Before You Start

This guide is for CPAs, internal auditors, and business owners concerned about security. It assumes an in-depth understanding of accounting software functionalities.

Overview

60 min
Estimated Time
Expert
Difficulty
As Needed
Frequency

What You’ll Learn

  • How to effectively use the QuickBooks Audit Log
  • Identifying suspicious vendor setup changes
  • Detecting and investigating deleted transactions
  • Analyzing irregular journal entries lacking documentation
  • Strategies to prevent future financial discrepancies

1. Preparation Steps

Before diving into the audit log, ensure you have the necessary access and awareness:

Required Access

  • Administrator access to QuickBooks Online
  • Review of current user access permissions
  • Understanding of standard accounting cycles

Key Areas to Focus

  • Recent changes in vendor details (bank accounts, addresses)
  • Transactions posted outside normal business hours
  • High-value transactions without clear supporting documentation

2. Common Fraud Indicators

You’ll typically encounter fraud attempts through specific types of financial manipulation.

Indicator A: Vendor Master Data Manipulation

This involves altering vendor information for illicit payments.

Pros for Fraudster:
  • High financial impact.
  • Direct misdirection of funds.
  • Can be hard to spot in large volume.
Cons for Fraudster:
  • Requires admin access.
  • Changes are logged in audit trail.
  • Can be detected by supplier reconciliations.

Indicator B: Deleted or Modified Transactions

This involves removing or changing transactions to hide evidence.

Expert Tip: Many fraud schemes involve deleting or altering legitimate transactions. The QuickBooks Audit Log is your most powerful tool to track these changes, but it requires diligent review and understanding of expected activity.

3. Leveraging the Audit Log for Investigation

The QuickBooks Audit Log (also known as the Audit Trail) records nearly every action taken within your QuickBooks company file. It’s the central hub for forensic investigation. Filter by user, date, or event type to narrow your search.

Here is a sample code block to show how an API call might look.

{
  "entry_id": "AU007",
  "action": "Deleted",
  "object_type": "Invoice",
  "object_id": "INV-2025-00123",
  "user": "Suspicious User",
  "timestamp": "2025-10-24T03:15:00Z",
  "details": "Invoice for $5,000 paid to new vendor deleted."
}

4. Practical Steps: Detecting Manipulation

  1. 1

    Review Vendor Records

    Access the Vendor list and look for new vendors with similar names, changes in bank details, or unusual contact information.

  2. 2

    Analyze Deleted Transactions

    Navigate to the Audit Log. Filter by ‘Deleted’ transactions and review entries for unexpected removals of invoices, bills, or payments.

  3. 3

    Scrutinize Journal Entries

    Check for journal entries that lack sufficient description, involve unusual accounts, or are posted by non-accounting personnel.

Common Error: Missing Documentation

Many fraudulent entries are not supported by physical or digital documentation. Always cross-reference suspicious transactions with external evidence (e.g., contracts, purchase orders, bank statements).

5. Reversing Fraud and Strengthening Controls

Recovery & Prevention Checklist

  • Consult legal/forensic experts immediately
  • Reverse fraudulent transactions with clear audit notes
  • Implement stricter user access controls
  • Mandate dual approval for vendor changes
  • Schedule regular, independent audit log reviews

Need Expert Assistance?

Get Support

Suspect fraud or need help interpreting complex audit trails? Our forensic accounting specialists are here to assist.

Contact Us