I have just completed a set of automated routines aimed at analyzing the system security reports produced by Dynamics Great Plains 10 with a view to assessing how effectively the User Access Configuration has been implemented and kept up to date. The standard reports produced by the GP 10 system are not user friendly and can take weeks to review manually.
My routines produce a set of reports showing the users with access to privileged functions and also whether there are conflicting duties assigned to users thereby leading to a poor internal controls environment and increasing the risk of irregular activity. For instance, a user with access to ‘vendor maintenance’, ‘creating a purchase order’, ‘processing a vendor’s invoice’, and ‘printing a check’ can perpetrate a fraud quite easily.
These routines are aimed at anyone who is concerned about effective internal controls. In particular, internal and external auditors seeking to assess a company’s compliance with Sarbanes_Oxley [SOX]. It may take weeks to review a set of standard system reports manually but my routines can cut this time drastically. In a recent medium sized public company I was able to produce a set of reports for the “purchase-to-pay” and “sales-to-cash” processes in just under two days.
For more information feel free to contact me at ekriel@cogeco.ca or 1-416-451-3919