Frequently Asked Audit Questions
(Copyright 2022 Linc Communications (Pty) Ltd.)
Background and introduction
For many of Linc’s Business Central clients, during their annual financial audit, the audit firms typically require the completion of a questionnaire pertaining to various aspects of the system, such as user access, change control, user activity logging, manual and automatic journal auditing, backup and restore procedures and general system information.
Historically, Linc had been requested to complete these questionnaires on a per request basis, often repeating previously provided information either for the same client, or for a different client, but for the same audit firm. In the case of many of the questions and information required, the client is the actual responsible party, but Linc is nevertheless requested to provide the information and have always complied.
For the sake of clarity, for the sake of assuming the appropriate responsibilities, for the sake of efficiency and for the sake of expediency, Linc has collated all the questions from a number of clients and audit firms and compiled this document to answer it broadly and generically.
Linc will henceforth not be attending to specific audit questionnaires. In the answers provided below, where specific information can only be obtained by request to Linc, mention is made of the fact that this information needs to be requested from Linc by the client, using the normal support desk / help desk channels, and in all such cases, Linc will endeavour to respond within a week, since most of the information requires a dedicated resource to compile the information, have it approved internally in Linc and then revert to the help desk request.
How to read these questions and answers
Categories
The questions are grouped into categories (areas of audit interest about the system):
- System information
- Access to programs and data
- Program changes to the application/system
- System reports
- Journal entries
- Backup management
Answers by hosting type
Answers are provided for 3 different types of hosting of the system:
- Private hosting
- Linc multi-tenant hosting
- Microsoft SaaS cloud hosting
Private hosting
Private hosting means the system is hosted by the client in their own on premise data center, or offsite by themselves, or by a third party hosting provider. In such cases, Linc has no responsibility for the hosting except where explictly listed in the answers below.
Linc hosting
Linc operates a multi-tenant hosted environment where a number of clients access their systems directly from the Linc hosted platform. Linc subcontracts the provisioning, management and adminitration of this hosting environment to a third-party hosting company and the entire solution is hosted in their datacenters. Specific answers below elaborate on this as required.
Microsoft hosting
Microsoft offer the system as a fully SaaS (Software as a Service) offering, where the hosting, management and platform administration under the system is entirely within their responsibility and neither the client nor Linc has any access to or privileges to the hosting platform whatsoever. Specific answers below elaborate on this as required.
How to obtain the answer
To many of the questions below, where further documented evidence is required, the answers have a “How to obtain the answer” section which describes how the client or the audit firm can access the required information themselves from the application frontend or other sources.
The Linc Audit App
To provide even more self-service capability to the client and/or the audit firm, Linc has developed the Linc Audit App which will either already be installed in the client’s application environment, or can be installed upon request (with at least a one week lead time). This app contains various reports/file downloads to provide the required documented data as it pertains to the questions below. To find the various reports/downloads that the Linc Audit App provides, search for “Linc Audit” in the menu and show all results.
Questions and answers
The table below can also be downloaded as an excel file form this link
| Category | Question | Private Answer | Linc Hosted Answer | Cloud Answer | How to obtain the answer | Linc Audit App or Other |
|---|---|---|---|---|---|---|
| SYSTEM INFORMATION | What is the current version number of the system? | See “How to obtain the answer” across | See “How to obtain the answer” across | See “How to obtain the answer” across | Find the “Help and Support” page and see version number under “Troubleshooting” | Linc Audit - System Information |
| SYSTEM INFORMATION | Provide a list of installed extensions apps (extension apps are either generic third party developed apps, or customer specific apps which contain the customisations the client has requested in the system) | See “How to obtain the answer” across | See “How to obtain the answer” across | See “How to obtain the answer” across | A list of installed extension apps can be obtained by finding the “Extension Management” page in the application and filtering for where “Installed” is Yes - this can also be downloaded to Excel from the page | Linc Audit - System Information |
| SYSTEM INFORMATION | Which hosting type is the client on? | From the “Help and Support” page of the application, if under “Report a problem” there is no Azure AD Tenant GUID and Environment information, and if the URL used to access the browser client is not pointed at the “linc.co.za” domain, the client is privately hosted | From the “Help and Support” page of the application, if under “Report a problem” there is no Azure AD Tenant GUID and Environment information, and if the URL used to access the browser client is pointedat the “linc.co.za” domain, the client is hosted by Linc on its multi-tenant hosted environment | From the “Help and Support” page of the application, if under “Report a problem” there is Azure AD Tenant GUID and Environment information, the client is SaaS hosted by Microsoft | See across | Linc Audit - System Information |
| ACCESS TO PROGRAMS AND DATA | Do any of the Client’s and its subsidiaries’ users (All users) have access to the system’s Application? | Access to the front end application is controlled by registering users in the application, granting those users access to all or specific companies, and assigning users specific permission sets (both pre-defined permission sets provided by Microsoft, as well as custom permission sets created by the client’s system administrator). Linc does not act as system administrators for the client and therefore does not control, grant, audit or intervene in the above processes. From time to time, Linc is required to assist the client in the above tasks by providing advice, training or support with trouble-shooting, but the responsibility and therefore the response to this question remains with the client. | Access to the front end application is controlled by registering users in the application, granting those users access to all or specific companies, and assigning users specific permission sets (both pre-defined permission set provided by Microsoft, as well as custom permission sets created by the client’s system administrator). Linc does not act as system administrators for the client and therefore does not control, grant, audit or intervene in the above processes. From time to time, Linc is required to assist the client in the above tasks by providing advice, training or support with trouble-shooting, but the responsibility and therefore response to this question remains with the client. | Access to the front end application is controlled by registering users in the application, granting those users access to all or specific companies, and assigning users specific permission sets (both pre-defined permission set provided by Microsoft, as well as custom permission sets created by the client’s system administrator). Linc does not act as system administrators for the client and therefore does not control, grant, audit or intervene in the above processes. From time to time, Linc is required to assist the client in the above tasks by providing advice, training or support with trouble-shooting, but the responsibility and therefore response to this question remains with the client. | A list of users, their license types, their assigned permission sets and other information can be retrieved from the front-end application by accessing the “Users” page. | Linc Audit - User Information |
| ACCESS TO PROGRAMS AND DATA | Do any of the Client’s and its subsidiaries’ users (All users) have access to the system Database? | By default, direct access to the SQL database that underlies the application, is not granted to front-end users, either implicitly by registering them as front-end users, nor explicitly, by loading them as direct SQL users. Should the client require direct access to the SQL database for maintenance, direct querying or other reporting purposes, Linc assists the client in recommending access levels, but ultimately Linc only provides a support service to the client in this regard and does not act as system administrator nor database administrator. The responsibility and therefore the response to this question remains with the client. | In the Linc Hosted environment, no direct access to the SQL database is granted to end users from any of the hosted clients. In some cases, reporting tools like Jet Reports (an excel base financial report writer) is granted access to the database but via the user’s same front-end application user registration and permission sets as above. | Neither the client’s users, nor Linc itself has access to the database whatsoever, as Microsoft offers the application in a fully SaaS fashion. | For privately hosted clients, the list of database users and their access rights/permissions can be listed by executing an appropriate query against the SQL database - this is outside of the scope of Linc’s support services to the client and would have to be provided by their appointed database administrator. | N/A |
| ACCESS TO PROGRAMS AND DATA | Do any of the Client’s and its subsidiaries’ users (All users) have access to the system’s Servers? | Linc does not perform IT management services to any of its clients and therefore does not have responsibility, control or privileges to server, operating system or network configurations. The client’s appointed or internal IT management personnel will need to provide this information. | In the Linc Hosted environment, no direct access to the various servers that constitute the multi-tenant hosted solution is granted to end users from any of the hosted clients. In some cases, terminal server access is granted to a dedicated “desktop application reporting server” to perform reporting tasks that require direct network linking to the application or database through reporting tools, as well as to provide desktop-like application hosting within the network. | Neither the client’s users, nor Linc itself has access to the servers whatsoever, as Microsoft offers the application in a fully SaaS fashion. | Please refer to client’s appointed IT administrator to obtain this information | N/A |
| ACCESS TO PROGRAMS AND DATA | For all three levels of access above: - how many users have access? - what types of users are they? - what type of access (roles/permissions) is granted? - are accounts or account passwords shared? | For database level: refer to client’s appointed database administrator For application level: refer to client’s appointed system administrator For server level: refer to client’s appoint IT administrator | For database level: see above For application level: refer to client’s appointed system administrator For server level: see above | For database level: see above For application level: refer to client’s appointed system administrator For server level: see above | For all three hosting environments, to obtain the application level users and details, refer client’s system administrator or download the data using the Linc Audit App | Linc Audit - User Information |
| ACCESS TO PROGRAMS AND DATA | Do any of Linc’s users (consultants) have access to the system’s Application? | Yes, this is required to provide support to the client. In some cases a single account is shared amongst Linc consultants, and in some cases specific accounts are provided for each consultant. This is mostly determined by available licenses and client preference. The client’s appointed system administrator can provide this information and is in control of granting or revoking this access and its associated permissions. | Yes, this is required to provide support to the client. In some cases a single account is shared amongst Linc consultants, and in some cases specific accounts are provided for each consultant. This is mostly determined by available licenses and client preference. The client’s appointed system administrator can provide this information and is in control of granting or revoking this access and its associated permissions. | Access to the front end application is controlled by registering users in the application, granting those users access to all or specific companies, and assigning users specific permission sets (both pre-defined permission set provided by Microsoft, as well as custom permission sets created by the client’s system administrator). Linc does not act as system administrators for the client and therefore does not control, grant, audit or intervene in the above processes. From time to time, Linc is required to assist the client in the above tasks by providing advice, training or support with trouble-shooting, but the responsibility and therefore response to this question remains with the client. | See above | Linc Audit - User Information |
| ACCESS TO PROGRAMS AND DATA | Do any of Linc’s users (consultants) have access to the system’s Database? | Yes, this is required to provide support to the client. In some cases a single account is shared amongst Linc consultants, and in some cases specific accounts are provided for each consultant. The client’s appointed database or IT administrator can provide this information and is in control of granting or revoking this access and its associated permissions. | Yes, this is required to provide support to the client. Only Linc’s appointed IT administrators, one database administrator and two directors have this access. | Neither the client’s users, nor Linc itself has access to the database whatsoever, as Microsoft offers the application in a fully SaaS fashion. | See above | N/A |
| ACCESS TO PROGRAMS AND DATA | Do any of Linc’s users (consultants) have access to the system’s Servers? | Yes, this is required to provide support to the client. In some cases a single account is shared amongst Linc consultants, and in some cases specific accounts are provided for each consultant. The client’s appointed IT administrator can provide this information and is in control of granting or revoking this access and its associated permissions. | In the Linc Hosted environment, direct access to the various servers that constitute the multi-tenant hosted solution is granted only to Linc’s appointment IT administrators, one internal server administrator and two directors. | Neither the client’s users, nor Linc itself has access to the servers whatsoever, as Microsoft offers the application in a fully SaaS fashion. | See above | N/A |
| ACCESS TO PROGRAMS AND DATA | Does the system keep audit logs of user activities? | The system has two main front-end functionalities to track user activities: Time Registers and Change Logs. Both of these areas require to be switched on and configured for use by the client or the client’s appointed system administrator before it will log any tracking entries. If either of these functions are properly configured, the detail they provide can be obtained from the client’s appointed system administrator. | The system has two main front-end functionalities to track user activities: Time Registers and Change Logs. Both of these areas require to be switched on and configured for use by the client or the client’s appointed system administrator before it will log any tracking entries. If either of these functions are properly configured, the detail they provide can be obtained from the client’s appointed system administrator. | The system has two main front-end functionalities to track user activities: Time Registers and Change Logs. Both of these areas require to be switched on and configured for use by the client or the client’s appointed system administrator before it will log any tracking entries. If either of these functions are properly configured, the detail they provide can be obtained from the client’s appointed system administrator. | A list of Time Registers can be retrieved from the front-end application by accessing the “User Time Registers” page. A list of change log tracked tables and their change log entries can be retrieved from the front-end application by accessing the “Change Log” related menu items. Alternatively, this information can be downloaded from the Linc Audit App. | Linc Audit - Time Registers Linc Audit - Change Log Setup Linc Audit - Change Log Entries |
| ACCESS TO PROGRAMS AND DATA | Describe the different user account types (Domain, O365, NAVUserPwd) | With private hosted deployments, Office365, Domain and NavUserPwd is supported - see below. | With Linc hosted deployments, both Offcice365 authentication, as well as NavUserPwd is supported - see below. | With cloud deployments, only Office365 authentication is supported - see below. | See user information in the system (can be obtained from client’s appointed system administrator) to determine the authentication type of a users. - If the “Microsoft 365” fields are completed, and “Authentication Status” is “Active”, then the user is authenticated via Office365. - If the above is not completed, or inactive, and “Windows User Name” under “Windows Authentication” is completed, then the user is authenticated via Windows active directory/domain authentication - If neither of the above are completed, and “Password” under “Business Central Password Authentication” is completed, then the user is authenticated via NavUserPwd | Linc Audit - User Information |
| ACCESS TO PROGRAMS AND DATA | Describe what the password settings or standards are (expiry, complexity, etc.) | - Office365 Authentication: see Microsoft documentation, as well as client’s appointed IT administrator for password expiry, complexity, two-factor authentication, etc. - Domain Authentication: see Microsoft documentation, as well as client’s appointed IT administrator for password expiry, complexity, two-factor authentication, etc. - NavUserPwd: The password must consist of 8 or more characters, at least one uppercase letter, one lowercase letter, and one number. Not expiry is possible, and no two factor authentication is possible. The client’s appointed system administrator can reset the password from the front-end, and set it such that the user can specify their own password at next logon | N/A | N/A | ||
| PROGRAM CHANGES TO THE APPLICATION / SYSTEM | Do any client end users have access to the system source code? | - Base (Microsoft) source code: No (but downloadable from Web for reference) - Custom applications: No, only by request from Linc and only for the client’s own customisations | - Base (Microsoft) source code: No (but downloadable from Web for reference) - Custom applications: No, only by request from Linc and only for the client’s own customisations | - Base (Microsoft) source code: No (but downloadable from Web for reference) - Custom applications: No, only by request from Linc and only for the client’s own customisations | N/A | N/A |
| PROGRAM CHANGES TO THE APPLICATION / SYSTEM | Do any of the third party consultants have access to the source code? | Yes, but for custom applications, there are controls in place for compiling and deploying the source code - see below | Yes, but for custom applications, there are controls in place for compiling and deploying the source code - see below | Yes, but for custom applications, there are controls in place for compiling and deploying the source code - see below | N/A | N/A |
| PROGRAM CHANGES TO THE APPLICATION / SYSTEM | What are the controls in place to ensure that only approved changes are made to the source code and specify the level of access rights required to apply changes to source codes | It is not possible to change the source code of the base Microsoft app. All customisation to the system is done by extending the base applications using custom extension apps (see https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-dev-overview). All customisations for the client is done within a specific client app, the source code of which is under the control of Linc. Linc hosts the source code privately on GitHub (GitHub.com). Only Linc internal developers have access to the source code. Changes to the source code is controlled by first logging “issues” (or development tasks) on GitHub, having a detailed specification approved by an architect, then having it assigned to a developer and included in weekly development schedules (sprints). Developers can only work on a branch (copy) of the source code for the specific task, and when done, a pull request is submitted on GitHub to merge the tested changes into the master branch of the source code. The review and final merging of the pull request is controlled by the senior architect (a Director) of Linc. Once merged, Linc uses automated compile and build scripts to compile the latest version of the app, and, in liaison with the client, a deployment slot is agreed during which time the new version of the client’s app is deployed to the production environment. In most cases where new features are introduced, but also during some bug fixes, the app is first deployed to the client’s test environment for verification before final production deployment is scheduled. | It is not possible to change the source code of the base Microsoft app. All customisation to the system is done by extending the base applications using custom extension apps (see https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-dev-overview). All customisations for the client is done within a specific client app, the source code of which is under the control of Linc. Linc hosts the source code privately on GitHub (GitHub.com). Only Linc internal developers have access to the source code. Changes to the source code is controlled by first logging “issues” (or development tasks) on GitHub, having a detailed specification approved by an architect, then having it assigned to a developer and included in weekly development schedules (sprints). Developers can only work on a branch (copy) of the source code for the specific task, and when done, a pull request is submitted on GitHub to merge the tested changes into the master branch of the source code. The review and final merging of the pull request is controlled by the senior architect (a Director) of Linc. Once merged, Linc uses automated compile and build scripts to compile the latest version of the app, and, in liaison with the client, a deployment slot is agreed during which time the new version of the client’s app is deployed to the production environment. In most cases where new features are introduced, but also during some bug fixes, the app is first deployed to the client’s test environment for verification before final production deployment is scheduled. | It is not possible to change the source code of the base Microsoft app. All customisation to the system is done by extending the base applications using custom extension apps (see https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-dev-overview). All customisations for the client is done within a specific client app, the source code of which is under the control of Linc. Linc hosts the source code privately on GitHub (GitHub.com). Only Linc internal developers have access to the source code. Changes to the source code is controlled by first logging “issues” (or development tasks) on GitHub, having a detailed specification approved by an architect, then having it assigned to a developer and included in weekly development schedules (sprints). Developers can only work on a branch (copy) of the source code for the specific task, and when done, a pull request is submitted on GitHub to merge the tested changes into the master branch of the source code. The review and final merging of the pull request is controlled by the senior architect (a Director) of Linc. Once merged, Linc uses automated compile and build scripts to compile the latest version of the app, and, in liaison with the client, a deployment slot is agreed during which time the new version of the client’s app is deployed to the production environment. In most cases where new features are introduced, but also during some bug fixes, the app is first deployed to the client’s test environment for verification before final production deployment is scheduled. | N/A | N/A |
| PROGRAM CHANGES TO THE APPLICATION / SYSTEM | How is the source code migrated into environments? Is it automated or manual process? If automated, please provide the details related to the system/tool used to support it and how this process occurs | See above | See above | See above | N/A | N/A |
| PROGRAM CHANGES TO THE APPLICATION / SYSTEM | Is the source code compiled? If yes, in what environment does the build/compilation process occur? | See above | See above | See above | N/A | N/A |
| PROGRAM CHANGES TO THE APPLICATION / SYSTEM | Have there been any developments or program changes (source code changes) made to the system during the current year/audit period? | Changes are logged within the version control system Linc uses (GitHub/Git). | Changes are logged within the version control system Linc uses (GitHub/Git). | Changes are logged within the version control system Linc uses (GitHub/Git). | For a complete log of changes made to the client’s app, a download from GitHub can be requested from Linc, by asking the client to log a support ticket with Linc and asking for this information. Please allow at least one week for Linc to compile and send this information to the client via the ticket response. | Provide 2 lists on requests: - list of GitHub pull requests that have been merged (gh pr list -s merged) - list of issues that are closed for cross reference with the pull request list (gh issue list -s closed) |
| SYSTEM REPORTS | Is there a report writer used in conjunction with the standard system reports and who has access to change these reports? | Any changes to base Microsoft reports are done using report extension objects (this is for the dataset of the report) and custom report layouts (this is for the visual layout of the report). The same is true for non standard reports (custom reports built for the client). The dataset parts are built or changed through source code changes and follows the same principles as other source code changes, compilation and deployment - see above. The layout parts are editable in Microsoft’s ReportWriter using the RDLC language/layout tool. The built-in, default layouts of standard reports can not be directly modified, but they can be copied and custom layouts can be generated, stored in the application and be selected as the new default for any related report object. See “How to obtain the answer” for more information on how to access a list of custom report layouts and defaults. | Any changes to base Microsoft reports are done using report extension objects (this is for the dataset of the report) and custom report layouts (this is for the visual layout of the report). The same is true for non standard reports (custom reports built for the client). The dataset parts are built or changed through source code changes and follows the same principles as other source code changes, compilation and deployment - see above. The layout parts are editable in Microsoft’s ReportWriter using the RDLC language/layout tool. The built-in, default layouts of standard reports can not be directly modified, but they can be copied and custom layouts can be generated, stored in the application and be selected as the new default for any related report object. See “How to obtain the answer” for more information on how to access a list of custom report layouts and defaults. | Any changes to base Microsoft reports are done using report extension objects (this is for the dataset of the report) and custom report layouts (this is for the visual layout of the report). The same is true for non standard reports (custom reports built for the client). The dataset parts are built or changed through source code changes and follows the same principles as other source code changes, compilation and deployment - see above. The layout parts are editable in Microsoft’s ReportWriter using the RDLC language/layout tool. The built-in, default layouts of standard reports can not be directly modified, but they can be copied and custom layouts can be generated, stored in the application and be selected as the new default for any related report object. See “How to obtain the answer” for more information on how to access a list of custom report layouts and defaults. | Find the “Custom Report Layouts” page in the application to list all custom layouts stored in the application. Find the “Report Layout Selection” page in the application to list which custom report layout is selected as the default for each report object in the system. Any report object with an ID of between 50000 and 99999 is a custom report. Any report object with an ID less than 50000 and more than 99999 is a base Microsoft report. | Linc Audit - Report Information |
| SYSTEM REPORTS | Certain reports are used by the financial audit team in their testing. Confirm in a table whether the reports are standard or customised. If the report is customised, explain how the report has been customised | See below for the principles behind standard or base report customisation. If a base report has a custom report layout associated with it in “Report Layout Selections” it has been customised. The detail of what has been customised is too complex to describe generally or even per report - the client should have the detail for this in the change request ticket related to the development. | See below for the principles behind standard or base report customisation. If a base report has a custom report layout associated with it in “Report Layout Selections” it has been customised. The detail of what has been customised is too complex to describe generally or even per report - the client should have the detail for this in the change request ticket related to the development. | See below for the principles behind standard or base report customisation. If a base report has a custom report layout associated with it in “Report Layout Selections” it has been customised. The detail of what has been customised is too complex to describe generally or even per report - the client should have the detail for this in the change request ticket related to the development. | See above for the definition of what constitutes a standard report. If a standard report has a custom layout associated with it in Report Layout Selections, it has been customised. | Linc Audit - Report Information |
| SYSTEM REPORTS | Provide information to indicate under which menus the above reports are listed. | All executable reports are searchable from the menu in the system and the search results will indicate under which menus/pages/sections they are available. | All executable reports are searchable from the menu in the system and the search results will indicate under which menus/pages/sections they are available. | All executable reports are searchable from the menu in the system and the search results will indicate under which menus/pages/sections they are available. | Click on the magnifying glass “search” icon and start typing the name of the report. | N/A |
| JOURNAL ENTRIES | Please provide a listing of automated and system generated journal identification codes (e.g. AR=AR journals, SA =Sales journals, JE =manual journals), together with a description of these codes | See “How to obtain the answer” across | See “How to obtain the answer” across | See “How to obtain the answer” across | Find “Source Code Setup” and “Source Codes” for how source codes are mapped to various functional areas, subledger and journal purposes within the system. | Linc Audit - Source Codes |
| JOURNAL ENTRIES | Are these journal codes automatically generated when a manual journal is entered, OR must a user enter the ID manually? | Source codes are mapped in a system administrator accessed setup table called “Source Code Setup” - from here the usage of these source codes during automatic subledger to general ledger posting, as well as during manual journal posting, are automatically added to the transaction audit trail. | Source codes are mapped in a system administrator accessed setup table called “Source Code Setup” - from here the usage of these source codes during automatic subledger to general ledger posting, as well as during manual journal posting, are automatically added to the transaction audit trail. | Source codes are mapped in a system administrator accessed setup table called “Source Code Setup” - from here the usage of these source codes during automatic subledger to general ledger posting, as well as during manual journal posting, are automatically added to the transaction audit trail. | N/A | N/A |
| JOURNAL ENTRIES | If it is automatically generated, can users change (edit) the source identifier to mask a manually captured journal (fraud risk) | User are not able to mask the system defined Source code for automatic or manual journal posting. | User are not able to mask the system defined Source code for automatic or manual journal posting. | User are not able to mask the system defined Source code for automatic or manual journal posting. | N/A | N/A |
| JOURNAL ENTRIES | Please list all tables in the database (for general ledger and sub-ledgers, if applicable) to which the manual journals are posted to | General ledger entries, Item ledger entries, Customer ledger entries, Vendor ledger entries, Fixed asset ledger entries, Bank account ledger entries | General ledger entries, Item ledger entries, Customer ledger entries, Vendor ledger entries, Fixed asset ledger entries, Bank account ledger entries | General ledger entries, Item ledger entries, Customer ledger entries, Vendor ledger entries, Fixed asset ledger entries, Bank account ledger entries | N/A | N/A |
| JOURNAL ENTRIES | For the tables listed under the above point, which column contains the manual journal source identifier and which code should be used to identify manual journals? | Source Code / Journal Batch Name | Source Code / Journal Batch Name | Source Code / Journal Batch Name | N/A | N/A |
| JOURNAL ENTRIES | In the journals extract, which column can be used to identify the contra account for a journal? | Balancing Account | Balancing Account | Balancing Account | N/A | N/A |
| JOURNAL ENTRIES | In a data extract format of journals, which column should be used to identify journal type? | Source Code | Source Code | Source Code | Using the source code value, look where it is mapped under “Source Code Setup” and this will identify which type of journal it is. | N/A |
| JOURNAL ENTRIES | In the column specified above, which ID/s should be filtered on to identify manual journals? | See “How to obtain the answer” across | See “How to obtain the answer” across | See “How to obtain the answer” across | Any source code value that has been mapped to a source code purpose field in the “Source Code Setup” page where the purpose field contains the word “Journal”, indicates a manual journal. | Linc Audit - Source Codes |
| JOURNAL ENTRIES | Provide a text file of all general ledger entries for the audit period (journals extract) | See “How to obtain the answer” across | See “How to obtain the answer” across | See “How to obtain the answer” across | General ledger entries can be downloaded from the page with the same name. If the volume is too large to use the standard Open In Excel option from the page, a text file download will have to be provided by Linc. | Linc Audit - General Ledger Extract |
| BACKUP MANAGEMENT | Backup policies, procedures and standards | Linc does not perform IT management services to any of its clients and therefore does not have responsibility, control or privileges to backups, backup procedures or disaster recovery strategies or configurations. The client’s appointed or internal IT management and administration personnel will need to provide this information. | Linc’s multi-tenant hosted environment is managed and maintained by a third-party specialist IT managed services and hosting company. For an audit-friendly summary of the general backup, recovery and disaster recovery standards and procedures application to Linc’s hosted environment, the client can log a ticket with Linc through the normal helpdesk and request a copy of this document. Please allow a week to prepare this information and it will be attached in the reply to the ticket, addressed to the client. | Neither the client’s users, nor Linc itself has access to the servers whatsoever, as Microsoft offers the application in a fully SaaS fashion. Refer to Microsoft’s documentation for the general service terms and specifics about backups and recovery (https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/service-overview#databases-and-backups) | Request from Linc via help desk ticket. | N/A |