How safe is GnuCash?

John Angelico talldad at kepl.com.au
Sat Jan 14 00:00:29 EST 2017 

On 14/01/17 14:16, gnucash-user-request at gnucash.org wrote:
> Message: 2
> Date: Fri, 13 Jan 2017 20:19:23 -0600
> From: "Securenym.net"<wroberts at securenym.net>
> To: DaveC49<davidcousens at bigpond.com>
> Cc:gnucash-user at gnucash.org
> Subject: Re: How safe is GnuCash?
> Message-ID:<201701140219.v0E2JPP07820 at einstein.securenym.net>
> Content-Type: text/plain; charset=utf-8
> 
> You are correct, but they do.
> 
> I was called in for a problem in the last century as the computer guy to help an auditor determine why the books were strange in a non-profit fund accounting system.  I can?t go into details, but the accounting system programming (COBOL) was misprogrammed at some point and things happened.  The organization and the auditors determined the misprogramming was accidental, the funds were restored, and no harm was apparently done, and the matter was dropped.   The program had been written years earlier and the old auditors assumed it worked as it was supposed to.  The new auditor backtracked transactions to source documents and found something out of whack, triggering a more in depth audit, which ultimately led to a code audit.  Auditors beware:  the computer may not be as honest as you think it is.

Lurker emerges from the deep...

I concur with this conclusion. The example is an excellent illustration.

I began in accounting over 40 years ago when computers filled rooms, and 
trained and worked as a specialist computer-auditor (top-notch training 
which is so ingrained that I still can recall the principles readily).

In that era, the basic principle was "do not trust 'the computer' 
without external verification."

I was an early computerist and therefore had experience writing code. 
The team of which I was a part had program tools for interrogating 
files, extracting data, and supplying regular auditors on the assignment 
with the stuff to be verified.

We also documented procedures, and identified internal control 
weaknesses (which would include unwarranted assumptions that a) programs 
  work accurately and b) programs and data have not been changed).

In those days insurance businesses were the headache because the premium 
billings (= income) were generated internally first, so external 
verification was harder. So we concentrated on the procedures for 
issuing policies (the contract of insurance) and recording the details 
accurately in the computerized system.

My basic mantra is that accounting systems whether computer or manual 
are meant to accurately and fully reflect real-life financial transactions.

Therefore, the audit process is meant to check that this is a reasonable 
state of affairs procedurally, and that the results (in commercial terms 
the income statement and balance sheet) give a true and fair view of the 
activities of the entity for the accounting period under review.

Regards,
John Angelico
talldad at kepl.com.au

More information about the gnucash-user mailing list