Accounting Security Features

🔒𝗜𝘀 𝗬𝗼𝘂𝗿 𝗖𝗼𝗺𝗽𝗮𝗻𝘆'𝘀 𝗠𝗼𝗻𝗲𝘆 𝗔𝗰𝘁𝘂𝗮𝗹𝗹𝘆 𝗦𝗮𝗳𝗲? As a Controller who's worked with businesses of all sizes, I know external threats to your cash aren't the only thing keeping you up at night. Let me break down 7 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗮𝗹 𝘄𝗮𝘆𝘀 𝘁𝗼 𝗽𝗿𝗼𝘁𝗲𝗰𝘁 𝘆𝗼𝘂𝗿 𝗰𝗼𝗺𝗽𝗮𝗻𝘆'𝘀 𝗺𝗼𝗻𝗲𝘆 - both from outside AND inside threats. 1. 𝗧𝘄𝗼 𝗦𝗲𝘁𝘀 𝗼𝗳 𝗘𝘆𝗲𝘀 𝗼𝗻 𝗘𝘃𝗲𝗿𝘆𝘁𝗵𝗶𝗻𝗴 - No single person should have all the keys to the kingdom. S𝗽𝗹𝗶𝘁 𝘂𝗽 𝘄𝗵𝗼 𝗵𝗮𝗻𝗱𝗹𝗲𝘀 𝘁𝗵𝗲 𝗺𝗼𝗻𝗲𝘆, 𝘄𝗵𝗼 𝗮𝗽𝗽𝗿𝗼𝘃𝗲𝘀 𝘀𝗽𝗲𝗻𝗱𝗶𝗻𝗴, and 𝘄𝗵𝗼 𝗰𝗵𝗲𝗰𝗸𝘀 𝘁𝗵𝗲 𝗯𝗼𝗼𝗸𝘀. Big purchase? Make sure at least two people sign off. Trust me, this simple step prevents a lot of headaches. 2. 𝗟𝗼𝗰𝗸 𝗗𝗼𝘄𝗻 𝗬𝗼𝘂𝗿 𝗦𝘆𝘀𝘁𝗲𝗺𝘀 - Think of your financial systems like your house - not everyone needs a key to every room. 𝗚𝗶𝘃𝗲 𝗽𝗲𝗼𝗽𝗹𝗲 𝗮𝗰𝗰𝗲𝘀𝘀 𝗼𝗻𝗹𝘆 𝘁𝗼 𝘄𝗵𝗮𝘁 𝘁𝗵𝗲𝘆 𝗻𝗲𝗲𝗱 𝗳𝗼𝗿 𝘁𝗵𝗲𝗶𝗿 𝗷𝗼𝗯. Your AP clerk doesn't need to see payroll data, right? 3. 𝗪𝗮𝘁𝗰𝗵 𝗬𝗼𝘂𝗿 𝗖𝗮𝘀𝗵 𝗟𝗶𝗸𝗲 𝗮 𝗛𝗮𝘄𝗸 - 𝗞𝗻𝗼𝘄 𝘆𝗼𝘂𝗿 𝗰𝗮𝘀𝗵 𝗽𝗼𝘀𝗶𝘁𝗶𝗼𝗻 𝗱𝗮𝗶𝗹𝘆 (like checking your personal bank account). Have a solid grip on what's coming in and going out next week, next month, and next quarter. No surprises! 4. 𝗚𝗲𝘁 𝗬𝗼𝘂𝗿 𝗕𝗮𝗻𝗸 𝗔𝗰𝗰𝗼𝘂𝗻𝘁𝘀 𝗶𝗻 𝗢𝗿𝗱𝗲𝗿 - 𝗞𝗲𝗲𝗽 𝗮 𝗺𝗮𝘀𝘁𝗲𝗿 𝗹𝗶𝘀𝘁 𝗼𝗳 𝗔𝗟𝗟 𝗰𝗼𝗺𝗽𝗮𝗻𝘆 𝗯𝗮𝗻𝗸 𝗮𝗰𝗰𝗼𝘂𝗻𝘁𝘀 (you'd be shocked how many get forgotten). Check them against your books regularly - daily if possible, monthly at minimum. 5. 𝗠𝗮𝗸𝗲 𝗣𝗮𝘆𝗺𝗲𝗻𝘁𝘀 𝗕𝘂𝗹𝗹𝗲𝘁𝗽𝗿𝗼𝗼𝗳 - 𝗨𝘀𝗲 𝘀𝗲𝗰𝘂𝗿𝗲, 𝗺𝗼𝗱𝗲𝗿𝗻 𝗽𝗮𝘆𝗺𝗲𝗻𝘁 𝘀𝘆𝘀𝘁𝗲𝗺𝘀. For big payments, have multiple people review them. Think of it like launching a rocket - multiple checkpoints before liftoff! 6. 𝗦𝘁𝗼𝗽 𝗙𝗿𝗮𝘂𝗱 𝗕𝗲𝗳𝗼𝗿𝗲 𝗜𝘁 𝗛𝗮𝗽𝗽𝗲𝗻𝘀 - Use bank platforms with strong security (like two-factor authentication). 𝗔𝗟𝗪𝗔𝗬𝗦 𝗱𝗼𝘂𝗯𝗹𝗲-𝗰𝗵𝗲𝗰𝗸 𝘃𝗲𝗻𝗱𝗼𝗿 𝗽𝗮𝘆𝗺𝗲𝗻𝘁 𝗱𝗲𝘁𝗮𝗶𝗹𝘀 - scammers are getting craftier every day. 7. 𝗪𝗿𝗶𝘁𝗲 𝗗𝗼𝘄𝗻 𝘁𝗵𝗲 𝗥𝘂𝗹𝗲𝘀 - Document everything! 𝗛𝗮𝘃𝗲 𝗰𝗹𝗲𝗮𝗿 𝗽𝗼𝗹𝗶𝗰𝗶𝗲𝘀 𝗳𝗼𝗿 𝗵𝗮𝗻𝗱𝗹𝗶𝗻𝗴 𝗺𝗼𝗻𝗲𝘆 𝗮𝗻𝗱 𝘀𝘁𝗶𝗰𝗸 𝘁𝗼 𝘁𝗵𝗲𝗺. Regular audits aren't fun, but they keep everyone honest. 💡 Pro Tip: Can't afford a full-time Controller to manage all this? That's where a 𝗳𝗿𝗮𝗰𝘁𝗶𝗼𝗻𝗮𝗹 𝗖𝗼𝗻𝘁𝗿𝗼𝗹𝗹𝗲𝗿 like me comes in - you get the expertise without the full-time price tag. Curious about how these could work in your business? Drop your questions below! 👇 ------------- I'm Melissa Armstrong, CPA* and founder of 𝗖𝗮𝗽𝗶𝘁𝗮𝗹𝗶𝘇𝗲𝗱 𝗖𝗼𝗻𝘀𝘂𝗹𝘁𝗶𝗻𝗴, 𝗟𝗟𝗖. Accounting powerhouse, 𝗳𝗿𝗮𝗰𝘁𝗶𝗼𝗻𝗮𝗹 𝗰𝗼𝗻𝘁𝗿𝗼𝗹𝗹𝗲𝗿, and proactive problem-solver. *𝗡𝗼𝗽𝗲𝗅 𝗜 𝗱𝗼𝗻'𝘁 𝗱𝗼 𝘁𝗮𝘅𝗅

PREVENTING $ THEFT - A QUICK GUIDE FOR ACCOUNT ISSUERS Something that still shocks me: most bank accounts in the US have zero protection against an external party stealing money from them. It’s not about hackers who steal your password, then your $. It’s anyone who has your account number (!). Imagine this in Venmo- anyone who had your username could simply pull money from you 🤔 If you’re a bank, fintech company, software company - ANY company that creates account numbers for customers - you must be aware of this risk. It affects your liability, dispute outcomes, fraud levels, and customer experience. WHY IS IT SO COMMON? Because of 3 design elements in the US banking system: 1. To pull and steal money from ANY bank account, all you need is the account # and routing #. This isn’t a bug, it’s a feature. It’s how money moves on checks and bank transfers (ACH debits). 2. Anyone must give their account # and routing # to others who want to send them $ or bill them. So account numbers are EVERYWHERE. They’re even printed on the checks you give others. 3. Hard + unregulated. There are little / no legal requirements for account issuers to block debits, and good solutions require design & engineering across the stack (infrastructure, UX). If you create accounts, your exposure is HIGH. Even if you secure account numbers perfectly. The reason: account numbers are everywhere, and they leak. There are big incidents, like the 2024 Evolve hack that exposed the details of millions of accounts, including ALL accounts on Stripe Treasury. There are micro leaks, maybe from a business that sent money to your customer once. And the most fun: sometimes hackers will try to just guess an account #. PROACTIVE: AUTOMATICALLY BLOCKING ALL DEBITS + ALLOW LIST The best defense is Positive Pay: https://lnkd.in/ezCJX3bj (As of last week, Positive Pay is a native functionality within Unit! 🌟) How it works: you allow the user to define an “allow list” in the user interface, and you ALWAYS block debits unless they fall within the policy. This means both sender identity (example: “NY state tax”) AND amount (example: <$100,000). It’s always on & applies to all debits: - Depositing a check with this account’s details - Debiting via ACH debit - Debiting via wire drawdown As an alternative, I’ve seen some companies using single-purpose account #, INSTEAD of exposing the details of main accounts. This works too! But it reduces the risk & doesn’t eliminate it fully. REACTIVE: HELPING USERS DISCOVER + STOP UNAUTHORIZED DEBITS Reactive solutions help your users deal with theft after the fact. The most well known one is Stop Payment: https://lnkd.in/edtQVDbr How it works: this is more of a “cancel button” for a specific payment. Think about it simply as the ability to “hit stop” on a SPECIFIC transaction (ACH debit, check). __ The safest approach is to combine PROACTIVE + REACTIVE, but each type of solution would work by itself.

In 1995, one man - Nick Leeson - brought down the UK’s oldest merchant bank. He was a 28-year-old trader in Singapore. Took massive speculative bets on futures. And he also handled his own back-office reporting. No segregation of duties. No checks. No reconciliations. By the time anyone in London noticed the hole, Barings had lost £827 million - 2x its available capital. Led to.. An overnight bankruptcy. A 233-year-old bank erased. A global audit reform movement Why does this story matter in 2025? Because I still see early-stage companies where: - The same team raises invoices, collects payments, and closes books - Platform fees, returns, and payouts are never reconciled line-by-line - Fraud gets flagged not in MIS, but when a payment bounces Reconciliation is not a luxury. It’s the first firewall. It protects you from: Platform leakage (especially with Amazon/Flipkart commissions and returns). Vendor overpayments. Cashflow mismatches. And yes, employee-led fraud. Your finance stack should match your growth ambition. That means: → Maker-checker controls → Platform-level reconciliation → Access controls in your accounting tools → Real-time cash visibility and audit readiness If you’re not sure your finance backend is leakproof, happy to stress-test it with you. FAB MAVEN

🔐 Security Change Broke Access in Dynamics 365 F&O? Here’s How to Safely Roll Back Security roles and permissions in Dynamics 365 Finance & Operations evolve constantly. A small modification to duties or privileges can sometimes create unexpected problems. Typical examples: • Users suddenly lose access • Critical processes stop working • Segregation of Duties (SoD) controls are unintentionally violated When this happens in production, organizations need a safe way to revert changes quickly. 🎯 The Governance Challenge Without proper version tracking: • Security changes are difficult to trace • Troubleshooting becomes slow and manual • Restoring previous configurations is risky • Audit confidence decreases Security governance requires controlled change management, not reactive fixes. ✅ The Solution: Security Version Management Dynamics 365 Finance & Operations includes Security Version Management, which allows administrators to manage security configurations through versions. With this feature you can: • Capture snapshots of roles, duties, and privileges • Compare current configurations with earlier versions • Restore previous versions when changes break functionality This creates a structured lifecycle for security configuration. 🛠 Practical Execution 1️⃣ Navigate to System administration → Security → Security governance → Security versions 2️⃣ Create a security version snapshot before making changes 3️⃣ Compare configurations to review differences 4️⃣ Restore the previous version if issues appear 💡 Business Impact ✔ Faster recovery from security misconfigurations ✔ Safer customization during implementations and upgrades ✔ Stronger Segregation of Duties governance ✔ Improved audit traceability ✔ Reduced production risk 🧠 Consultant Insight Security architecture is not only about designing roles — it is about managing how those roles evolve. Version management allows organizations to treat security configuration with the same discipline as application deployments. I help organizations design license-aware, audit-ready, and risk-controlled Dynamics 365 F&O security architectures across Finance and Supply Chain environments. #MiddleEast #GCC #ERP #MicrosoftDynamics365 #D365FO #BusinessApplications #EnterpriseTechnology #SecurityGovernance #SegregationOfDuties

One of our clients lost $50,000 in a single transaction. Fraudulent ACH transfer. That wasn't the only one. We logged 18 security incidents across our clients in four months. Email spoofing. Check fraud. Phishing calls. Fake invoices. Every single one was a small business or nonprofit. We track every incident in what we call a Code Red Log. Every attempt, every breach, every near miss. Most accounting firms don't do this. We do because you can't have financial strategy without financial protection. Protecting our clients' assets is part of the service. The threat has changed. Deepfake voice cloning, spoofed emails, AI-generated invoices. The old playbook of segregation of duties isn't enough anymore. We're constantly adapting how we protect our clients because the people trying to steal from them are adapting too. Here are what some of these systems look like. Highly recommend you do some version of this for your business if you're not already. • Have two different people approve expenses and record them in the books • Require verbal confirmation before processing any payment. Email approvals aren't enough anymore. With deepfake and email interception, the old ways don't cut it. • Make sure someone besides your bookkeeper reviews the bank account every month • Require a W-9 and a separate approval process for every new vendor. Your bookkeeper should never be able to set up a new vendor alone. • Get your financial process documented so it doesn't depend on one person None of this is glamorous. But it's the stuff that keeps your business standing when something goes wrong. And something will go wrong. #ProtectYourAssets #AIOASoul #FinancialClarity #EntrepreneurshipAndGrowth

→ What if your financial data isn’t as safe as you think? Financial Cyber Security is no longer just an IT concern - it’s a critical business imperative. The stakes are immense, and the threats are evolving fast. • → Data Protection is your first fortress:  • Encryption safeguards your data in transit and at rest.  • Data masking shields sensitive info during processing. • → Transaction Security must be bulletproof:  • Secure payment gateways block fraud and unauthorized access.  • Fraud detection tools act like vigilant guards. • → Access Control can’t be overlooked:  • Multi-factor authentication ensures only authorized eyes see your data.  • Role-based access limits exposure to what’s strictly necessary. • → Network Security is your shield:  • Firewalls and IDS detect and block intruders.  • Secure connections like VPNs and SSL/TLS protect data flow. • → Regulatory Compliance is your legal backbone:  • Meeting PCI-DSS, GDPR and others isn’t optional, it’s mandatory.  • Regular audits keep you honest and ahead of threats. • → Incident Response turns crisis into control:  • A well-planned response minimizes damage.  • Forensics pinpoint root causes and prevent repeats. • → Employee Training turns your team into defenders:  • Awareness and best practices close common security gaps. • → Technology & Tools keep you current:  • Anti-malware solutions and timely patches stay ahead of attackers. Cyber attacks don’t announce their arrival. They exploit weak spots you didn’t even know existed. Your financial organization’s security is a complex puzzle. Missing one piece invites disaster.

IT General Controls (ITGC) Checklist Financial data's accuracy and reliability depend on the robustness of systems and data controls. These controls may fall under the jurisdiction of IT. However, ensuring these controls are implemented and monitored should be the paramount priority of the finance leaders. Specifically, the head of accounting must work closely with the head of IT to ensure the security of systems and data. Security, reliability, and accuracy of financial data is your responsibility. You need to take charge of the process. Please review this checklist with your IT department to ensure your financial data is secure and reliable. This is what you need to ensure: 1- Access Controls - the accounting system is capable of role-based controls. 2- Change Management - system changes are logged, monitored, and reviewed. 3- Backup & Recovery - disaster recovery policies and processes are in place to backup and restore data. 4- Incident Management - security breach incidents are monitored and addressed promptly. 5- Network Security - intrusions are detected and dealt with without losing or impacting financial data. 6- Data Privacy - sensitive data is encrypted in transit and stored. 7- Monitoring & Logging - the logging mechanism is implemented and reviewed to detect security incidents. 8- Vendor Management - when contracting with vendors for cloud-based services, ensure they comply with the company's internal security protocol. 9- Compliance & Audit - third-party monitoring and assurance are paramount to ensuring a regular review of the controls. Abdul Khaliq

Accountancy businesses are being targeted by cyber criminals. 🎯 We're hearing of a lot of activity surrounding accountancy firms being either successfully breached or targeted heavily by attackers. ⛓️💥 Here's why: Accountants have lots of access to financial data for lots of businesses. 📊 Both sales and purchase invoices, personal banking information for payroll, tax information for HMRC. All of which can be used for extremely targeted attacks on other businesses and individuals. I'd encourage all businesses to do more due diligence on the accountants you're using as some of our clients have been impacted by the knock on effect of their accountants being compromised. 🧐 Ask your accountants whether they have Cyber Essentials Plus and ISO 27001 which helps to demonstrate a higher level of maturity when it comes to cyber security defense. If they don't, check they're working towards these standards and as a bear minimum that they: ✅ Have MFA enabled on all access to online accounts. ✅ Provide regular, audited cyber awareness training to all staff. ✅ Perform regular vulnerability testing (or better still pen testing) on their systems. ✅ Utilise a dedicated and secure password manager for all employees. ✅ Perform backups of all systems and data, including Microsoft 365. ✅ Have an incident response plan in place. At Reformed IT, we can provide due diligence services for your supply chain to ensure that you're not being put at risk by a third-party provider, such as your accountants. Have you had an experience of an accountancy firm being attacked and if so, has it had an impact on your business too?

How to Mitigate the Impact of Cyber Security Incidents on Financial Reporting ⬇ ➡ Effective access control measures are crucial for protecting and maintaining the integrity of financial reporting data. By implementing strong access controls, you can limit access to sensitive financial information and prevent unauthorized users from manipulating financial transactions and reports. ➡ Strong access control measures include a range of strategies, like policy-based access controls, least privilege principles, control monitoring, and segregation of duties. ➡ Policy-based access controls assign specific access privileges based on roles and other defined attributes. This ensures employees only have access to the information needed to perform their job functions, reducing the risk of unauthorized access or data breaches. ➡ Implementing least privilege principles ensures users are granted minimum access required to fulfill their duties, minimizing the potential for insider threats or malicious activities. ➡ SoD is another critical access control component, particularly in transactional systems like ERP. By separating conflicting duties and responsibilities, you can prevent fraud and errors by ensuring that no single individual has complete control over key financial activities. ➡ For example, separating the roles of initiating, approving, and recording transactions can help maintain accountability and transparency in financial reporting. ➡ CCM is essential for detecting and preventing control violations. By leveraging automated monitoring solutions and analytics, you can monitor access, detect violations, and respond quickly to potential security incidents. Continuous monitoring enables you to proactively identify and address internal control weaknesses before they escalate. ➡ Integrating access control measures with comprehensive cybersecurity frameworks can give you a holistic approach to managing cybersecurity risks and protecting financial reporting data. ➡ Strong access control measures and continuous monitoring are crucial in a comprehensive cybersecurity strategy that protects and maintains financial reporting data. By implementing robust access controls, organizations can limit access to sensitive information, prevent unauthorized activities, and safeguard the integrity of financial reports. ➡ Additionally, continuous monitoring allows organizations to detect and respond to security threats in real time, minimizing the risk of data breaches and ensuring compliance with regulatory requirements. #accesscontrols #segregationofduties #accessgovernance

>>> SOX Compliance Requirements >🔐 Data Security ●Implement robust access restrictions for financial systems and information. ●Utilize encryption to safeguard sensitive data during transmission and storage. ●Maintain comprehensive audit logs to monitor data access and modifications. >🕒 Timely Recordkeeping ●Apply timestamps to all significant financial transactions and documentation. ●Ensure records are precise, consistent, and reflect actual financial events. >✅ Control Verification ●Use access logs to monitor user actions and identify irregularities. ●Separate responsibilities to reduce the risk of unauthorized control. ●Assign system access based on user roles to minimize exposure to sensitive data. >🧾 Auditor Assurance ●Conduct regular evaluations of internal controls to verify their effectiveness. ●Keep thorough documentation of testing procedures and outcomes for audit purposes. ●Transparently report any control deficiencies or vulnerabilities. >📊 Financial Reporting ●Include internal control summaries in annual financial disclosures. ●Present management’s evaluation of financial reporting and control systems. ●Secure independent auditor r eviews and attestations of internal controls. >🚨 Breach Management ●Continuously monitor IT infrastructure for signs of security threats. ●Develop and maintain an incident response strategy to manage breaches. ●Educate staff on cybersecurity protocols and response procedures. >📣 Incident Disclosure ●Notify auditors and relevant stakeholders of any security incidents. ●Conduct thorough investigations and implement corrective measures. ●Establish safeguards to prevent similar future occurrences. >>These principles are designed to uphold the integrity, transparency, and security of financial data in accordance with the Sarbanes-Oxley Act. More related topics coming your way tomorrow! #Staytunedformore #Learnandgrow