Over the course of time, it is inevitable that the data security, control, and audit compliance of an ERP system are reviewed.
If Microsoft Dynamics GP is your chosen ERP system, here are some of the standard functions Dynamics GP that you can take advantage of in terms of implementing system controls.
POSTING CONTROLS
Posting controls offers a multiple approach within Dynamics GP that can be utilised to minimise the risk of transaction posting errors. Below are the following items that are available standard GP functions that can be used.
- Require Batch Approval
An option within the posting setup of Dynamics GP can be turned on to enable approval of batch first before it can be posted. A password can be used to have control on postings and the person with the appropriate role can review transactions before they can be posted. A tick box for approval on all batch windows in Dynamics GP is available to mark the batch as approved.
- Allow Account Entry option in Account Maintenance
When Allow Account Entry in Account Maintenance window is unmarked, it ensures that only the corresponding module can post transactions to the account. Dynamics GP defaults the accounts from the setup at master files level (i.e. Trade Creditors, Trade Debtors, Banks) and controls the selection of the account during transaction entry in which they are restricted to select the account.
- Workflow Approvals
A more comprehensive approach on taking further system controls within Dynamics GP is the use of Workflow Approvals. By turning on workflow approval, transactions and setting up of master records goes through a set of business rules for approvers to approve or reject. With this type of control, segregation of duties is effectively implemented.
SECURITY SETUP
- Security Roles and Tasks
Security Roles contain different security tasks which encompasses many security operations. A security operation varies from access to a Dynamics GP window, report, or other custom items. Users can have different multiple security roles assigned to them in different companies providing a great deal of flexibility over their access.
- Field Level Security
This allows restriction of functions of fields, with the ability to assign that restriction to a particular user and for a particular Dynamics GP company. Functions such as hiding a field within a Dynamics GP window, requiring password to change default setup values, and disabling buttons are some noticeable features that can be used to restrict data and functions between users.
- Account Level Security
This feature of Dynamics GP allows users to view only account codes that are applicable to them. This is commonly seen on scenarios with multiple departments or divisions having their own set of chart of accounts. Controls are in effect at transaction entry, viewing, and posting wherein you can only see the entries that you have access to.
* * *
To compliment the system controls in place, another item to look at is the audit trail of changes within the system whether on data or system setup. Below are areas within Dynamics GP that you can utilise to track these changes
- Activity Tracking
This module offers a function that allows you to view user activity within Dynamics GP. Such activities include logins/logouts, file tracking on data changes, window access tracking, and process and posting tracking. A report is available to be printed to show the tracking for a specific date period or specific user or company.
NOTE: A limitation on this feature is it does not track the change that has been made, instead only showing that there was a change made. Further, each audit takes up space within the database, so managing the audit records is essential to ensure no system performance issues are created. Purging old audit records and keeping only those that are essential to the business is the key to this.
- Utilising SQL Triggers and SQL View for Audit Logs
On audits that are identified as high-risk for the company, the use of SQL Trigger and SQL view can be created to customise the tracking on these areas. Reporting of this audit can be viewed via custom SmartList report or SSRS.
- Third Party Product
There are a number of full-blown Audit products available for Dynamics GP which provides you with a robust function that can show the essential Ws in auditing: What, When, Who. Some third-party products also have alerts and email functionality for when a change happens.
CONCLUSION
There are different components that set the controls and audits within Dynamics GP. Depending upon the companies’ areas of considerations and identified high-risk security compliance, Dynamics GP offers flexible solutions that best suit and meet each organisation’s requirements.