In this series, we’re looking at a series of quick fixes to improve NetSuite security.
Controlling access to Journal Entries is a fundamental control point. If users can make and post journal entries without review, they can do just about anything to the final financial statement numbers.
Most organizations have processes in place for reviewing and approving Journal Entries, but those processes can be out of date or incomplete. For example:
- If approvals are done outside the system, are journal entries compared to approvals to ensure only approved entries were made?
- Are users with rights to make journal entries able to change master record or setup items like the accounts or fiscal periods?
- Does the GL control process proper control imported or uploaded journal entries as well?
In addition to controlling journal entry access via security, NetSuite also includes a journal entry approval option and an out of the box workflow for journal entry approval. This means there are a lot of options for controlling journal entries in NetSuite.
In NetSuite, the permission for journal entries is named Make Journal Entry. Make Journal Entry access is available in these default roles:
- Revenue Manager
- Full Access (this is removed in 2019.1)
Controlling journal entries is a critical control. NetSuite provides a variety of tools to assist with controlling journal entries. The key for organizations is to ensure that controls are identified and applied.You can find all of the fixes in this series at NetSuite Easy Security Fixes.
Looking for even more useful NetSuite security best practices?
Get our "NetSuite Change Management" paper which examines the native NetSuite functionality available to deploy effective change management in a NetSuite environment, including best practices, the change monitoring process, as well as the change review/sign-off process.