Quick facts
- Price
- $499.00 USD
- dynamics_365_business_central versions
- —
- Setup time
- 20160 min
- License
- One-time perpetual
- Languages
- 11 languages
One-time Purchase
Maker-Checker Audit & Internal Controls for Business Central
A per-tenant AL extension that adds segregation-of-duties rules, field-level change logging, maker-checker approvals on master data, and tamper-evident audit reporting to your Business Central environment — built, installed, and supported by ECOSIRE.
$499.00USD
No payment now. This sends a quote request to our team — we'll follow up by email with pricing and next steps.
Key Features
Field-level change log capturing before/after values, actor, and UTC timestamp for every monitored table via OnBeforeModify/OnBeforeValidate event subscribers
Maker-checker two-person gate on master data — flagged edits are parked in a pending-changes table and only committed after an authorized checker approves
Segregation-of-duties conflict engine that evaluates Business Central permission sets and user groups against your toxic-combination matrix
Tamper-evident audit log using a chained hash so any retroactive edit to the log record is detectable
Scheduled user access reviews generated via Job Queue and routed to designated reviewers with sign-off capture
Configurable scope — apply controls to Customer, Vendor, Item, Bank Account, G/L Account, Payment Journals, and your own custom tables
Page extensions adding Approve/Reject/Request-change actions and pending-status FactBoxes directly in the standard BC role centers
REST/OData API endpoints exposing audit, SoD, and access-review data to Power BI, Dataverse, or external GRC platforms
Reason-code and comment capture on every reject/override for a complete approval trail
PDF and Excel export of audit reports, SoD findings, and access-review attestations for auditor handover
Email notifications to checkers and reviewers via the BC notification framework when an item awaits action
Role-based control configuration so admins maintain rules without code via setup pages
About this Product
Microsoft Dynamics 365 Business Central ships with a built-in Change Log and a generic approval workflow engine, but neither gives auditors what SOX, ISO 27001, or internal-controls reviews actually demand: enforced segregation of duties, a true two-person maker-checker gate on master-data edits, and audit evidence that can be proven untampered.
Why Choose Maker-Checker Audit & Internal Controls for Business Central
Field-level change log capturing before/after values, actor, and UTC timestamp for every monitored table via OnBeforeModify/OnBeforeValidate event subscribers
Maker-checker two-person gate on master data — flagged edits are parked in a pending-changes table and only committed after an authorized checker approves
Segregation-of-duties conflict engine that evaluates Business Central permission sets and user groups against your toxic-combination matrix
Tamper-evident audit log using a chained hash so any retroactive edit to the log record is detectable
Scheduled user access reviews generated via Job Queue and routed to designated reviewers with sign-off capture
Configurable scope — apply controls to Customer, Vendor, Item, Bank Account, G/L Account, Payment Journals, and your own custom tables
This is a build-to-order AL extension that closes that gap. ECOSIRE scopes your control matrix, builds the extension, and installs it as a per-tenant extension directly on your Business Central environment (cloud SaaS or on-prem) — there is no AppSource download. You receive the working app on your tenant plus the source.
Under the hood we use table and page extensions plus event subscribers (OnBeforeModify, OnBeforeDelete, OnAfterValidate) to intercept changes to the records you designate — Customer, Vendor, Item, Bank Account, Payment Journal lines, G/L Account, and your own custom tables. A flagged change is parked in a pending-changes table and routed to an authorized checker; only on approval is the record committed. Every field-level before/after value is written to an append-only log with the actor, timestamp, and a chained hash so any later edit to the log itself is detectable.
Segregation-of-duties conflict rules are evaluated against Business Central permission sets and user groups, surfacing toxic combinations (e.g., a user who can both create a vendor and release a payment). Periodic user access reviews are generated on a Job Queue schedule and exported via the BC REST/OData API to Power BI or Dataverse for your GRC tooling. Reports export to PDF/Excel for auditors.
What you get
- Working per-tenant AL extension installed on your Business Central environment (cloud SaaS or on-prem)
- Full AL source code, app.json, and permission set definitions transferred to you
- A configured segregation-of-duties conflict matrix and monitored-table list scoped to your control requirements
- Setup pages and an admin runbook for maintaining SoD rules, monitored fields, and checker assignments
- Power BI / Dataverse export configuration for audit, SoD, and access-review datasets where requested
- Knowledge-transfer session plus a one-page auditor-facing description of how tamper-evidence and maker-checker are enforced
Who this is for
Internal Controls / Compliance Manager
Owns the SOX or ISO 27001 control matrix and needs enforced segregation of duties plus defensible audit evidence, not just a passive change log they have to reconcile by hand.
Finance Director / Controller
Wants a real two-person gate on bank-account, vendor, and payment-master changes to prevent fraud and error, with a clean approval trail for external auditors.
Business Central Administrator
Maintains permission sets and user groups and needs visibility into toxic permission combinations plus scheduled, exportable access reviews without building it all in raw AL.
Installation overview
Download from ECOSIRE
Buy the license on ecosire.com and download the Maker-Checker Audit & Internal Controls for Business Central module ZIP from your account dashboard.
Upload to Odoo
Extract the ZIP into your Odoo custom addons folder on the server (or upload via Apps > Install from file on Odoo.sh / runbot).
Install the module
Activate Developer Mode, open Apps, click Update Apps List, search for Maker-Checker Audit & Internal Controls for Business Central, and press Install.
Configure settings
Open the new menu, paste your ECOSIRE license key, connect any external credentials (Shopify, Amazon, Stripe, etc.), and save.
Verify & go live
Run the built-in connection test, sync your first 10 records, and schedule the recurring cron. Contact support if anything fails.
How Maker-Checker Audit & Internal Controls for Business Central Compares
| Criterion | ECOSIRE | Custom Build | Competitor | Odoo Native |
|---|---|---|---|---|
| Enforced two-person maker-checker gate on master-data edits | ||||
| Field-level before/after change log with actor and timestamp | ||||
| Tamper-evident audit log (chained hash, edit-detectable) | ||||
| Segregation-of-duties conflict engine over permission sets | ||||
| Scheduled user access reviews with sign-off via Job Queue | ||||
| Scoped to your exact control matrix and custom tables | ||||
| Installed and upgrade-maintained for you per BC release | ||||
| REST/OData export to Power BI / Dataverse / GRC tooling |
Frequently Asked Questions about Maker-Checker Audit & Internal Controls for Business Central
+How is this delivered — is it an instant AppSource download?
No. This is a build-to-order engagement. ECOSIRE scopes your control matrix and monitored tables, builds the AL extension, then installs it as a per-tenant extension directly on your Business Central environment. You also receive the source. There is no AppSource listing or self-service download involved.
+What is the typical delivery lead time?
A standard scope — change log, maker-checker on the common master tables, an SoD matrix, and access reviews — is usually delivered in about 2 to 4 weeks from sign-off and access. Wider scope (many custom tables, deep Dataverse/GRC integration) extends that, and we confirm the timeline in writing before starting.
+How does ongoing support and updates work?
Because it is a per-tenant extension we maintain for you, ECOSIRE handles compatibility with Business Central monthly and major releases, fixes, and reasonable rule changes under a support arrangement agreed at purchase. You are never left to re-test the extension against a BC upgrade alone.
+Does this replace the built-in Business Central Change Log and approvals?
It complements them. The native Change Log is passive and the native approval workflow is generic; this extension adds an enforced two-person maker-checker gate, a tamper-evident chained-hash log, and an SoD conflict engine — controls the core product does not provide. We can run alongside or supersede the native Change Log depending on your audit preference.
+Will it work on both cloud (SaaS) and on-premises Business Central?
Yes. It is written in AL as a standard extension and installs on Business Central online (SaaS) as a per-tenant extension, or on a supported on-premises deployment. Some integration paths (Dataverse, certain APIs) differ slightly between cloud and on-prem, and we account for your deployment during scoping.
+Can it monitor our custom tables and fields, not just standard ones?
Yes. The event-subscriber and pending-changes design extends to any table, including custom tables added by other extensions, as long as we can subscribe to their modify events. Your custom-table scope is defined during the build.
Why Customers Trust ECOSIRE
SOC 2 Aligned
GDPR Compliant
Secure Stripe Payment
30-Day Money Back
Lifetime Updates
LGPL-3.0 License
Related Modules
Request a quote
Maker-Checker Audit & Internal Controls for Business Central
A per-tenant AL extension that adds segregation-of-duties rules, field-level change logging, maker-checker approvals on master data, and tamper-evident audit reporting to your Business Central environment — built, installed, and supported by ECOSIRE.
- Field-level change log capturing before/after values, actor, and UTC timestamp for every monitored table via OnBeforeModify/OnBeforeValidate event subscribers
- Maker-checker two-person gate on master data — flagged edits are parked in a pending-changes table and only committed after an authorized checker approves
- Segregation-of-duties conflict engine that evaluates Business Central permission sets and user groups against your toxic-combination matrix
- Tamper-evident audit log using a chained hash so any retroactive edit to the log record is detectable