Each account owner may access security options from the “Account Settings” tab. From the page, they may click the “Security” tab to open up the security options as below.
Every security option affects all users on the account so it is a good idea to let all users know of any changes to these options. The page looks like this:
Each change is saved automatically in real-time. The security option will affect the users as follows:
Automatically rollover completed jobs
Sometimes jobs are signed off but users forget to roll them over. Activating this option will roll over jobs 59 days after signoff if they have not already been manually rolled over. This will only work with clients that can be rolled over (i.e. not using one-off templates)
Two Factor Authentication
If the Two Factor Authentication option for the account is set, whenever Audit Assistant detects a user is logged in from a different device the user will be locked out of Audit Assistant and is emailed a security code to unlock their account. Every login attempt will create and send a new security code to the user's email address and the old code will become invalid.
NOTE: Even if this option is not activated every time a user's login name and password is being used on a different computer than they normally log in on they will be informed immediately by email. If they have not initiated this login they may click a link that immediately cancels the password and generates a new one, thus defeating the forced entry. Or they may simply ignore the email.
NOTE: from 22 January 2024 2FA will be enforced on all accounts to protect from sophisticated brute force attacks.
Login warning emails
This raises a warning email whenever a login attempt on a new device is detected. If this login is being made by the user, say from a second device, just ignore it. It is intended to alert the user to possible unauthorised access if their login details have been obtained by another person.
Only see assigned jobs
When enabled, users (other than the account owner) can only see jobs they have been assigned to. This leaves the responsibility of assigning people to jobs to the person that created the job.
Strict review mode
When enabled, users will not be able to review pages they have concluded themselves. So another partner, manager or external peer-reviewer will need to review each workpaper.
Complete review mode
When enabled, every page (workpaper, table, datasource, document and attachments) in a job is required to be reviewed before the job can be signed off. All of these pages can be seen on the client index page as well as on the "pending review" page found in the sidebar.
Enable partner complete mode
Pages that are tagged for partner completion will only be able to be completed by people who are in a partner role. This is on by default, but in special circumstances may be disabled.