A simple journal entry security fix for Microsoft Dynamics GP

Let's talk for a minute about an easy security fix in Dynamics GP.

There is something I see quite a lot when using Fastpath Assure to analyze GP companies for segregation of duties conflicts. A set of users will have rights to create an account in the chart and to create a journal entry. This is a conflict because a user could create a fictitious account and then create a journal entry to move amounts into the new account. For example, amounts could be moved from expenses into a fictitious balance sheet account to materially change the outcome of the financial statements.

That's bad, so many companies have mitigating controls over journal entries because they need certain users to have both sets of rights. A mitigating control could be a pre-posting review, GP's classic batch approval, or even a workflow. Most companies at least make an attempt at mitigating controls around journal entries. Where they fall down is in putting appropriate controls on the other kinds of journal entries in GP.

In addition to Transaction Entry, general journal entries can be made via Quick Journals and Clearing Entries. Quick Journals don't use batches and are not subject to any kind of approval. Clearing Entries do support batch approval, but approval has to be setup for Clearing Entry batches, not just Transaction Entry batches, and I've never seen a company do it. Even worse, both of these features are rarely used and easily forgotten. Allowing users access to Quick Journals and Clearing Entries represents a gaping hole in the mitigation strategy for journal entries in many organizations.

Fortunately, this is ...