Does your accountant comment about the authorizations in your Dynamics environment? Since accountancy isn't an exact science, multiple accountants can have a different opinion about the same authorization structure. The expression ''accountant proof indicated that an accountant gives his approval on e.g. the authorization setup within Microsoft Dynamics. However, this is easier said than done.
Organizations proceed to automation because of the efficiency of business processes. ERP systems such as Microsoft Dynamics NAV and AX are implemented to simplify and speed up financial, production and logistic processes. A business doesn't function without IT anymore, the business world has become dependent on IT-systems. But are these systems reliable?
The setup of your Dynamics environment has an impact on the scope and the volume of the audit. An important part of the audit is checking the authorizations (Who has access to which systems or who may process which data?). We often see that the reliability of an ERP-system doesn't get the attention it deserves. It turns out that organizations do not take care of the authorization setup, or they do not set it at all. This has consequences for an audit: by increased complexity the time and costs also increase.
So, how to manage authorizations and allow for an easy and smooth audit on your Dynamics environment? In other words, how to make it accountant proof
Some tips from our experience:
- A good set of authorizations require time and effort, but this is made up for multiple times once they are in use. Commitment from top management is of vital importance.
- Assign the authorizations from a clear and uniform organizational structure. Recognize the various organization functions and determine the tasks, competences and responsibilities relating to the Dynamics environment.
- Implement adequate segregation of duties within the defined functions.
- Document the creation of the authorization structure, for example principles and an authorization matrix of tasks per function and users for each function. Maintain this documentation in case of organizational changes and personnel changes.
- Connect your authorization management to your change management and to your check-in and check-out processes.
- Provide periodic internal monitoring on the authorization setup.
With a professional authorization structure your internal controls are on the level where both the organization and the accountant can rely on the automated information systems.
Do you have any questions about it-auditing of ERP-systems, or it-auditing in general? Dont hesitate to contact us.