How safe is GnuCash?

[Mike or Penny Novack]

On 1/11/2017 2:10 PM, 70147persson at telia.com wrote:
> How safe is GnuCash? No, I am not talking about lack of bugs etc, but 
> from an auditor's point of view. How to secure that no one is 
> manipulating the figures in the book? The best way of book keeping is 
> an, in advance paginated, paper book, in which you write your notes 
> with non erasable ink. Then, if I make a mistake, I have to make a 
> change by drawing a straight line (in ink) over the wrong figures and 
> write the correct ones next to the original and sign it with my 
> signature. That way the auditor can see all changes and can verify it 
> to the written documents/verifications.
Let's take THAT old pen and ink on paper method and consider HOW an 
alteration would be done. One could take an identical empty volume and 
copy over all the entries << except of course the one being altered 
would be different >> Impractical amount of hand work. But now we are in 
the computer age.

>
> A good electronic book keeping system should be as close to these 
> (manual) methods as possible, and I have also seen such programs. 
Really? You perhaps mean not alterable by somebody lacking the necessary 
computer skills.
> An already written and accepted notation can never be changed in such 
> a program, but substituted with the correct one next to the original. 
> Moreover there are log files, protected with checksums, where all 
> transactions are noted.
You are treating "the program" (call it program X) as if it were 
inviolable. As if there could not be another program (call it program 
X1) which is just like program X EXCEPT it will allow that violation. 
With a closed source program, not easy to produce X1, but I will tell 
you that I have disassembled machine code in my day (perfectly legal, it 
was my own company's source code that had gotten lost). But gnucash is 
OPEN SOURCE. Just need ordinary programmer skills to do it. That's why 
the developers didn't bother putting in something that LOOKS as if it 
were protecting the books from alteration but in reality, doesn't << 
after all, THEY certainly have the skills to create X1 >>

>  When using GnuCash or any book keeping program, in professional 
> business, and if I was the auditor I would demand these facilities, to 
> make sure that no way exist to manipulate the book after the original 
> book keeping . 
OK, maybe this is the time to discuss HOW you make data unalterable. At 
time Y a copy of that data is made to read only medium (say burned to a 
DVD) and that copy given out of the control of the person entering data. 
If there ever becomes a question whether that data (on the computer) as 
it was at time Y has been altered, a comparison can be made with the 
"frozen" copy.

Michael D Novack