Fastpath Blog- Articles on Security, Audit and Compliance

NetSuite Security and Controls, Part 2: Journal Entries

Written by Frank Vukovits | Aug 22, 2024 2:06:17 PM

Read Part 1 of this series, Gotchas in NetSuite.

Journal Entries often receive the most scrutiny in an audit because they offer a prime opportunity for error or fraud to occur. The issue with journal entries in NetSuite is that users can create and approve their own journals out of the box. Plus, NetSuite allows the journals to be modified after they've been posted.

This is a major issue that can allow users to circumvent controls. For instance, you should look for instances where the Creator and Approver are the same person or where the “last modified date” comes after the “approval date.”

A recommended solution to overcome this issue is to enable a journal entry workflow. NetSuite does not come with an out-of-the-box journal entry workflow; however, users can download and install a workflow from NetSuite.

Some elements that should be addressed in the workflow:

  • The workflow should be configured to your specific environment and controls to ensure that users are not able to create and approve the same journal.
  • Lock the journal entry. Make sure that the approver does not have the ability to modify the journal (e.g., edit a field, change an amount) once it has been submitted for approval. This is essentially the same problem as creating and approving your own journal. In the event the journal needs to be modified journal after it's been submitted, have it sent back through the approval routing or route it to someone else.
  • The workflow should include all of your manual journal entries, including any journals uploaded via CSV, allocation entries, custom journals, etc.
  • And last but not least ensure that the workflow locks the record after it's been approved. Otherwise, someone with the journal creation permission can go in and modify that journal after it's been approved.

Performing a manual review to ensure journals are properly created and approved is cumbersome and prone to error. Implementing a workflow helps automate the journal approval process and ensures that no steps were overlooked. Using SuiteFlow, you can automate your custom approval routing, apply validations, send emails, create related records, direct the end user to appropriate forms in the user interface, and more.

Fastpath has published an eBook describing best practices for change management in NetSuite, from change request to audit review, including IT General Controls, the Software Development Lifecycle (SDLC), and ticketing systems. Download your copy of NetSuite Change Management.
View full post