NetSuite Segregation of Duties and Access Controls

Keep data and transactions safe — and simplify the path to SOX compliance

The theory behind segregation of duties (SoD) is simple — users should not be able to perform multiple steps in a financial transaction. In practice, however, the realities of managing access in large organizations make it very difficult to enforce. 

NetSuite contains 636 distinct permissions, which govern 4923 separate tasks, searches and records. Because of this complexity, managing access effectively takes time and resources most admins and finance teams don't have. And even if things are clean and streamlined at all times, automation can introduce 'phantom conflicts' that auditors will read as control deficiencies. 

 

Canva Design DAEeF_DoZ3g-1
diagram (2)

How Strongpoint Helps

Strongpoint contains out-of-the-box reporting and tools that make it easy to plan a role and permission cleanup — even those 'phantom conflicts' we mentioned above. This lays the groundwork for a rapid SoD implementation. 

Once your roles and permissions are streamlined, Strongpoint integrates with NetSuite at the employee record to provide instant feedback on proposed role and permission changes based on an extensive library of customizable rules. It can automatically block unsafe changes and create an audit-ready reporting trail demonstrating the safety and integrity of your NetSuite data.

 

Five Minute SoD Overview

Here's Strongpoint's Amy Carlson with a five-minute overview of why segregation of duties matters, why it's so hard to implement, and how Strongpoint reduces months of work to just four easy steps.

The SoD Rules Library

The SoD library contains more than one hundred pre-built rules that can be customized for out-of-the-box controls in any account.

We've built this library based on extensive consultations with auditors as well as large corporations, with the aim to get new SoD projects up and running as quickly as possible. 

A key part of the onboarding process is to review the library and determine which rules are most relevant, and customize them where necessary. Then, rules are tested against users, roles and permissions to identify any conflicts that existing in system presently. 

check-1

Get started quickly with out-of-the-box SoD rules

check-1

Customize rules as necessary 

check-1

Test rules against existing access controls to identify conflicts

The Strongpoint SoD Cadence

1

Find and deactivate all unused and unassigned roles

1-1

Find and remove all unused role assignments

1-2

Check for SoD conflicts within roles

1-3

Check if the conflicting permissions are being actively used; if not, set them to “View” to resolve the conflict

1-4

Resolve any remaining conflicts by building compensating controls with Strongpoint Agent

1-May-10-2021-06-40-18-92-PM

Check for multi-role conflicts and resolve them using Strongpoint Agent

Role and Permission Cleanup

More roles and permissions mean more possibility for SoD violations. In a growing business, staff can change over frequently — and long-term employees can find their roles and responsibilities evolve over time. It's often easier to create a new role that to repurpose an existing one. 

The result is that roles and permissions can build up over time. Many of them may no long be in use, but they still present as control violations to auditors. We call these 'phantom conflicts' — finding and deprecating them is the first step towards managing segregation of duties in an efficient manner.

check-1

Identify unused roles and permissions

check-1

Plan and manage large cleanup projects

check-1

Quickly eliminate 'low hanging fruit'

Watch a Demo

In this clip, Strongpoint founder Mark Walker shows you some of the quick and easy ways you can use Strongpoint to clean up roles and permissions in preparation for an SoD project. 

Compensating Controls

Cleaning up unused access  — and clearing out 'false positive' conflicts — will eliminate a large portion of the work and uncertainty around managing segregation of duties. But even with the best-maintained accounts, there will still be situations where violations are necessary — for instance, someone is off sick and a coworker needs temporary access to pick up the slack, or where a team just isn't big enough.

We call this the real world, and it's distinct from the perfect world that auditors expect us to live in. Fortunately, Strongpoint includes intelligent controls that bring the two into alignment. 

Strongpoint integrates directly at the employee record to give you instant feedback on role and permission assignments. You'll know if a new assignment has the potential for SoD violations, and can even block certain risky assignments — such as Admin privileges — outright without prior approval. 

check-1

Instant feedback on role assignments

check-1

Blocking controls for risky assignments 

check-1

Continuous auditing of roles and permissions

Instant Feedback at the Employee Record 

Here's a one-minute look at how Strongpoint's mitigating controls work in NetSuite

Watch the Webinar:

Accelerate Your SoD Project

Register to watch our step-by-step walkthrough of a typical Strongpoint SoD implementation — and learn how to get compliant in as little as 30 days.

 

webinar blue
Untitled design (2)

Next Step: Master Data/Financial Controls

Monitor and protect the data that's most important to your business — and your auditors