NetSuite Segregation of Duties
Keep data and transactions safe with our best-in-class segregation of duties methodology (SoD)
The theory behind segregation of duties (SoD) is simple — users should not be able to perform multiple steps in a financial transaction. In practice, however, the realities of managing access in large organizations make it very difficult to enforce.
NetSuite contains 636 distinct permissions, which govern 4923 separate tasks, searches and records. Because of this complexity, managing access effectively takes time and resources most admins and finance teams don't have. And even if things are clean and streamlined at all times, automation can introduce 'phantom conflicts' that auditors will read as control deficiencies.
Faster, Automated NetSuite SoD Projects
Strongpoint enables NetSuite teams to complete an SoD project in less time than ever before. Our software contains out-of-the-box reporting and tools that make it easy to plan a role and permission cleanup — even those 'phantom conflicts' we mentioned above. This lays the groundwork for a rapid SoD implementation using our proven, industry-leading process.
Once your roles and permissions are streamlined, Strongpoint integrates with NetSuite at the employee record to provide instant feedback on proposed role and permission changes based on an extensive library of customizable rules. It can automatically block unsafe changes and create an audit-ready reporting trail demonstrating the safety and integrity of your NetSuite data.
Book a Demo
See Strongpoint's SoD methodology in action
The SoD library contains more than one hundred pre-built rules that can be customized for out-of-the-box controls in any account.
We've built this library based on extensive consultations with auditors as well as large corporations, with the aim to get new SoD projects up and running as quickly as possible.
A key part of the onboarding process is to review the library and determine which rules are most relevant, and customize them where necessary. Then, rules are tested against users, roles and permissions to identify any conflicts that existing in system presently.
Get started quickly with out-of-the-box SoD rules
Customize rules as necessary
Test rules against existing access controls to identify conflicts
The Strongpoint SoD Cadence
Clean up roles and permissions to avoid false positives
Many SoD violations will be caused by unassigned or unused roles, global permissions no longer in-use, and employees that have access to multiple roles that they don’t use. Strongpoint provides pre-built tools to identify these gaps and clean them up — helping your team get started fast.
Automate SoD analysis using the Strongpoint SoD rule library
After a general cleanup of 'low-hanging fruit,' your team can run an in-depth analysis against your roles, permissions and assignments to generate a list of violations. The process, which is based on our proven library of the most common NetSuite segregation of duties risks, takes no more than a few hours.
Analyze for SoD conflicts within roles
Next, you'll want to look within roles for conflicts. This analysis will identify where critical permissions are assigned and where conflicting permissions exist. Strongpoint can automatically identify roles that would allow users to perform too many steps within a process.
Analyze for SoD conflicts at the user level
After analyzing your roles, Strongpoint will focus on user-level access issues — such as employees with multiple roles and global permissions. With this, you'll have a complete picture of the total population of SoD risks in your account.
Automatically analyze transactional activity by role and permission
Your SoD secret weapon — once you've determined the actual usage of roles and permissions in your account, you can use Strongpoint to scale back to 'view only' and access that isn't being actively used, preventing potential SoD violations without impacting end users. Then, build compensating and mitigating controls around any conflicts that still remain.
Where SoD and mitigating controls aren’t possible, enable Strongpoint Agent
With Strongpoint, your team can automatically monitor and track transactional data auditors are most concerned with. With Agent controls set up, you can record violations in an immutable, audit-ready log where they can be quickly reviewed and resolved.
Role and Permission Cleanup
More roles and permissions mean more possibility for SoD violations. In a growing business, staff can change over frequently — and long-term employees can find their roles and responsibilities evolve over time. It's often easier to create a new role that to repurpose an existing one.
The result is that roles and permissions can build up over time. Many of them may no long be in use, but they still present as control violations to auditors. We call these 'phantom conflicts' — finding and deprecating them is the first step towards managing segregation of duties in an efficient manner.
Identify unused roles and permissions
Plan and manage large cleanup projects
Quickly eliminate 'low hanging fruit'
Watch a Demo
Strongpoint comes loaded with pre-built reports for identifying the most common forms of access-related technical debt in NetSuite. In this clip, we show you how Strongpoint makes it easy to find user roles that are assigned but not in use.
Cleaning up unused access — and clearing out 'false positive' conflicts — will eliminate a large portion of the work and uncertainty around managing segregation of duties. But even with the best-maintained accounts, there will still be situations where violations are necessary — for instance, someone is off sick and a coworker needs temporary access to pick up the slack, or where a team just isn't big enough.
We call this the real world, and it's distinct from the perfect world that auditors expect us to live in. Fortunately, Strongpoint includes intelligent controls that bring the two into alignment.
Strongpoint integrates directly at the employee record to give you instant feedback on role and permission assignments. You'll know if a new assignment has the potential for SoD violations, and can even block certain risky assignments — such as Admin privileges — outright without prior approval.
Instant feedback on role assignments
Blocking controls for risky assignments
Continuous auditing of roles and permissions
Instant Feedback at the Employee Record
Here's a one-minute look at how Strongpoint's mitigating controls work in NetSuite
Get the eBook
Three Steps to NetSuite Compliance
Download our free eBook to learn how SoD and access controls fit into a larger compliance project — and how you can simplify everything to a few easy, automated steps.