Giving Auditors Access in Sage Intacct
Article by: Esther Goodstein, NFP Division Manager
Let’s talk about audit prep within Sage Intacct. The focus of this blog is about how to give auditors access to your system to make the audit smoother and more efficient to save your team time.
Now when I give clients the option to be able to let auditors in the system, I usually get one of two responses: one being, “Oh great! I can give them access to my system. That'll save us time and they can pull their own documentation.” The other response being, “Oh no, I don't want auditors in my system. I only want them to get what has been asked for.”
Both responses are understandable.
I want to show you how you can give the auditors access to your system but also restrict what they are able to see as to gather only the data that they've asked for. And so to do that, let’s dive into the system.
How to Set Up an Auditor User in Sage Intacct
I'm going to show you how to create a user as an admin, and then what that's going to look like from the auditor's side. Make sure you are logged in as an admin within the system, because they're the only ones who are going to have access to this user's list in order to create the audit user.
Navigate to Applications > Company > Users > Add
To create your auditor user from scratch click add. The user ID should be generic because once you create the user, you can not change the ID. Therefore we recommend the user ID be named “auditor” to avoid needing to recreate this user ID for individual auditors in the future.
For the name section, you can enter the auditor’s information or use the CPA firm's name.
The email address can be a generic email address, or the senior auditor’s on the job.
NOTE: If this changes from year to year, you're going to want to make sure you change it on the user page and also in the contact information. if you don't, it will give you an error message when you try to save the user information.
Click the Down Arrow next to Contact Name, Click View, and Update the Contact Information Section
The other important thing about having an audit user in your system is making sure that you select “employee” as the user type in the next section.
In order to do this you will need to have an extra employee user type. These users come in 10 packs, so if you have a 10 pack and aren't using all 10, you already have one available. If you're not sure if you have one available, or if you think you might need extra employee users, contact your account manager and they can help you.
Employee users automatically place access restrictions in the system and they are cheaper than a business user. Admin privileges should be turned off.And lastly make sure the status is set to active.
User Type set to Employee, Admin Privileges are Off and Status is set to Active
If this is a user ID you're using from year to year, you may inactivate or lock out the user in between audits. Then you can come back into the User Information and set the status back to active.
If the existing auditor forgets their password, or a new auditor is assigned, you can click the reset password button at the bottom of this page.The other important thing to note - the roles information. I recommend creating a specific role just for your auditor. This way you'll have a lot of control over how locked down you want this role to be.
For our auditor, we want to make sure that they can see the dashboards, the attachments, and the memorized reports on the dashboards.
We have included Company, General Ledger, Cash Management, Projects or Grants. Under further permissions, we have Programs (view), Entities (view), Inter-entity account mapping (view), Fund Groups (view), Restriction (view), Restriction Groups (view), Employees (view), Employee Groups (view), reporting periods (view), Attachments (view), Memorized reports (list), Memorized Report groups (view), Transaction Allocations (view), and Dashboard (view).
Roles Subscriptions and Company Permissions
With each selected subscription you may click “permissions” and give them as much access or as little access as you want. Save your changes and this will be your auditor user specific permissions.
Now we are going to log in as the auditor, so you can see what kind of access they have once given their user ID.
Under applications, it should reflect less access in the system and even though “general ledger” is listed, there should be no ability to access journal entries. There is also no access to the “Reports”.
Applications from the auditor view
They will have access to the auditor dashboard that was created for the auditor. This dashboard should include all of the information asked for as part of this audit including board minutes, policy procedures, or even a list of federal grants along with their current year expenditures to start doing compliance work.
This is an easy way to give your auditor access to the information you've asked for without letting them have full run of the system.
About the author
Esther primarily serves our nonprofit clients with implementation and support on Sage Intacct. Equipped with an in-depth understanding of the accounting process across different industries, Esther serves as a wealth of knowledge for best practices and efficient processes. She has nearly 6 years of experience in public accounting as a financial statement auditor.
Esther Goodstein, NFP Division Manager