RE: User Role for External Auditor
I’m not sure I would give an external auditor access to NetSuite, unless they absolutely had to have to have it for some reason. I would simply provide the reports they asked for in the PBC list, rather than potentially giving them the ability to poke around willy-nilly. IME, most auditors aren’t super familiar with navigating around all the different accounting systems, so they’d rather have the reports spoon-fed to them anyway. If I did give the auditors access, I certainly would not just plop them in a standard role and assume that they had the right permissions. I would sit down with my controller (or whoever is the audit lead) and very clearly define exactly what they needed access to with regards to transactions and reports, and build something special just for them. Perhaps I’m overly cautious, but I’ve worked on both sides (as an internal auditor and as the NS admin supporting audits) and it seems to me that everyone is happier when you provide exactly what is requested and nothing more. And that your CFO is really unhappy when auditors start asking questions about stuff they didn’t even request.