Skip to main content

Top 5 Year End Security Considerations for ERP Systems

by Mark Polino
Director of Client Services, Fastpath, Integrated Business Group
Key and lock

Regardless of which ERP system you use, there some universal security considerations that always pop up at year end. The bottom line is that auditors and management want to know that administrators understand and can demonstrate that they have control of their systems. With that in mind, here are my top 5 year-end security concerts for ERP systems.

  1. Journal Entries - A lot of extra journal entries are made around year end. These include things like cleaning up estimates, adjusting leftover accruals and deferrals, and fixing errors. Often, items like bonuses are tied to final year end numbers, so year-end journal entries have historically been an area ripe for manipulation. It's also an area where auditors will spend plenty of time, so make sure that there is a process to review JE's.
  2. Segregation of Duties - Year end is a great time to review segregation of duties to ensure that individual users don't have access to too many parts of a process and to ensure that any mitigation processes are being performed and documented.
  3. User Security - Reviewing user security at year end is important, especially if it's not being reviewed throughout the year. Lots of things can change throughout the year so making sure that users have the right access should be done at least annually, though more often is better.
  4. System Administrator and Super User Access - Operations performed by system administrators and super or power users should get extra scrutiny. The elevated access afforded these individuals gives them the power to bypass many security features, so transactions performed by these users should actually be trusted less.

    FREE Membership Required to View Full Content:

    Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
    Learn more about us here

About Mark Polino

Mark Polino is a Certified Public Accountant (CPA) and a former Microsoft MVP (2007-2018) for Business Solutions. He is the author or coauthor of 5 books related to Microsoft Dynamics GP.  Mark also maintains the Dynamics GP focused website He speaks and writes regularly about ERP related topics. Mark has been a controller and CFO for a division of a publicly traded company and he has  worked as a consultant implementing ERP solutions. Mark holds additional certifications including Certified Information Technology Professional (CITP), Certified in Financial Forensics (CFF) , Chartered Global Management Accountant (CGMA). Dynamics Credentialed Professional for Dynamics GP 2015 (Core Install and Core Financials), Xero Certified. He holds a bachelor's degree in accounting from the University of Central Florida and an MBA from Rollins College. Mark lives with his family in Florida.

More about Mark Polino