[In this series, we’re looking at quick fixes to improve GP security. ]
Controlling the chart of accounts is about as fundamental as it gets in an accounting system. If the chart can change, the fundamental nature of the resulting financial statements can be changed. Imagine the damage that could be done simply by reclassifying an income statement account to a balance sheet account? That’s before we get into false accounts and transactions (shudder).
Controlling who has access to the chart of accounts via the Account Maintenance window in Dynamics is an easy way to eliminate a lot of segregation of duties issues. Separating account creation and maintenance from the ability to make entries is a great way to improve control and it is easier than expected. Even in a very small finance organization it’s possible to segregate duties by letting the controller manage the chart and others make journal entries. It’s not perfect, but it’s an improvement.
The only really pushback is that sometimes users need to see elements in the chart to confirm that they are using the right number, validate that the account was setup correctly, etc. In Dynamics GP, there is no inquiry window for the chart accounts. Frankly, this is a poor reason to grant access. Both the Accounts Navigation List (Financial>Navigation Lists>Accounts) and the Accounts Smartlist (MSDynamicsGP>Smartlists>Financial>Accounts) can show account information including the description, account type, active status, and user defined information without permission to make changes.
By default, the Accounting Manager, Bookkeeper, Certified Accountant, and Power User roles all have access to the Account Maintenance window. Access is provided via the Card_0101* task. Reducing the roles with access to this task or moving access to Account Maintenance to separate task and tightly controlling the roles it is assigned to will along way in managing access to the chart.
One additional note, the Mass Modify Chart of Accounts feature (Financial>Cards>Financial>Mass Modify) can also be used to create or change accounts. Security to Mass Modify Chart of Accounts is also included in the Cards_1010* task and in most case should mirror the access granted to Account Maintenance.
The chart is the heart of an accounting system and it’s still surprising how often we run into segregation of duties issues where a large number of users have access to make changes to the chart. This is an easy fix, so get things cleaned up today.
You can find all of the fixes in this series at GP Easy Security Fixes.