I completely agree with this point about weak internal controls and I'd go even further and point out that for us, this is causng a potential GDPR breach. If I allow a user access to approve invoices for her project, she automatically sees all invoices and expense claims for everyonce. The invoices contain sensitive data which (in the case of sole traders) is often personal data. The expense claims for other employess should always be a personal matter between the employee and the line manager. The options here are either a) I restrict everyone's access and dothe whole lot myself (which simply is not possible) or b) I give staff access in the way Xero is currently structured, knowing that I am exposing sensitive data inappropriately. If this is not resolved soon, we may have to move away from Xero to a an alternative software package where I can restrict user access as necessary. I am surprised that this is even an isue. I would have thought this would be a fundamental requiremetn in an accounting software package and built in right from the start.
Julie Chisholm
supported this idea
·
I completely agree with this point about weak internal controls and I'd go even further and point out that for us, this is causng a potential GDPR breach. If I allow a user access to approve invoices for her project, she automatically sees all invoices and expense claims for everyonce. The invoices contain sensitive data which (in the case of sole traders) is often personal data. The expense claims for other employess should always be a personal matter between the employee and the line manager. The options here are either a) I restrict everyone's access and dothe whole lot myself (which simply is not possible) or b) I give staff access in the way Xero is currently structured, knowing that I am exposing sensitive data inappropriately. If this is not resolved soon, we may have to move away from Xero to a an alternative software package where I can restrict user access as necessary. I am surprised that this is even an isue. I would have thought this would be a fundamental requiremetn in an accounting software package and built in right from the start.