Now more than ever, auditing firms are analyzing segregation of duties to ensure a proper security environment within your ERP system. Many companies have the proper controls in place to ensure their segregation of duties needs are being met, but unfortunately there are a large number of companies that do not.
The best time to take steps to define security requirements is typically in the early stages of an ERP implementation, or when performing an upgrade or re-implementation project. Implementing your ERP with security roles in mind and using a “top down” method is recommended as the best practice by Protiviti for all ERPs, including NetSuite.
According to Protiviti’s recent white paper, “Designing NetSuite ERP Application Security – Leveraging Fastpath Assure Access Monitoring Solutions” organizations that meet any of the following criteria should consider reviewing their security design and implementing security monitoring solutions:
- Organization-specific SoD policies have not been defined, approved by the business, or are outdated.
- Creation of new roles and/or new role assignments generates a significant number of SoD conflicts requiring remediation or mitigation.
- A significant number of SoD conflicts exist within the current roles.
- The ERP environment consists of more roles than users.
- SoD checks are performed manually — or not performed at all.
- Automated security monitoring solutions are not in place to support ongoing monitoring of the environment.
- There is lack of business involvement in the SoD risk management process.
Are you a current NetSuite user or plan on becoming one in the near future? If so, we would strongly recommend reading this white paper, Protiviti provides an in depth perspective on the various approaches to designing an effective security within your NetSuite environment.
To download Protiviti's NetSuite white paper simply click the link below.