In this series, we’re looking at a series of quick fixes to improve NetSuite security.
The matching principle in accounting requires that a company record expenses in the period in which the related revenues are earned. That means posting transactions in the correct period. Both revenues and expenses can be manipulated by posting them in past or future periods and this results in incorrect financial statements.
Getting dates right when entering transactions is important, but just as important is maintaining control of fiscal periods. Open, closing, reopening periods in NetSuite is a bit of a process. If this were too easy, it might be tempting to quickly open period and post a transaction to that period.
The key is that there should only be one or two individuals with rights to open and close periods and those users should not be allowed to create or change transactions. Otherwise, it’s still very possible to open a month and post into a previous year or open next year and push a transaction far into the future.
Fiscal Periods are managed in NetSuite via Setup > Accounting > Manage Accounting Periods.
The permission is Manage Accounting Periods and by default its assigned only to the Administrator role. Using an administrator to open and close periods isn’t the answer either. Administrator permissions should be reserved for items that truly need it.
A better approach is to assign the Manage Accounting Periods permission to a role that does include access to process transactions. For example, a role that allows maintaining the chart of accounts and fiscal periods, but not transaction entry, starts to provide a level of effective segregation without imposing a significant burden on even a small organization. Properly managing fiscal periods help keep closed years closed and current year transactions in the right periods.
You can find all of the fixes in this series at NetSuite Easy Security Fixes.
Looking for even more useful NetSuite security best practices?
Get our "NetSuite Change Management" paper which examines the native NetSuite functionality available to deploy effective change management in a NetSuite environment, including best practices, the change monitoring process, as well as the change review/sign-off process.