset of transactions after business events occur. An ongoing evaluation program of controls may be efficiently and effectively implemented using the embedded continuous monitoring techniques along with thorough reviews of the results of monitoring.


Security settings can help track access to information. Organizations can use security settings to monitor and prevent access to unauthorized processes that allow a fraudster the opportunity to steal and cover his or her tracks. Automatic electronic notifications can raise red flags. Reminders and alerts can notify a specific person if a certain condition exists.

Integrated accounting systems should eliminate most journal adjustments. All adjusting entries that are above a predetermined limit should be monitored and reviewed in real time, or as quickly as possible after entry.

Monitor credit/debit card payments, sales returns, and payroll data. Such monitoring could reveal purchases at vendors that are not consistent with the organization’s mission, a specific relationship between a salesperson and customer, or overstatement of hours worked.

Associate and monitor data from multiple areas. Matches between employee Social Security numbers or addresses with vendor tax IDs or addresses may indicate an employee who is also a vendor, which, in some cases, can identify an employee who is not acting consistent with his or her fiduciary relationship.

Richard Dull ( richard.dull@mail.wvu.edu ) is an associate professor of accounting at West Virginia University in Morgantown, W.Va.

To comment on this article or to suggest an idea for another article, contact Jack Hagel, editorial director, at jhagel@aicpa.org or 919-402-2111.


JofA articles


  • AICPA Audit Risk Assessment Tool and Guide (#WRA-XX, online subscription; #AAGRAS12P, paperback; and #AAGRAS12E, ebook)
  • The CPA's Handbook of Fraud and Commercial Crime Prevention (#056504)
  • Forensic Analytics: Methods and Techniques for Forensic Accounting Investigations (#WI890462)
  • Internal Control—Integrated Framework: Executive Summary, Framework and Appendices, and Illustrative Tools for Assessing Effectiveness of a System of Internal Control (#990025P, paperback; and #990025E, ebook)
  • White Collar Crime: Core Concepts for Consultants and Expert Witnesses (#PFF1202P, paperback; and #PFF1202E, ebook) 

CPE self-study

Internal Control: Essentials for Financial Managers, Accountants & Auditors (#731905, text; and #181859, DVD/manual)

For more information or to make a purchase or register, go to cpa2biz.com or call the Institute at 888-777-7077. For more fraud resources, go to cpa2biz.com/fraud.


AICPA Forensic and Valuation Services






Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.