How to Bust Fraudulent Activity in Xero

If you’re going to commit fraud, don’t do it in Xero. The accounting program contains a couple of extra features that make it much easier to catch out crooked behaviour.

My firm Accodex periodically gets referrals from other accounting firms to assist with what we call “digital forensics”.

Most of the time it’s fairly innocuous; an add-on wasn’t configured properly, or some custom middleware goes rogue and has fired a thousand erroneous entries into Xero. We’re tasked with finding them and removing them.

Every now and then it’s a little more insidious and someone has stolen money and tried to cover their tracks. We get engaged to find out who and how much.

Forensic accounting traditionally involves wading through boxes of bank statements and invoices. It is like trying to find a needle in a haystack. The process usually takes months and hundreds of hours. In this day and age all it requires is a login, three monitors, a tonne of Red Bull and my gaming dubstep mix on Spotify.

The first thing we look at is Xero’s assurance dashboard. I remember how excited I was when Xero CEO Rod Drury first announced this feature at Xerocon 2015. The assurance dashboard gives us a instant visibility over anomalous activity and risks.

We perform a full risk assessment that includes non-financial factors through the lens of the fraud triangle.

The assurance dashboard can quickly reveal unusual changes to a Xero file.
The assurance dashboard can quickly reveal unusual changes to a Xero file.

Once this has been completed, we put together a plan. We plan materiality, the analytics we are we going to run and any key accounts, contacts or users we want to run detailed testing on. Once the plan of attack is set, we turn up the music and start digging.

We use Excel Integration Tools by QuickWin Development to extract data from Xero into Excel. This is important for two reasons. The first and most obvious, is whether you like it or not, Excel is never going out of fashion. Ever.

The second reason is more subtle. You see, in Xero every action and transaction leaves a little digital footprint. An example of this can be visualised in the history and notes button at the bottom of transactions in Xero.

The notes underneath a transaction in Xero provide an audit trail of activity.
The notes underneath a transaction in Xero provide an audit trail of activity.

There’s a lot of data that does not get served up on Xero’s user interface too. Transaction IDs are an example of this. They do however come down in a data dump from Xero into QuickWin’s Excel Tool.

This enables us to trace ledger transactions back to the bank source transactions. With enough computer processing power we can do this for tens of thousands of transactions in a matter of hours, not weeks.

From there we can run analytics and integrate data to build a transaction risk profile. We look at a few different risk factors such as contacts, amounts, users and aging, then assign these with a risk rank out of five. The weighted average risk factors are then taken to produce an aggregate risk score for each transaction. We then simply sort the transactions from highest to lowest.

The template we use at Accodex to filter out high-risk transactions for further investigation.
The template we use at Accodex to filter out high-risk transactions for further investigation.

What is left is a list of transactions that requires deep substantive testing. This involves communication with banks, suppliers and boxes of paperwork. And that’s usually the point when we hand it back to the firm or client to sift through the wreckage and we go back to our caffeine induced data frenzy.

In short, it’s worth spending the time to learn how to use Xero’s assurance dashboard. It shows up the patterns that prove whether you’re dealing with honest mistakes or a bookkeeper with an expensive taste in racehorses.

Image credit: CNN

Subscribe to our newsletter

Subscribe to receive the latest stories and new guides to your inbox. No spam, we promise.

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.