Internal Controls for NetSuite Access
To have effective internal controls, you'll need a combination of both automated and manual controls that both prevent and detect misstatements or misappropriation of assets. Companies have several responsibilities for setting up good general controls for NetSuite.
-
Make sure logical access and application security are in place. Users should have only the information that they need to do their jobs.
-
Segregate duties and transaction processing.
-
Make sure your organization has user administration controls in place, including:
-
The process for requesting and approving access. If possible, different people should handle the request, approval, and granting of access to make sure the process is followed correctly.
-
Review access regularly to check for changes in responsibilities, make sure former employees' access is revoked, and confirm that only the right people have sensitive or critical permissions.
-
Make sure you end access quickly when needed.
-
-
Keep a record of which roles go with each job function and job title.
-
Audit the permissions in each role regularly to make sure they're still appropriate.
-
The Administrator role is powerful, so access to this role should be extremely limited. Ideally, your organization should have one administrator and one back-up administrator.