Audit Enablement

The NetSuite application has many features to help users build and manage internal controls for financial reporting. The use of NetSuite as a financial system lets you manage financial process controls in a single system for the organization and then extend that functionality with applications from Fastpath or Strongpoint.

You can customize NetSuite to reduce errors in financial transactions. Some examples include:

• Workflows for dual authorization

  Workflows provide additional segregation of duties controls beyond logical security. For example, workflows can provide approval limits and prevent users from approving their own transactions. You can build custom workflows in NetSuite to fit your company's needs.

• Scripting

  You can use scripts to add custom controls that are not built into NetSuite by default. For example: currently within NetSuite, invoices are required to be reviewed and approved by the person who created the PO and who is the business owner for the expense. This requirement enables the Accounts Payable team to determine whether the invoices from the vendors are appropriate, and to ensure that they are matched against the proper invoice. Currently, this is done using scripting. When the Accounts Payable team creates an invoice against a vendor and PO, an email is sent to the business owner requesting approval of the invoice for payment.

• Audit trail saved searches

  Most financial transactions in NetSuite have an audit trail that can be tracked and searched. You can track changes to roles, customizations, transactions, and more, with some exceptions. Saved search alerts help you identify items outside of ordinary processing. For example, you can set up an alert for transactions started by personnel who don't normally initiate them. You may also want to track POs created by Accounts Payable because they're part of the procure-to-pay process. Tracking POs created by Accounts Payable helps management detect any suspicious transactions. You can also monitor changes to credit levels, terms, and addresses.

• Manual controls

  Some areas in NetSuite still require manual controls. It's important to review the following items and set up external controls to monitor these types of transactions.

  • Audit trails for journal entries post-approval

    Currently, there is no audit trail for journal entry edits after it has been approved, or when the approver edits the entry prior to approval. Therefore, it's important to review journal entries, expense or disbursement accounts, and reconcile accounts. As the reviews are the key controls, you should use proper segregation of duties for selecting the reviewer.

  • Audit trails for account setup

    Account setup changes aren't tracked, except for the header information (user who performed an edit, date and time). It's important establish post-setup reviews by a different person, and controls for certain significant transactions that can be impacted by changes to the setup. For example, credit limit for customers can be turned on or off, which lets customers exceed their credit limits. A periodic review of customer balances against their credit limits could be used to detect whether any have exceeded their limits. Because there may be instances where the excess to the credit limit is approved, it's important to establish how approval is obtained and documented.

  • Three-way matching for PO, invoice, and receipt of goods

    It is important to establish a process to monitor purchases. Monitoring, scripting, and evidence of approval may be used to support purchase and invoice authorization. Within NetSuite, the Accounts Payable team monitors and ensures that a PO exists before vendor transactions, all PO violations are reported and monitored. Invoices are approved and validated to ensure that they don't go over the PO amount. Invoices over the PO amount require another approved PO or are flagged. The team also ensures that services or goods are being received.

NetSuite is a tool that helps its customers meet their business needs, but customers must ensure that they understand their requirements and how they can use NetSuite to meet them. Auditing controls can be customized to fit your business needs. Customers should understand their compliance obligations, their risks, how to address them, and how to implement and monitor controls.

General Notices