Audit and Assurance

Expand all | Collapse all

Access Control Review for Microsoft Dynamics NAV

  • 1.  Access Control Review for Microsoft Dynamics NAV

    Posted 17 Feb, 2020 10:05
    Good Evening Everyone,

    We are currently performing access control review on Microsoft Dynamics NAV. We want to implement segregation of duty in the finance department. What are the key areas in the finance department that segregation of duty should be implement on the Microsoft Dynamic NAV.

    All suggestions will be appreciated.

  • 2.  RE: Access Control Review for Microsoft Dynamics NAV

    Posted 18 Feb, 2020 06:29
    Hi Latifat,

    The key areas are;

    1. Accounts Receivables are linked with sales process
    2. Accounts payable are linked with purchases and procurement processes
    3. Bank Reconciliation statements
    4. Treasury management
    5. Cash Management

    The person in these areas should be segregated based on the ARC principle (Authorization, Recording and Custodian), meaning, the person who is initiating a transactions should not have approval rights. Likewise, under receivables the collectors should not have rights to update receivables records, their duty is to submit the money in the form of cash, bank cheques etc. to credit department, in a nutshell, those who record should not have rights to authorization or custodian etc.

    The following information should be gathered;

    1. How many layers of approval is defined e.g. CEO Approval, Head of Department Approval, MD approval etc.
    2. Try to obtain flow chart from Finance department it will help you understanding the flow of information from start to end. if it is not exists then interview the finance department personnel to understand the processes of independent areas.
    3. What are the approval limits determined by the finance department e.g.
      1. Upto 100 K who will approve?
      2. From 100 K to 500K
      3. Over 500k
      4. Over 1 Million etc.
      5. Review, who is having "view, read, modify RIGHTS in Dynamics NAV"?

    Hope it will help you to some extent.

    Abdul Khan
    Internal IT Auditor