Best Practices for Setting up Audit Trails in

Best Practices for Setting up Audit Trails in Dynamics GP

About Me • Certified in Risk and Information Systems Control • 17 years experience in financial management systems • 10 years experience in systems auditing

Should I use audit trail? • • • Are there any other control options? Why would I use audit trails? Why wouldn’t I use audit trails? “I need to track everything” 4 considerations for successful deployment Setup, Performance, Reporting, Data Management

Audit Trail Setup • • What should I track? There is a cost to audit trails Take a risk based approach Start at reports If you aren’t going to review it don’t track it Engage the BPOs By entity > Vendor and By field > Address

Performance considerations • • • Every field tracked has a performance impact Does it have an impact on user experience? Tracking has impact on report performance Take a risk based approach Build a test environment Test, test

Determining risk areas • • • Organizational risk Segregation of duties Outside controls Probability/impact model Audit requirements

Reporting • • • Don’t “create your own haystack” Who will review it How often will they review it Provide evidence of the reviews What am I looking for? – Who, what, when, where, and how?

Data Maintenance • • • How much data will be created? Define a retention policy Archiving improves report performance Purge data on a regular basis Make a backup

Pitfalls • “I want to audit EVERYTHING” • Using audit trail reports as a substitute for operational/financial reports • Inefficient audit reports or 500 vs 1, 000

Audit trail options • Out of the box – last user/changed date • Native – None (GP) • Custom • Third party

Alerts • Immediate notification of event • Limitations – High volume results in ignored alerts – May flood email server

Contact Us • • www. gofastpath. com Twitter @gofastpath info@gofastpath. com liz@gofastpath. com

Questions?