Dynamics 365 Governance, Risk, and Compliance (GRC)

18 Members

Join now

Sign in with your Dynamics 365 Community account

If you don’t have a Community account, you can create one.

Share group

Location

United States

Details

Welcome to the National Dynamics 365 Governance, Risk, Compliance (GRC), and Security User Group! This is a dedicated community of Microsoft Dynamics 365 users, enthusiasts, and experts who share a passion for Governance, Risk, Compliance, Security, and Sarbanes-Oxley (SOX) compliance within the Dynamics 365 ecosystem.

Our mission is to foster collaboration and innovation within the community, enabling the delivery of secure, compliant, and SOX-adherent ERP solutions.

Group leaders

Dogan Adiyaman

Topics

Supply chain | Supply Chain Management, Commerce, Finance | Project Operations, Human Resources, AX, GP, SL

Discussion

Join the group to participate in the discussion.

Simon Barrett 287 on 20 Feb 2025 15:28:30

Like (0)

Hello, are any of these events recorded and available? Specifically: Segregation Of Duties (SOD) Risk Analysis in Dynamics 365 Finance And Operations

Show previous comments

Dogan Adiyaman 688 User Group Leader on 4 Jan 2025 02:17:06

Like (0)

Audit Workbench in Dynamics 365 Finance and Operations

The Audit Workbench in Dynamics 365 Finance and Operations is a practical solution for managing audit activities with efficiency and precision. It supports organizations in identifying, reviewing, and resolving transactional exceptions by automating processes and providing a structured approach to compliance.

The tool’s flexibility lies in its ability to configure audit policies tailored to specific requirements. These policies can be applied to document types such as expense reports, vendor invoices, or purchase orders. With various query types available—such as Conditional, Aggregate, Sampling, Duplicate, List Search, and Keyword Search—users can define clear criteria to monitor and flag anomalies. For instance, a Conditional query may flag transactions exceeding a specified threshold without proper approval, while a Duplicate query can detect invoices with the same number and amount to prevent errors or potential fraud.

The Audit Workbench facilitates a clear and systematic process, beginning with the creation of audit policies and the monitoring of transactional data. Exceptions are flagged when transactions deviate from established rules and are automatically converted into audit cases. These cases are then assigned to responsible individuals for investigation. The Associations tab provides direct links to the source documents, allowing auditors to efficiently navigate and analyze the flagged transactions.

Once assigned, the auditor reviews the flagged cases in detail, updates the status to reflect progress, and documents findings in a case log. If further explanation or evidence is required, supporting documentation such as knowledge articles can be attached directly to the case. This ensures that all actions and decisions are traceable, providing a complete audit trail. Upon completing the review and resolution of issues, the case is closed to finalize the process.

By automating the identification and assignment of anomalies, the Audit Workbench enables teams to focus their efforts on resolving critical exceptions rather than manually reviewing entire datasets. Its features also support compliance efforts by providing transparency, improving accountability, and enabling the tracking of resolutions. This makes the tool particularly valuable in scenarios where regulatory compliance, such as SOX, is a priority.

The Audit Workbench is an effective tool for organizations looking to strengthen their internal controls and ensure a reliable review process for transactional data. By implementing its features, teams can maintain operational accuracy, monitor compliance, and address potential risks with confidence.

Show previous comments

Dogan Adiyaman 688 User Group Leader on 15 Dec 2024 04:34:31

Like (0)

Securing Dynamics 365 F&O with Azure Active Directory Group Management

Introduction

Microsoft Active Directory (AD) Security Groups are a long-established feature in Microsoft’s identity management framework, designed to centralize the management of users, roles, and organizational assignments. By assigning users to specific AD security groups, administrators can map those groups to corresponding roles or permissions within Dynamics 365 Finance and Operations (D365 F&O). This ensures consistent access control across the organization, reducing the manual effort of managing individual user permissions.

A key benefit of AD Security Groups in D365 F&O is Just-in-Time (JIT) provisioning. JIT allows new users to be automatically created and assigned appropriate roles based on their AD group membership when they first sign into the system. This simplifies onboarding and ensures that access is aligned with their organizational role from the start.

While AD Security Groups are a valuable tool, they are considered a legacy option compared to modern identity management solutions like Azure Active Directory (Azure AD). Azure AD offers enhanced features, such as conditional access and multi-factor authentication, which provide more robust security options. However, organizations with existing AD infrastructure can still leverage AD Security Groups for efficient role-based access control in their D365 environments.

The purpose of AD security groups is to streamline access control within a network by allowing administrators to assign rights and permissions to multiple users simultaneously. This method ensures uniform access to resources such as files, folders, and applications. For example, an AD security group for a department like "Finance" can be assigned specific permissions, and all members of that group will inherit the same access rights, simplifying permission management.

Over time, security groups also make it easy to manage changing user roles or onboarding new users. By adding or removing users from a group, administrators can adjust permissions without needing to update each user individually. This helps maintain security, reduces errors, and ensures compliance with regulatory standards.

Administrators can utilize Azure Active Directory (Azure AD) groups to efficiently control user permissions within Dynamics 365 Finance and Operations (D365FO). This guide outlines the process for configuring and managing access in D365FO. It’s important to note that the configuration of Azure AD itself falls under the purview of the IT department.

Enable the Active Directory security groups feature

To enable the feature, go to System administration > Setup > License configuration. You can find the Microsoft Entra ID (Active Directory) security group configuration key in the Administration folder.

Configuration keys can be edited only in maintenance mode.

Note: Microsoft Entra ID is the new name for Azure AD in November 2023. The names Azure Active Directory, Azure AD, and AAD are replaced with Microsoft Entra ID.

Microsoft Entra is the name for the product family of identity and network access solutions.
Microsoft Entra ID is one of the products within that family.
Acronym usage isn't encouraged, but if you must replace AAD with an acronym due to space limitations, use ME-ID.

Setup Active Directory security groups

The next step is to create Azure Active Directory groups and assign members to them. This can be done in the Microsoft 365 admin center, the Office 365 admin center, or the Azure portal.

Import Active Directory security groups
After the feature is enabled, a new Groups page is available at System administration > Users > Groups.

Once the group structure and memberships are ready, proceed with the configuration in Microsoft Dynamics 365. Go to System administration > Users > Groups.

To start to import Azure Directory security groups, select Import groups, and then select the groups to import.

The ID field requires custom input.

After the import is completed, you can maintain role and organization assignments on the Groups page. The process resembles the process that's used on the Users page.

Assign D365FO security roles to Active Directory Groups

Next is to assign security roles to the AD groups in D365FO. Users who are members of the Azure Active Directory (AD) groups will inherit the assigned security roles.

Roles are not directly assigned to the individual users, roles are assigned to AD security groups.
A user can belong to multiple groups, and in such cases, they will receive cumulative access across all their group memberships.

Managing users in Dynamics 365 Finance and Operations

If security is set up through AD groups, SOD risk analysis will not work. The solution is to assign security roles directly to users as usual.

If workflows include security roles in their setup, they will not function properly either. The solution is to assign security roles directly to users as usual.

User can have AD security group and security role direct assignment at the same time. In this case, user will grant access to all permissions cumulatively.

Show previous comments

Dogan Adiyaman 688 User Group Leader on 26 Nov 2024 23:07:59

Like (0)

SEGREGATION OF DUTIES (SOD) RISK ANALYSIS IN DYNAMICS 365 FINANCE AND OPERATIONS (D365FO)

In today’s business landscape, ensuring compliance and safeguarding financial systems against fraud and errors are critical for organizations. One of the key practices to achieve this is implementing Segregation of Duties (SOD)—a control measure that prevents a single individual from managing multiple critical tasks within a business process. Dynamics 365 Finance and Operations (D365FO) provides a tool to help organizations analyze and manage SOD risks effectively. By leveraging its built-in security framework, role-based access controls, and analytical capabilities, businesses can identify potential conflicts and enforce appropriate control measures to maintain compliance.

Solution Components for SOD in Dynamics 365 Finance and Operations (D365FO)

In Dynamics 365 Finance and Operations (D365FO), Segregation of Duties (SOD) revolves around managing duties—a fundamental concept within the security framework. Duties represent a collection of related privileges that define what a user can do within the system, ensuring their access aligns with their responsibilities. Here are the key solution components that support SOD in D365FO:

Security Roles, duties and privileges

Roles are assigned to users, directly linking them to duties and privileges.
SOD is managed by ensuring that roles do not encompass conflicting duties.

Segregation of Duties Rules

D365FO includes a framework for defining and enforcing SOD rules. These rules specify which combinations of duties are considered incompatible and must not be assigned to the same user. Conflict Example: A user assigned to both "Maintain Vendor Invoices" and "Approve Vendor Invoices" duties creates a risk of unauthorized transactions. The list of these conflicts forms Segregation of Duties (SOD) Framework. It's also known as SOD ruleset.

SOD Violations Detection and Analysis

Administrators can run diagnostics to identify violations to support compliance with regulatory standards such as SOX. D365FO provides configuration options to address identified conflicts, such as reassigning duties or splitting responsibilities across multiple users.

Mitigation / Remediation Tools: Workflows and ITACs

SOD enforcement is closely tied to workflows in D365FO. Approvals and reviews are built into workflows, ensuring that no single individual has control over critical processes.

By leveraging these components, D365FO allows organizations to establish a secure environment that supports operational efficiency while maintaining compliance with internal and external regulations. The next section will delve into the process of configuring these components for effective SOD risk analysis. ITACs are not separate concepts but complementary mechanisms that enforce Segregation of Duties (SOD) and other security principles in Dynamics 365 Finance and Operations (D365FO). While workflows focus on approvals, ITACs enforce transactional integrity.

Show previous comments

Dogan Adiyaman 688 User Group Leader on 18 Nov 2024 15:07:23

Like (0)

Revenue Recognition and SOX Reporting in Dynamics 365 Finance and Operations

UNDERSTANDING REVENUE RECOGNITION IN FINANCIAL REPORTING

Revenue recognition is a fundamental aspect of financial reporting, directly influencing a company's ability to present accurate financial statements. When combined with the regulatory requirements of SOX (Sarbanes-Oxley Act) compliance, the process of recognizing revenue becomes even more critical. For organizations using Dynamics 365 Finance and Operations (D365FO), there are several built-in functionalities designed to streamline revenue recognition and enhance compliance efforts. In this post, we’ll explore the importance of revenue recognition and how D365FO can help support SOX reporting requirements.

Revenue recognition involves recording revenue when it is earned, not necessarily when payment is received. Standards like IFRS 15 and ASC 606 set the guidelines for this process, requiring companies to follow a structured approach to ensure accuracy and consistency. The key steps include:

Identifying the contract and performance obligations
Determining the transaction price
Allocating the transaction price to performance obligations
Recognizing revenue upon satisfaction of obligations

In D365FO, the Subscription Billing module provides specialized tools that align with these standards. These features are designed to automate and manage complex revenue recognition processes, ensuring compliance and reducing the risk of manual errors.

IMPLICATIONS OF INCORRECT REVENUE RECOGNITION ON SOX REPORTING

The consequences of incorrect or premature revenue recognition can be severe, impacting both financial results and regulatory compliance. Common pitfalls include:

Overstating Revenue: This can occur if revenue is recognized before it is actually earned. Overstated revenue inflates financial performance, misleading investors and potentially resulting in restatements.
Understating Revenue: Conversely, delaying revenue recognition can understate performance, potentially affecting investor confidence and decision-making.
Inadequate Disclosures: SOX requires transparent financial reporting, including proper disclosures about revenue recognition policies. Inadequate disclosures can lead to compliance issues and potential fines.

To avoid these pitfalls, companies must integrate their revenue recognition processes with SOX controls, ensuring that every revenue entry is scrutinized, well-documented, and aligned with both accounting standards and internal policies.

In summary, effective revenue recognition is critical for accurate financial reporting and SOX compliance, especially for companies using Dynamics 365 Finance and Operations. By leveraging the capabilities of the Subscription Billing module, organizations can automate and streamline their revenue recognition processes, reducing the risk of errors and ensuring adherence to IFRS 15 and ASC 606 standards. With robust integration of SOX controls, businesses can confidently present their financial performance while maintaining compliance, thereby enhancing transparency and investor trust.

Show previous comments

Group leaders

Dogan Adiyaman

Leader

Members

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Upcoming

Past

21 Jan 2025 09:00 AM Central America Standard Time

Segregation Of Duties (SOD) Risk Analysis in Dynamics 365 Finance And Operations

Host group Dynamics 365 Governance, Risk, and Compliance (GRC)

DOGAN ADIYAMAN

Online

View details

Community site session details

Dynamics 365 Governance, Risk, and Compliance (GRC)

Sign in with your Dynamics 365 Community account

Discussion

Audit Workbench in Dynamics 365 Finance and Operations

Revenue Recognition and SOX Reporting in Dynamics 365 Finance and Operations

Group leaders

Members

Upcoming

Past

Segregation Of Duties (SOD) Risk Analysis in Dynamics 365 Finance And Operations