Full disclosure, controlling customer payments is not the easiest thing to fix, but it’s really important. While most people involved in accounting understand the basic risks around payables transactions, there is also a long history of fraud around receivables. In many cases, this involves intercepting payments and then manipulating the accounting records to hide the missing payments. Two common manipulations are lapping and write-off/discount adjustments.
In this multi-part blog series we're reviewing quick fixes to improve NetSuite security.
Security Fixes for NetSuite: Customer Payments
Lapping involves intercepting a payment and then applying future payments, or payments from a different customer, to hide the stolen funds. NetSuite provides flexible options for applying, unapplying, and reapplying payments. Even in a closed period, an Administrator can reopen and reapply transactions, so it’s important to separate access to payments from payment application.
With write-off/discount adjustments, a user again intercepts a payment, but they hide that payment by writing off the related invoice. The customer doesn’t receive any indication that their check wasn’t properly applied. Identical in concept, a discount could be applied to eliminate the balance instead of using a write-off.
Write-offs can be performed as a journal entry, meaning it’s important to separate access to the Customer Payment permission and Journal entries. It’s also important to perform a regular review of discounts applied and write offs.
In this scenario, scripting can be both a friend and an enemy. A script could be created to write off small amounts automatically, for example, amounts less than a dollar. This provides easy cleanup with the protection that users don’t have access to manipulate a write off transactions. However, if scripts aren’t properly controlled, a script could be used to silently process large write offs.
Separating receipt of payments from write-offs and discounts is still the best defense against fraud here. Additionally, regular reviews of write-offs and discounts to supplement other controls is important.
If a user can gain physical access to customer payments there are many opportunities for fraud. These aren’t just theoretical opportunities either. Accounting literature is full of companies who have been hit by receivables fraud. Don’t let your company be one of them.
You can find all of the fixes in this series at NetSuite Easy Security Fixes.
Looking for even more useful NetSuite security best practices?
Get our "NetSuite Change Management" paper which examines the native NetSuite functionality available to deploy effective change management in a NetSuite environment, including best practices, the change monitoring process, as well as the change review/sign-off process.