Over the course of our 3 part blog series on proper securities and controls within Dynamics NAV we will be discussing the proper measures that should be taken to achieve an optimal security environment within your NAV system. We hope you find the series of blogs to be not only informational but also beneficial in assisting your company to achieve an optimal security level.

Security and Controls - What do we mean?

A basic understanding of terms is necessary for NAV compliance. Security refers to the features around user application permissions, such as passwords and clearance. Security is always built into and part of the application.

Controls on the other hand, refer to the processes external to the application. A great example of an outside control is Positive Pay, in which your bank matches up payment with a previous transaction list before processing them. Your main goal should be an environment that uses a blend of Security and Control measures to mitigate operational or financial risks.

Risks to your business come in a variety of forms. Some are intentional, such as fraud and theft. Others can be innocent accidents, such as when the summer intern mistakenly creates a new general ledger and starts posting transactions to it, throwing off your financial statements. A balance between securities and controls helps mitigate risks both malicious and otherwise.

What Do Security and Controls Accomplish and Why Does It Matter?
 
Security and controls provide several benefits; helping you mitigate fraud, ensuring management decisions are based on accurate information, achieving process efficiencies and streamlining teaching, eliminating errors, increasing management confidence, and helping your company stay in compliance. They also reduce the prep time needed for audits from weeks to days.
 
Unfortunately, these ideals often aren’t the case. Instead, we often see a low prioritization of security, IT/Admin oversight of security without business awareness, little to no monitoring, weakening of security over time, an inability to report on security, and expensive customizations in place of securities and controls.
 
But What About Risk?
 
These factors make it difficult to manage risk. All businesses have risk, varying by industry, season, geography, company size, number of employees and so forth. Examples include fires, earthquakes, fraud, theft and financial misstatement. In part 2 of our blog series, we will discuss how to identify what your risks are, define your corporate tolerance, and translate them to key business systems. 

Read part 2 of this series, Achieving a Proper Security Environment within Dynamics NAV.