When we look at controls, every company, even the smallest companies, even organizations that don’t really know what controls are, uses the most ubiquitous of controls, bank reconciliation. It’s one of the few regular, independent checks of what goes on in a company. I’ve seen senior accountants get fired for poor bank reconciliation management and I’ve seen awful bank reconciliations as a symptom of deeper problems in a company that ultimately failed spectacularly.
In this multi-part blog series we're reviewing quick fixes to improve NetSuite security.
Security Fixes for NetSuite: Separate Bank Transactions from Reconciliation
As a result, it makes sense to ensure that users who perform bank reconciliations are independent from transactions. A review of bank reconciliations isn’t enough. It’s easy to hide transactions from a review.
Bank reconciliation really needs to be performed by someone with an independent attitude not tied to transactions. Ideally, it should performed daily to provide the greatest benefit, but even the traditional monthly reconciliation provides an effective control if done right. Finding the right position to reconcile bank accounts can be tough for organizations. Often the person best positioned to perform the reconciliation is also the person in the best position to manipulate the results.
In NetSuite, access is needed to the Reconcile permission. This is included in the Accountant, Bookkeeper, CEO, and CFO roles. Additionally, administrator’s need to be careful with the Import Online Banking File which is available to some of these same roles.
On the bank transaction side the Accountant, CEO, and CFO roles also have access to edit Bank Account Registers. Segregating these permissions is an easy way to improve security around bank transactions.
Bank reconciliation is a core control. Ideally, it’s performed daily, to be as timely as possible, and by someone not involved in transactions for some level of independence.
You can find all of the fixes in this series at NetSuite Easy Security Fixes.
Looking for even more useful NetSuite security best practices?
Get our "NetSuite Change Management" paper which examines the native NetSuite functionality available to deploy effective change management in a NetSuite environment, including best practices, the change monitoring process, as well as the change review/sign-off process.