I suggest you think about auditing as well - if management has any competence at all in the business processes, they should find the need for an audit trail readily apparent. You need to have the programme write an audit log as it goes along.

You could use this as an 'in' to get security onto the agenda - e.g. what's the possibility that a change can be made without any record of who made it? and (even if there's no fraud) what would the company's auditors think of that?

HTH!