Skip to main content

A simple journal entry security fix for Microsoft Dynamics GP

by Mark Polino
Director of Client Services, Fastpath, Integrated Business Group

Let's talk for a minute about an easy security fix in Dynamics GP.

There is something I see quite a lot when using Fastpath Assure to analyze GP companies for segregation of duties conflicts. A set of users will have rights to create an account in the chart and to create a journal entry. This is a conflict because a user could create a fictitious account and then create a journal entry to move amounts into the new account. For example, amounts could be moved from expenses into a fictitious balance sheet account to materially change the outcome of the financial statements.

That's bad, so many companies have mitigating controls over journal entries because they need certain users to have both sets of rights. A mitigating control could be a pre-posting review, GP's classic batch approval, or even a workflow. Most companies at least make an attempt at mitigating controls around journal entries. Where they fall down is in putting appropriate controls on the other kinds of journal entries in GP.

In addition to Transaction Entry, general journal entries can be made via Quick Journals and Clearing Entries. Quick Journals don't use batches and are not subject to any kind of approval. Clearing Entries do support batch approval, but approval has to be setup for Clearing Entry batches, not just Transaction Entry batches, and I've never seen a company do it. Even worse, both of these features are rarely used and easily forgotten. Allowing users access to Quick Journals and Clearing Entries represents a gaping hole in the mitigation strategy for journal entries in many organizations.

Fortunately, this is ...

FREE Membership Required to View Full Content:

Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About Mark Polino

Mark Polino is a Certified Public Accountant (CPA) and a former Microsoft MVP (2007-2018) for Business Solutions. He is the author or coauthor of 5 books related to Microsoft Dynamics GP.  Mark also maintains the Dynamics GP focused website He speaks and writes regularly about ERP related topics. Mark has been a controller and CFO for a division of a publicly traded company and he has  worked as a consultant implementing ERP solutions. Mark holds additional certifications including Certified Information Technology Professional (CITP), Certified in Financial Forensics (CFF) , Chartered Global Management Accountant (CGMA). Dynamics Credentialed Professional for Dynamics GP 2015 (Core Install and Core Financials), Xero Certified. He holds a bachelor's degree in accounting from the University of Central Florida and an MBA from Rollins College. Mark lives with his family in Florida.

More about Mark Polino