QCE Accounting - Unit 3 - Managing resources for a sole trader business
Resource Controls, Data Security and Fraud | QCE Accounting
Learn resource controls, data as a business asset, cloud storage, outsourcing, cyber security, fraud risk and control evaluation for QCE Accounting.
Updated 2026-05-18 - 4 min read
QCAA official coverage - Accounting 2025 v1.2
Exact syllabus points covered
- Explain internal controls for non-current assets, data and technology resources.
- Analyse the impact of cloud computing, outsourcing, security and fraud on business resources.
- Evaluate resource management decisions using accounting and business evidence.
- Create sentence responses or business report extracts about resource controls.
Accounting controls are not limited to cash. A business must also protect non-current assets, records, customer data, supplier data and accounting systems. Data is a resource because it supports decisions, reporting, compliance, credit control, inventory planning and customer relationships. Losing data can be as damaging as losing equipment.
Resource management combines physical controls, administrative controls and technology controls. The goal is not to create a perfect system with no risk. The goal is to reduce risk to an acceptable level while still allowing the business to operate efficiently.
Original Sylligence diagram for accounting resource control cycle.
Controls over non-current assets
| Risk | Possible control | Why it helps | |---|---|---| | Theft of portable assets | Asset tags, locked storage, restricted access | Makes assets traceable and harder to remove | | Unauthorised purchases | Purchase authorisation and supplier approval | Prevents unnecessary or fraudulent spending | | Incorrect depreciation | Asset register with method, rate and purchase date | Keeps calculations consistent | | Assets not maintained | Maintenance schedule and responsibility assignment | Protects productive capacity and resale value | | Ghost assets in records | Physical stocktake of assets | Finds assets recorded but no longer held | | Poor disposal decisions | Approval for sale or scrapping | Ensures proceeds and records are reviewed |
Control quality should be evaluated using evidence. For example, if three laptops are missing and no employee is assigned responsibility, the weakness is not simply "poor control"; it is a lack of custody records and physical checks.
Data as a resource
Accounting data includes source documents, journals, ledgers, payroll records, customer balances, budgets, tax information and reports. It must be accurate, complete, available when needed and protected from unauthorised access.
Strong data controls include:
| Control | Purpose | |---|---| | User access levels | Staff see only the data needed for their role | | Strong passwords and multi-factor authentication | Reduces unauthorised login risk | | Regular backups | Allows recovery after hardware failure or cyber incident | | Audit trails | Records who entered or changed transactions | | Data validation | Reduces input errors | | Secure cloud permissions | Prevents accidental public sharing | | Staff training | Reduces phishing and handling mistakes |
Cloud computing and outsourcing
Cloud accounting systems can improve access, backups, software updates and collaboration with bookkeepers. They can also create risks: internet dependence, subscription costs, data privacy concerns, unauthorised access and reliance on a provider.
Outsourcing tasks such as bookkeeping, payroll, IT support or data hosting can give a small business expertise it cannot afford in-house. The trade-off is reduced direct control. The business should consider service agreements, confidentiality, backup access, provider reputation and whether staff still understand the reports enough to make decisions.
Fraud risk
Fraud involves intentional deception for personal gain. In accounting, examples include false supplier invoices, unauthorised payments, theft of cash, manipulation of customer receipts, payroll fraud, inventory theft and falsified asset disposals.
Fraud risk increases when one person controls a whole process. For example, if the same employee orders equipment, approves invoices, records payments and updates the asset register, they may be able to create a fake purchase and hide it. Separation of duties, authorisation, independent review and audit trails reduce this risk.