Step-by-step guide
Controls, security, and audit readiness
Implement technical and operational controls that protect financial data and support external audits.
How to do this in CashyNest
Apply security and control features already in CashyNest so approvals, user access, and change evidence are audit-ready.
Identity and role control
Menu path: Sidebar > Settings > Team Users and Sidebar > Settings > Security
Route:/:organizationId/settings/team, /:organizationId/profile
- Review user roles and remove stale accounts regularly.
- Enable and verify MFA flows from Security for privileged users.
- Use role boundaries to separate maker vs approver responsibilities.
Expected result: Access is least-privilege and sensitive actions are protected.
Approval enforcement
Menu path: Sidebar > Settings > Approval Flow
Route:/:organizationId/settings/approvals
- Set primary/final approvers for invoice and bill workflows.
- Align approval thresholds with policy and transaction risk.
- Test approval queue behavior using sample documents.
Expected result: High-impact financial documents cannot bypass defined approvers.
Audit evidence through reports
Menu path: Sidebar > Reports > Reports Library and Accounting views
Route:/:organizationId/reports/general-ledger, /:organizationId/reports/trial-balance, /:organizationId/accounting/transactions
- Use General Ledger and Trial Balance for posted movement evidence.
- Review accounting transactions with references for unusual entries.
- Export reports and preserve monthly evidence packs.
Expected result: Audit requests can be answered quickly with system-generated evidence.
Outcome to achieve
- Protect sensitive accounting data with role-based access and strong authentication.
- Maintain complete audit trails for master data and transaction changes.
- Prepare evidence packages continuously instead of only at audit time.
Step-by-step setup
Harden identity and access
Enforce least-privilege role design and multi-factor authentication for all users.
- Review user access monthly and remove stale accounts.
- Separate maker and approver permissions for critical workflows.
- Restrict financial setup changes to designated admins.
Enable change traceability
Capture who changed what, when, and why across transactions and configuration.
- Enable immutable logs for approvals and edits.
- Require reason codes for reversals and backdated adjustments.
- Use prior-period adjustment journals for corrections after audit sign-off.
- Retain attachments and approvals with each document.
Control data integrity
Use validation and period locks to prevent inaccurate or unauthorized postings.
- Set mandatory fields for critical transaction types.
- Lock closed periods with Year-End Close and monitor reopen attempts.
- Alert on unusual journals, round amounts, and weekend postings.
Prepare audit evidence continuously
Maintain ready-to-share packs of reconciliations, approvals, and policy documentation.
- Store monthly reconciliation packs in structured folders.
- Publish SOPs for all key accounting workflows.
- Run quarterly mock audits to find gaps early.
Best practices
- Treat access review and segregation of duties as monthly tasks.
- Automate exception alerts for policy violations.
- Use checklist-driven sign-offs for all control activities.
- Keep support conversations in the in-app inbox so issue resolution and email follow-ups stay traceable.
Common mistakes to avoid
- Shared user accounts for finance operations.
- Editing historical transactions without formal approvals.
- Keeping critical evidence in private spreadsheets or chat threads.
- Leaving support resolutions only in email when a workspace audit trail is needed.
Reports to watch
- User Access and Permission Report: validate least privilege.
- Audit Trail and Change Log: verify traceability for auditors.
- Control Exception Register: monitor recurring policy breaches.