In this series, we’re looking at a series of quick fixes to improve NetSuite security.
Controlling access to Journal Entries is a fundamental control point. If users can make and post journal entries without review, they can do just about anything to the final financial statement numbers.
Most organizations have processes in place for reviewing and approving Journal Entries, but those processes can be out of date or incomplete. For example:
In addition to controlling journal entry access via security, NetSuite also includes a journal entry approval option and an out-of-the-box workflow for journal entry approval. This means there are many options for controlling journal entries in NetSuite.
In NetSuite, the permission for journal entries is named Make Journal Entry. Make Journal Entry access is available in these default roles:
Reviewing access to roles that can process journal entries is critical. As an example, the default Accountant role has access to make changes to the chart of accounts as well. This can represent a significant risk.
Controlling journal entries is a critical control. NetSuite provides a variety of tools to assist with controlling journal entries. The key for organizations is to ensure that controls are identified and applied.
Looking for even more useful NetSuite security best practices?
Get our "NetSuite Change Management" paper which examines the native NetSuite functionality available to deploy effective change management in a NetSuite environment, including best practices, the change monitoring process, as well as the change review/sign-off process.