Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.dualentry.com/llms.txt

Use this file to discover all available pages before exploring further.

Anomaly Detection

DualEntry runs anomaly detection across every posted transaction and account balance in your ledger. The scan looks for patterns that typically signal data-entry errors, duplicate payments, or activity that warrants a second look. You configure sensitivity per entity, choose where alerts appear, and decide whether to dismiss or escalate each finding. Dismissed alerts feed back into the model so it learns what your organization considers normal.

What the Scan Watches

Each run evaluates posted transactions and period-end balances against a set of built-in detection rules. The signals DualEntry watches include:
  • Duplicate transactions - same vendor, amount, and date appearing more than once.
  • Round-number entries - journal entries with suspiciously round amounts above a configurable threshold (for example, exactly 10,000or10,000 or 50,000).
  • Off-hours postings - entries posted outside the normal business-hours window defined for the entity.
  • Balance swings - account balances that move beyond a historical standard-deviation band for the period.
  • Uncharacteristic account usage - a transaction hitting an account outside its typical pattern, such as an expense posting to a revenue account.
These rules run in combination. A single transaction can trigger multiple signals if it matches more than one pattern, and the resulting alert reflects the combined severity. The detection model recalculates baselines monthly, so seasonal patterns are automatically incorporated into what the system considers normal activity for each account.

Configuring Sensitivity

You manage sensitivity under Settings → AI → Anomaly Detection. Each entity in your organization has its own configuration so you can run tighter controls on operating entities and looser controls on holding companies. DualEntry ships three sensitivity presets:
  • Conservative - flags only high-confidence anomalies. Best for entities with high transaction volume where you want minimal noise.
  • Balanced - the default. Catches most genuine issues while keeping the alert count manageable.
  • Aggressive - casts a wider net. Useful during an initial rollout or for entities under heightened scrutiny.
Beyond presets, you create custom rules that layer on top of the built-in detection. For example, you can add a rule that flags any single journal entry exceeding $50,000 or any transaction posted by a specific user role. Custom rules follow the same severity-scoring logic as built-in rules and appear alongside built-in alerts in every delivery channel.

Where Alerts Surface

Anomaly alerts reach you through three channels, and you enable or disable each independently per entity. This flexibility lets you route high-volume entity alerts to a dashboard while sending alerts for smaller entities directly to email.
  • Anomaly Detection dashboard widget - a summary card on your home dashboard showing the count and severity breakdown of open alerts. You can click any severity level to filter directly into the alert list.
  • Email digests - daily or weekly summary emails listing new alerts since the last digest. You configure the schedule and recipient list per entity. Digests include a direct link to each alert so you can jump straight into the review screen.
  • Close Management checklist - open alerts automatically appear as review items on the month-end close checklist, ensuring they are addressed before you lock the period.
Each alert includes the flagged record, the detection rule that fired, a severity score (low, medium, or high), and a one-click link to open the source transaction.

Reviewing and Resolving Alerts

When you open an alert, you choose one of two actions: dismiss or escalate. Dismissing an alert marks it as reviewed and tells the model that this pattern is acceptable for your organization. Over time, dismissed patterns reduce false positives for similar transactions in future scans. Escalating an alert routes it to a designated reviewer or adds it to the close checklist if it is not already there. You can also add a note to any alert before dismissing or escalating it. Notes are stored alongside the alert in the audit trail and provide context for anyone who reviews the history later. Bulk actions are available in the alert list view - select multiple alerts and dismiss or escalate them in a single operation when you are working through a batch of similar findings.
Dismissed alerts still appear in the audit trail. Dismissing an alert removes it from active dashboards but does not delete the record.
Last modified on May 28, 2026