NetSuite Segregation of Duties and Access Controls
Keep data and transactions safe — and simplify the path to SOX compliance
The theory behind segregation of duties (SoD) is simple — users should not be able to perform multiple steps in a financial transaction. In practice, however, the realities of managing access in large organizations make it very difficult to enforce.
NetSuite contains 636 distinct permissions, which govern 4923 separate tasks, searches and records. Because of this complexity, managing access effectively takes time and resources most admins and finance teams don't have. And even if things are clean and streamlined at all times, automation can introduce 'phantom conflicts' that auditors will read as control deficiencies.
How Strongpoint Helps
Strongpoint contains out-of-the-box reporting and tools that make it easy to plan a role and permission cleanup — even those 'phantom conflicts' we mentioned above. This lays the groundwork for a rapid SoD implementation.
Once your roles and permissions are streamlined, Strongpoint integrates with NetSuite at the employee record to provide instant feedback on proposed role and permission changes based on an extensive library of customizable rules. It can automatically block unsafe changes and create an audit-ready reporting trail demonstrating the safety and integrity of your NetSuite data.
Five Minute SoD Overview
Here's Strongpoint's Amy Carlson with a five-minute overview of why segregation of duties matters, why it's so hard to implement, and how Strongpoint reduces months of work to just four easy steps.
The SoD Rules Library
The SoD library contains more than one hundred pre-built rules that can be customized for out-of-the-box controls in any account.
We've built this library based on extensive consultations with auditors as well as large corporations, with the aim to get new SoD projects up and running as quickly as possible.
A key part of the onboarding process is to review the library and determine which rules are most relevant, and customize them where necessary. Then, rules are tested against users, roles and permissions to identify any conflicts that existing in system presently.
Get started quickly with out-of-the-box SoD rules
Customize rules as necessary
Test rules against existing access controls to identify conflicts
The Strongpoint SoD Cadence
Find and deactivate all unused and unassigned roles
Find and remove all unused role assignments
Check for SoD conflicts within roles
Check if the conflicting permissions are being actively used; if not, set them to “View” to resolve the conflict
Resolve any remaining conflicts by building compensating controls with Strongpoint Agent
Check for multi-role conflicts and resolve them using Strongpoint Agent
Role and Permission Cleanup
More roles and permissions mean more possibility for SoD violations. In a growing business, staff can change over frequently — and long-term employees can find their roles and responsibilities evolve over time. It's often easier to create a new role that to repurpose an existing one.
The result is that roles and permissions can build up over time. Many of them may no long be in use, but they still present as control violations to auditors. We call these 'phantom conflicts' — finding and deprecating them is the first step towards managing segregation of duties in an efficient manner.
Identify unused roles and permissions
Plan and manage large cleanup projects
Quickly eliminate 'low hanging fruit'
Watch a Demo
In this clip, Strongpoint founder Mark Walker shows you some of the quick and easy ways you can use Strongpoint to clean up roles and permissions in preparation for an SoD project.
Cleaning up unused access — and clearing out 'false positive' conflicts — will eliminate a large portion of the work and uncertainty around managing segregation of duties. But even with the best-maintained accounts, there will still be situations where violations are necessary — for instance, someone is off sick and a coworker needs temporary access to pick up the slack, or where a team just isn't big enough.
We call this the real world, and it's distinct from the perfect world that auditors expect us to live in. Fortunately, Strongpoint includes intelligent controls that bring the two into alignment.
Strongpoint integrates directly at the employee record to give you instant feedback on role and permission assignments. You'll know if a new assignment has the potential for SoD violations, and can even block certain risky assignments — such as Admin privileges — outright without prior approval.
Instant feedback on role assignments
Blocking controls for risky assignments
Continuous auditing of roles and permissions
Instant Feedback at the Employee Record
Here's a one-minute look at how Strongpoint's mitigating controls work in NetSuite
Watch the Webinar:
Accelerate Your SoD Project
Register to watch our step-by-step walkthrough of a typical Strongpoint SoD implementation — and learn how to get compliant in as little as 30 days.