One of the main benefits of using Microsoft Dynamics is that it is easily configured to meet the unique business challenges and processes of varying companies. Because these configuration decisions have such a large impact on transactions and financial statements, it is imperative that these configurable controls are monitored to ensure that they are properly deployed. Additionally, auditors have renewed focus on these controls to ensure that the risks configuration controls present are adequately mitigated.
Examples of these configurable controls include:
- Module settings
- GL posting profiles or groups
- Tolerance limits
These areas are a central focus during implementation, but most companies use the ‘set it and forget’ methodology and controls are never subsequently reviewed or monitored.
There are a few simple steps to take to implement a control framework around Microsoft Dynamics configurations:
- Set a baseline for the configuration settings and document it.
- Include configuration changes in the company’s standard change management process.
- If changes are approved, update the relevant documentation accordingly.
- Do a risk assessment to determine the key configurations.
- Set up a periodic review and sign off on key configurations
- Consider deploying a tracking or audit trail solution that monitors changes to key configurations
An example would be a company using workflow approval for purchase orders. With workflows, most companies review the rejections, approvals and resulting transactions but they fail to monitor the configurations of the workflow itself. Once the approval hierarchy and dollar thresholds have been determined and configured, document the settings.
The workflow should be periodically monitored to ensure that it was never accidentally, purposefully or fraudulently disabled. The approval hierarchy should be reviewed to ensure accuracy after users have moved in and out of the company and positions. Adding an audit trails to this configuration and setup information will help notify the business process owners of any changes and help prevent unauthorized transactions from leaving the building.
Regardless of which Dynamics product you use (Dynamics AX, GP, NAV or SL), be sure to implement a control framework. Have questions? Email us and we are happy to help!