1. Those who actually set up the system or the spreadsheets, who control the operations as well as the modifications to the system are often found to be the perpetrators of this kind of fraud. What is needed, of course, are periodic surprise audits carried out on the accounting logic, and the actual spreadsheets, as well as the data entered.
2. It is highly unfortunate, that rather than separating the duties of those responsible for the internal control of such accounting systems, that the very same person who has these heavy responsibilities actually controls as well as modifies the system that contains the disbursement process.
3. Further there is no completely ''failsafe'' double-checking that would have caught any design flaws in untested desktop applications as well as spreadsheets. Thus miscalculations occur, and the design flaws are allowed to perpetuate themselves resulting in reconciliation and balancing incongruities, the erasure of audit trails, and of course logic errors caused by mechanical difficulties.
4. Internal control in the Accounts Payable Department first rests with actual written procedures, which in turn will support the desktop application/spreadsheet. There are, of course, other items that bring the internal control that most companies desire. It is a shame though that the majority of the written procedures that are written up for most companies are not only vague but oftentimes totally incomplete. Thus instead of being capable to implement close surveillance and have internal control, it is found to be sadly missing, and the company moves forward without the safeguards it needs.
5. The existing desktop Accounts Payable spreadsheets and their applications can be used in order to actually strengthen a company's internal controls. Applications such as Access and Excel are two good examples of such. Those who understand little about their Accounts Payable departments need to have verifications carried out by someone who is knowledgeable. Thus, they will need to hire out those who are capable of data management. Finding and identifying possible fraud means that various essential analytical and statistical tests need to be run.
6. When new applications are used, then all employees dealing in Accounts Payable need to be given detailed written policies as well as exact procedures. These should address not only procedures but also security, modifications, testing, internal controls, documentation and also the layouts. Most companies should then have a meeting of those employees, for questions and reaffirmation that they are all ''on the same page'' about the new applications.
At this point all should have been made aware that there will be assessments carried out of the spreadsheets by independent security personnel, who will identify any deficiencies in either the work itself or the possible design flaws in new applications, so as to rectify them early before problems come into being that require a recovery process.
Thus to recap, as has been covered in the early portions of this segment, prevention is the important key, in addition to security and the introduction of various checks and balances, to prevent desktop fraud in Accounts Payable.
