Most people involved at all in accounting understand that if a user has access to manage vendors and payments that it is pretty easy to create false vendor records and generate payments to those false vendors. In other words, it’s the fast lane to fraudville.
Only slightly more complicated are similar schemes involving customers. Payment redirection fraud can be just as dangerous and harder to detect. All this risk leads to some pretty simple advice, don’t allow users with access to manage vendors to also manage payables transactions. The same advice goes for customers.
In GP, vendor and customer access correspond to the Vendor Maintenance and Customer Maintenance windows respectively.
That's it. The end.
If only it was that simple.
For more blog articles on GP security, check out the Fastpath GP blog posts.