In this series, we’re looking at quick fixes to improve NetSuite security.
Controlling the chart of accounts is about as fundamental as it gets in an accounting system. If the chart can change, the fundamental nature of the resulting financial statements can be changed. Imagine the damage that could be done simply by reclassifying an income statement account to a balance sheet account? That’s before we get into false accounts and transactions (shudder).
Controlling who has access to the chart of accounts via the Account window in NetSuite is an easy way to eliminate a lot of segregation of duties issues. Separating account creation and maintenance from the ability to make entries is a great way to improve control and it is easier than expected. Even in a very small finance organization it’s possible to segregate duties by letting the controller manage the chart and others make journal entries. It’s not perfect, but it’s an improvement.
By default, the Accountant, CEO, and CFO roles all have access to the chart of Accounts, in addition to the Full Access (through version 2018.2) Power User roles. Access is provided via the Account permission. Reducing the roles with access to this permission and tightly controlling access to the Accounts permission will along way in managing access to the chart.
One important thing to note is the merge functionality present in accounts. If a user has inappropriate access to Accounts, merging a false account into a real account is one way to hide transactions.
The chart is the heart of an accounting system and it’s still surprising how often we run into segregation of duties issues where a large number of users have access to make changes to the chart. This is an easy fix, so get things cleaned up today.
You can find all of the fixes in this series at NetSuite Easy Security Fixes.
Looking for more useful NetSuite security information? Get our "Designing NetSuite Security" paper, written in partnership with Protiviti, which will help you to define security requirements during NetSuite implementation, or help you re-implement security in a current live environment.