[In this series, we’re looking at quick fixes to improve GP security. ]
Controlling access to Journal Entries is a fundamental control point. If users can make and post journal entries without any review, they can do just about anything to the final financial statement numbers.
In Dynamics GP, there are actually three different ways to enter a journal entry and an easy security fix is to turn off two of them.
In Dynamics GP, a journal entry can be created using the Transaction Entry, Quick Journal Entry, or Clearing Entry windows.
Transaction Entry is the primary journal entry option. It supports batches for review, approval of batches, and workflow approval by batch. This is what most people think of when they think of creating a journal entry in GP. It’s also the area where organizations are most likely to place controls.
Quick Journals were designed to be journal entries created via templates where the accounts were similar from month to month, but the amounts would change. There are a couple of problems with Quick Journals:
- They don’t use batches making them difficult for others to review prior to posting
- They don’t support approvals
- They don’t support workflow
- They are rarely used.
This last one is actually the biggest issue. Because many companies barely know that Quick Journals exist, they don’t restrict them in security. It’s a journal entry hole big enough to drive a truck through.
On top of that, Quick Journal functionality can be duplicated using recurring batches in Transaction Entry. The Recurring Batches feature provides equivalent functionality with approval and review options using the Transaction Entry window.
There is a simple fix, turn Quick Journals off. In a
Finally, we come to the odd little feature known as Clearing Entries. Clearing entries are designed to clear the balance of an account (either year-to-date or for a specific period) to a different account, hence the name. The odd part is that these entries don’t show any amounts. Users simply select Year-to-Date or Trx Period and they are left hoping the amount is correct. While a report can be run to show the amount, that’s extra time and effort just to see the amounts on a journal entry.
This is another feature that is rarely if ever used. Most users prefer to validate the balance to be moved and then process a regular journal entry.
Clearing entries do support batches, but there is so little benefit to clearing entries that most users avoid them. Turning them off is a great way to ensure that they can’t be used as a back door to an inappropriate journal entry.
Clearing entries are also part of the Accounting Manager, Bookkeeper and Power User roles and they are a member of the TRX_FIN_001* task by default. Simply remove the window from the task to turn it off using Setup>System>Security Tasks.
With just a couple of simple tweaks, it’s easy close off access to alternative journal entry options and focus control on the main Transaction Entry window.
You can find all of the fixes in this series at GP Easy Security Fixes.