Presentation is loading. Please wait.

Presentation is loading. Please wait.

Best Practices for setting up Audit Trails in Dynamics NAV

Published byRobyn McKinney Modified over 7 years ago

Similar presentations

Presentation on theme: "Best Practices for setting up Audit Trails in Dynamics NAV"— Presentation transcript:

1 Best Practices for setting up Audit Trails in Dynamics NAV

2 About Fastpath Audit and security solutions for Microsoft Dynamics
Founded in 2004 CPAs and CIAs on staff Over 1000 installations in 30+ countries

3 Common Challenges Security setup – everyone is an admin
User provisioning Who has access to Dynamics? What did they do with that access? Segregation of duties analysis Compliance and audit: SOX, FDA, NFP, Gov’t

4 Agenda How to determine what to audit Setting up audit trails Tools
Pitfalls and practices to avoid What do you do with the audit data after you collect it

5 Determining what to audit
Organizational risk Segregation of duties Outside controls High $ impact Audit requirements Cost to audit trails High level in our business Financial, organization, physical risk More probable to happen Not as probable but higher impact Other controls SoD – If have great security and SoD – AT not as big of a need Smaller company, less SoD more AT is going to be important Other processes, Finanical reports Debits/credits being posted, already have a report that, don’t need AT Higher $ impact determine AT Audit requirements Public – SOX, HIPAA Type of company/industry will have impact on Audit requirements Cost to AT Not just monetary cost for tool Time to setup, maintain, review Performance cost

6 Audit Trail Setup Field level Reduces performance hit
Base your audits on your risk profile Risk based approach Find the right balance Identify and track critical data points Field level Reduces performance hit Reduces data storage requirements Improves reporting performance Improves reviewer accuracy Risk based approach High risk areas from your risk assessment / profile Find the right balance between too much information and too little information Critical data points Master Data / Security Change / Setup / Configuration Transactional data – concerned about performance, dependent on how many transactions your company is doing Field level AP -> vendor changes -> fax number not important but CHECK NAME, REMIT TO ADDRESS

7 Audit Trail Setup Start at your reports and use your reports to filter out information Start small Put the ownership of the product/reports into the hands of the BPOs Review, review, review!!! Start at reports Visualize your data, what report are you going to review Use your reports to filter out information rather than not collect the information in the first place Start Small - and then continue to add to the audit trail Engage BPOs (business process owners) They are in day-to-day, IT dept shouldn’t make these decisions What to track in inventory without talking to inv mgr Track relevant info that will be reviewed in a high risk area Review, review, review Don’t create your own haystack (don’t create a million records of data to find the 500 relevant ones) Don’t turn on if you are not going to review it

8 Performance Considerations
Every field tracked has a performance impact Does it have an impact on user experience? Tracking has impact on report performance Take a risk based approach Build a test environment Test, test, test every field -putting some validation on the field -impact down to the field level -instead of all (100) get down to the 10 critical UX -is the user experiencing issues, time to load, data entry -don't want to lose productivity RISK BASED -look at entity/form - what is important on that entity/form to track changes -monetary impact, audit impact TEST -make sure getting good reports, remove fields that don't make sense -good streamlined data, cut out fat

9 Tools Out of Box NAV Change Log Custom 3rd Party

10 NAV Change Log Tracks user, date, time and old/new values for changes made to data in the tables you track You can track specific fields within a table, along with specific events (Add, Modify, Delete) NAV > Only tracks data changes when users make changes in the NAV user interface NAV > Tracks all changes, whether by user or not Automatically track: Access Control, Change Log Setup (Table/Field), Permission, Permission Set, User, User Property

11 NAV Change Log - Setup Must activate the Change Log per company
Change Log Setup window Change Log Activated field

12 NAV Change Log - Setup Change Log Setup window -> Actions -> Tables Setup Tables you want to track, including the Fields for each table

13 NAV Change Log - Setup Select Fields … For each event type

14 Pitfalls “I want to audit EVERYTHING”
Using audit trail reports as a substitute for operational/financial reports Inefficient audit reports 500 vs 1,000,000 -AUDIT EVERYTHING -audit trail will not help prevent changes. have to turn on control in security. -don't use AT to address security issues. -have proper security, and then AT will help in your hish risk areas -check up on users because of security - doing it wrong -sifting thru millions, go cross eyes OP/FIN reports -get the same info out of OP/FIN reports -track journal entries, down to credit/debit -recreating journal posting reports with AT -building redundacy, creating perf impacts -use AT to understand critical changes to critical data INEFFICIENT AT REPORTS -good security, not using AT for OP/FIN -forgot to identify key fields -not narrowing down fields 500 VS 1,000,000 -easier to find issues when looking at smaller subset of data

15 What do you do with the data after it’s collected?
Review, review, review! Who owns the data? Are the reviews being done in a timely fashion? Visibility to the who, what, where, when and how WHO OWNS -who should be reviewing -not the person who can make the changes -independent, but some responsibility that the data is appropriate -smaller organizations, it is hard TIMELY FASHION -this is key -no one looks at log for 4/5/6 weeks, how easy to identify the user and how easy to recover from the issue -how much monetary loss in those 4/5/6 week period -real time alerts - NO - you will go crazy, stop paying attention to the alerts -what about daily/weekly/monthly -vendor EFT – daily, -inventory - weekly Who/what/where/when/how – did the right person make the change, did I know that person had this type of access, where did the change come from (in the system/outside of the system), when was the change made – business hours vs non business hours

16 NAV Change Log – reviewing data
Change Log Entries page

17 Data Maintenance How much data will be created?
Define a retention policy Archiving improves report performance Purge data on a regular basis Make a backup HOW MUCH DATA -subjective, what is you are auditing, size of orgs -1 MILLION ROWS - 1 GB OF SIZE RETENTION POLICY -AT not necessarily under same subjects as FIN/OP data -check with int/ext auditors ARCHIVING -improve rpt perf -move audit data from reporting tables, archive table/db/server, ability to restore PURGING -don't need to retain, not FIN/OP -3 years in archive, purge older -maintain size BACKUP

18 NAV Change Log – deleting entries
Filter what entries based on date and table number

19 Additional Resources Upcoming Webinars
8/30 - Eyes Wide Shut - Do You Know Who is Making Changes to Your NAV Data? Register: 9/15 - Best Practices for Setting up Security in NAV - Register: Blog Posts Blog Post: Five things to think about when setting up Audit Trails: trails Blog Post: Seven Reasons to Choose Fastpath Audit Trail over NAV Change Log : navs-change-log

20 Where to find us at NAVUG Summit
Booth 501 Fastpath Partner Showcase: Best Practices for NAV Security and Segregation of Duties Fastpath Party - Thurs, 8:30pm - Cuban Club in Ybor City Don’t miss the most anticipated event of Summit – come out and enjoy a night of fun, food, music, games and dancing! You work hard, now it’s time to play hard too!

21 Contact Info Kim Congleton Twitter Web –

Download ppt "Best Practices for setting up Audit Trails in Dynamics NAV"

Similar presentations

ImageNow at LaSalle University Julie Riganati 215.951.5129.

ImageNow at LaSalle University Julie Riganati
System Developed By Srijan Software Services, Dehradun Are you associated with Multiple Companies ? Are you facing problems ? Service industry is the largest.

System Developed By Srijan Software Services, Dehradun Are you associated with Multiple Companies ? Are you facing problems ? Service industry is the largest.
1 of 27 DA1241 Archive Companies Last updated: March-2004 DA1241 Archive Companies.

1 of 27 DA1241 Archive Companies Last updated: March-2004 DA1241 Archive Companies.
Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services 704-814-0004.

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services
Case Study By: Susan Gulick Principal Consultant – Solutions Partners, Inc. May 18, 2005 Oracle Self-Service HR.

Case Study By: Susan Gulick Principal Consultant – Solutions Partners, Inc. May 18, 2005 Oracle Self-Service HR.
Barracuda Message Archiver

Barracuda Message Archiver
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Definitions Collaboration – working together on team projects and sharing information, often through ad-hoc processes, to accomplish project goals. Document.

Definitions Collaboration – working together on team projects and sharing information, often through ad-hoc processes, to accomplish project goals. Document.
Ch 11 Managing System Reliability and Availability 1.

Ch 11 Managing System Reliability and Availability 1.
ENVIROTRAC: A Premier Chamber Monitoring and Data Acquisition System Envirotrac A Guided Tour.

ENVIROTRAC: A Premier Chamber Monitoring and Data Acquisition System Envirotrac A Guided Tour.
Maintaining File Services. Shadow Copies of Shared Folders Automatically retains copies of files on a server from specific points in time Prevents administrators.

Maintaining File Services. Shadow Copies of Shared Folders Automatically retains copies of files on a server from specific points in time Prevents administrators.
IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.

IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.
Best Practices for Implementing Third Party Software to Monitor SOD and User Access Controls Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Best Practices for Implementing Third Party Software to Monitor SOD and User Access Controls Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
Archiving emails. How to Manage Auto-Archive in Outlook 2014-15 Your Microsoft Outlook mailbox grows as you create and receive items. To manage the space.

Archiving s. How to Manage Auto-Archive in Outlook Your Microsoft Outlook mailbox grows as you create and receive items. To manage the space.
Enterprise Security for Microsoft Dynamics GP Jeff Soelberg

Enterprise Security for Microsoft Dynamics GP Jeff Soelberg
PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C.

PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C.
Database What is a database? A database is a collection of information that is typically organized so that it can easily be storing, managing and retrieving.

Database What is a database? A database is a collection of information that is typically organized so that it can easily be storing, managing and retrieving.
Frontline Enterprise Security

Frontline Enterprise Security
Data Center Management Microsoft System Center. Objective: Drive Cost of Data Center Management 78% Maintenance 22% New Issue:Issue: 78% of IT budgets.

Data Center Management Microsoft System Center. Objective: Drive Cost of Data Center Management 78% Maintenance 22% New Issue:Issue: 78% of IT budgets.

Similar presentations

Ads by Google