Data Extraction Guide
for Oracle NetSuite
Step-by-step instructions for your IT team to extract the required data files from NetSuite via SuiteQL REST API or manual export for the V/ergent security and controls assessment. Includes Release 5 programme packs: 25 AML / Wolfsberg controls + 50 cross-system SoD rules + (SAP-only) 30 SAP-GRC-parity fraud patterns.
Recommended extraction path
Use the V/ergent extractor first. It writes CSVs to a timestamped folder under C:\Vergent\Export, then you upload that folder into the audit project.
Manual path if automated extraction is blocked
Use the required-file list below as the manual checklist. Keep filenames unchanged, leave unavailable files empty with only headers, and record any missing source in the upload notes before running the audit.
Extract-VergentNetSuite.ps1 which uses the SuiteQL REST API to extract all 20 files automatically. No additional PowerShell modules are required — it uses pure .NET HttpClient. See Section 2.| Requirement | Details | Notes |
|---|---|---|
| NetSuite Role | Administrator or Full Access | Required for system notes, audit trail, and cross-subsidiary queries |
| Token-Based Auth (TBA) | ConsumerKey, ConsumerSecret, TokenId, TokenSecret | Setup → Integrations → Manage Authentication → Token-Based Authentication |
| SuiteQL Feature | Enabled in Company Preferences | Setup → Company → Enable Features → SuiteCloud → SuiteQL |
| Account ID | Numeric or alphanumeric (e.g. 123456 or 123456-sb1) | Setup → Company → Company Information → Account ID |
All files are CSV format. The PowerShell script produces these exact filenames.
User Accounts
All NetSuite users: status, admin flag, department, 2FA status, IP restriction, subsidiary access, last login date
Role Assignments
User ↔ role mappings with subsidiary scope and assigned date
Role Permissions
Per-role permission set: permission ID, name, and level (Full/Edit/View/Create)
Subsidiaries
Subsidiary hierarchy: name, country, currency, parent, elimination flag
Login Audit Log
All login attempts (last 90 days): user, IP address, status (Success/Failure), failure reason
System Notes / Change Log
Audit trail of changes to key records: vendor bank changes, user deletions, bulk operations
Account Preferences
System-level security settings: session timeout, HTTPS enforcement, 2FA requirement, IP rules, release preview
Accounting Periods
Period definitions: name, start/end dates, type (Month/Quarter/Year), open/closed status
Journal Entries
Manual journals (last 90 days): amount, created by, approved by, period, status
Transactions (AP/AR)
AP bills and payments (last 90 days): type, amount, vendor, created by, status
Vendor Master
All vendors: name, tax ID, bank account (masked), payment method, last modified by and date
Payment Transactions
Payment records (last 90 days): amount, vendor, created by, approved by, payment method
Approval History
All approval workflow events: record type, submitted by, approved by, date, status
TBA Integration Tokens
All TBA tokens: application name, linked user/role, permissions, created date, last used
OAuth 2.0 Tokens
OAuth client credentials: client ID, scope, issued date, last rotated, expiry
Script Deployments
RESTlet/SuiteScript deployments: name, execute-as role, audience (all roles vs. specific), status
Scheduled Scripts
Scheduled SuiteScript jobs: name, execute-as role, frequency, last run date, status
Saved Searches
Public/private saved searches: name, creator, access level, record type, PII content flag
Custom Field Definitions
Custom record fields: name, type, applies to, PII flag, access level
Password & Session Policy
Password complexity, expiry, session timeout, HTTPS enforcement settings
Native coverage: 17 SoD rules (NS-SOD-001..017) covering AP / AR / GL / payroll / FA / tax / user-admin.
Plus the three Release 5 programme packs that run alongside this platform's audit:
- AML / Wolfsberg Programme Controls — 25 controls spanning sanctions-list cadence, PEP / KYC review, CTR / SAR filing, structuring detection, transaction-monitoring tuning. Wired into all 7 ERP connectors (skips on cloud-only audits). Guide.
- Cross-System SoD — 50 multi-ERP conflict patterns spanning SAP × Oracle × D365 × NetSuite × Sage × AWS × Azure. Detects fraud paths a single-system review will never see. Guide.
- SAP Fraud Patterns — 30 SAP-GRC-parity patterns (STAD audit-log delete, debugger replace in PROD, Z* shadow SAP_ALL, dormant SAP_ALL, posting-period unlock + GL post, etc.). Guide.
Every finding carries citations across 13 frameworks (COSO 2013, COBIT 2019, NIST CSF 2.0, ISO 27001:2022, CIS v8, SOX ITGC, SOC 2 TSC, PCI DSS v4, HIPAA, DORA, NIS2, GDPR, Kenya DPA) — 11 of 13 at ≥75% mapped coverage. See the Check Packs page for per-pack framework coverage badges.