User and role extract
Dated export of users, roles and session authorisations. Leavers removed, dormant accounts disabled, superuser count justified.
Infor LN compliance guide
Written for UK manufacturers running LN or CloudSuite Industrial Enterprise, especially where an audit, a customer quality requirement or a board question has just made "we think it is fine" an unacceptable answer.
When an auditor, customer or parent company asks about compliance on an LN system, they are rarely asking about certificates. They are asking whether the business controls its ERP or merely operates it. That question always resolves into evidence: extracts, registers, reconciliations and sign-offs that show a control worked on a date, reviewed by a named person.
LN gives you the raw material. The authorisation model records who can run which sessions. Transaction and change logs record what happened. The database holds every figure a report claims. What LN does not do is assemble any of that into a compliance position. That assembly work, done as a quarterly routine rather than a pre-audit panic, is what this checklist covers.
The four areas below fail in a predictable order. Access control fails first because go-live access is never tidied up. Master data fails second because nobody owns it. Migration evidence fails when a consolidation or upgrade moves data without reconciliation. Reporting evidence fails loudest, because it is the one leadership sees every month.
Can you produce a current list of users, their roles and their session authorisations, and show that someone reviewed it? Can you show that conflicting combinations, such as maintaining supplier bank details and running the payment batch, are either designed out or covered by a documented mitigating control?
This is the area with the most established method, covered in detail in the Infor LN segregation of duties guide: extract the access model, agree a conflict matrix with finance, name the exceptions, decide each one, sign the register.
Items, business partners, routings, price books, warehouses and units all drive transactions and reports downstream. Compliance here means each domain has a named owner, changes to sensitive fields are approved and traceable, and there is a periodic quality check with results someone actually reads. A master data ownership matrix, even a simple one, converts this from opinion to evidence.
Any migration, consolidation or major data conversion should leave behind control totals and sample-level reconciliation between source, staging and LN: open orders, stock quantities and values, ledger balances, master record counts. If that evidence was not produced at the time, a retrospective reconciliation against the go-live position is the honest fix, and it is exactly the work that surfaces the data defects still causing reporting arguments today.
Every disputed month-end number is a compliance gap wearing an operational costume. Compliance means the key measures, backlog, availability, OTIF, stock value, revenue, margin, have written definitions, and each can be traced from the report through its transformations back to LN source tables. Where ERP and Power BI reports disagree, the trace is the fix, and the documented trace is the evidence.
Run these eight checks each quarter and file the outputs. That file is your compliance position.
Dated export of users, roles and session authorisations. Leavers removed, dormant accounts disabled, superuser count justified.
Extract mapped against the agreed conflict matrix. Each conflict fixed or accepted with a named mitigating control.
Ownership matrix current, sensitive-field changes sampled and matched to approvals.
Defect counts by domain against last quarter. Rising counts get an owner and a date.
Stock value, open order book and one ledger balance traced from report to LN source.
Definitions for the contested measures reviewed and still matching what the reports actually calculate.
ERP changes since last quarter linked to requests and approvals, workarounds reviewed for permanence risk.
One page, signed by finance and operations owners, listing what was checked, what failed and what was accepted.
Do not try to stand all eight checks up at once. Start with whichever area has live pain: the audit finding, the disputed number, the migration nobody reconciled. Build the evidence routine there, prove it is cheap to maintain, then extend it. A business that runs two of these checks well is in a stronger audit position than one with an aspirational policy covering all eight.
Digital Adaption typically starts engagements from exactly one of those pain points, most often the SoD review or a reporting reconciliation, and leaves the quarterly routine behind as the deliverable. The related guides cover the deeper method: segregation of duties in LN, what an Infor LN consultant does, and the wider Infor LN guides hub.
Four areas in practice: who can do what in the system (access and segregation of duties), whether standing data is owned and controlled (master data), whether migrated or converted data reconciles to source (migration evidence), and whether the numbers the business reports can be traced back to LN (reporting evidence).
A process. LN provides the authorisation model, audit trails and data to evidence control, but compliance is the routine of extracting, reviewing, deciding and signing off. No configuration setting produces that on its own.
Commonly: a user and authorisation extract with an SoD conflict review, change and approval records for master data, reconciliation evidence for any migration or consolidation, and definitions plus source tracing for the key reported numbers such as stock, backlog, revenue and margin.
Start with the finding or the number the business trusts least. If an auditor has already raised access, start with the SoD review. If finance disputes the figures, start with reporting reconciliation. Evidence built around a real pain point gets used; generic reviews get shelved.
This guide is written for Digital Adaption clients and is grounded in official vendor material plus practical ERP audit, migration and reporting delivery experience.
Start with the check that is already hurting: access, master data, migration reconciliation or a number finance will not sign.
View Infor LN consultant UKTell me what needs to migrate, what no longer reconciles, or which report the business no longer trusts. If there is a fit, we start with a 5 to 10 day ERP Data Readiness Review.