Easy Security Fixes For NetSuite - Journal Entries
By Mark Polino
08/01/2024
2min read
In this series, we’re looking at a series of quick fixes to improve NetSuite security.
Control Access to Journal Entries
Controlling access to Journal Entries is a fundamental control point. If users can make and post journal entries without review, they can do just about anything to the final financial statement numbers.
Most organizations have processes in place for reviewing and approving Journal Entries, but those processes can be out of date or incomplete. For example:
- If approvals are done outside the system, are journal entries compared to approvals to ensure only approved entries were made?
- Are users with rights to make journal entries able to change master record or setup items like the accounts or fiscal periods?
- Does the GL control process proper control imported or uploaded journal entries as well?
In addition to controlling journal entry access via security, NetSuite also includes a journal entry approval option and an out-of-the-box workflow for journal entry approval. This means there are many options for controlling journal entries in NetSuite.
In NetSuite, the permission for journal entries is named Make Journal Entry. Make Journal Entry access is available in these default roles:
- Accountant
- CEO
- CFO
Revenue Accountant - Revenue Manager
- Full Access (this is removed in 2019.1)
- Administrator
Reviewing access to roles that can process journal entries is critical. As an example, the default Accountant role has access to make changes to the chart of accounts as well. This can represent a significant risk.
Controlling journal entries is a critical control. NetSuite provides a variety of tools to assist with controlling journal entries. The key for organizations is to ensure that controls are identified and applied.
Looking for even more useful NetSuite security best practices?
Get our "NetSuite Change Management" paper which examines the native NetSuite functionality available to deploy effective change management in a NetSuite environment, including best practices, the change monitoring process, as well as the change review/sign-off process.