NetSuite Master Data and Financial Controls

Monitor and protect the data that's most important to your business — and your auditors

Configuration changes are not the only important changes to your NetSuite account. Changes to master data can significantly affect financial integrity. Similarly, not all risk can be managed through roles and permissions alone. To manage these exceptions effectively, you need a solid system of detective controls.

Some companies use saved search alerts as detective controls, but have difficulty proving that alerts were sent or acted upon. In addition, system notes searches can be difficult to run over a significant time frame. The result is that even with robust processes, staff are often overwhelmed, resources are tied up and auditors are left unsatisfied at audit time.

How Strongpoint Helps

With Strongpoint’s master data and financial controls, you can move from static monitoring to active response — and create an auditable trail that will make compliance easier. Strongpoint converts saved searches into powerful detective controls that route violations to the proper authority for review and clearance, and collects it all in a separate, auditable GRC system.

Enhanced features enable cross-matching between searches to reduce false positives. Automated processing allows for searches to be run more efficiently and reliably. Best of all, all of the control incidents can be consolidated into a single list for easy review.

Monitoring Transactional Behavior

The Administrator role in NetSuite is highly sensitive. Ideally, an Admin's broad powers should be used to maintain the system — they shouldn't handle transaction activity at all.

However, Admins can and do make transactional changes. Since it isn't possible to prevent them outright, the best thing you can do to prevent fraud and maintain compliance is to put in place detective controls that monitor them.

Normally the process for doing this involves running saved searches on system notes. But this can produce tens of thousands of results that make analysis effectively impossible.

Strongpoint Agent allows you to cross match the results of a system notes search with the results of an employee record search. In other words, you can greatly narrow down your results by eliminating everything that wasn't created or edited by a user with Admin (or similar) privileges.

Why is Agent's cross match feature necessary for protecting financial data? In NetSuite, scripts and workflows have the ability to execute as an Administrator. So what looks in system notes like Admin behavior is actually a harmless automation.

For auditors, however, unless you can prove otherwise, it's a huge red flag and potential control violation. By running a cross match search in Strongpoint Agent, you can avoid hours of work and prove to auditors that you're focusing your efforts on actual violations.

Watch a one-minute explainer or head over to the blog for a detailed tutorial.

Focusing on Critical Objects

Strongpoint automatically monitors transactional behavior — changes to accounting lists, bills of materials, revenue recognition templates and other financial objects.

It continuously checks every change across a list of customizable rules to flag non-compliant issues for review. Then, it gives you a set of tools for resolving those violations, and logs everything in an unchangeable, audit-ready record.

It’s all done using NetSuite’s saved searches, so it’s easy to learn, too.

Everything that violated policy but was cleared in advance.

preapproved incidents

Every outstanding control violation, collected for review and clearance in one consolidated report. This is, effectively, a checklist of everything you'll need to take care of before audit — many busy NetSuite teams hold regular meetings to review and clear items on this list.

UNRESOLVED

Every control incident that violated policy but was cleared afterwards. This is where auditors will see the steps you've taken to resolve violations — including the person who approved the resolution and the reasons why they did.

resolved