For a growing Salesforce org, an audit should be completed on a regular basis. We discuss what you should be monitoring and why it's important for your org.
At the most basic level, a Salesforce Audit provides analytics and diagnostics that reveal how the tool is being used internally, where you may have gaps or issues with data security, errors that exist across the code base, and an overview of all change logs.
Let's start with looking at some of the native tools that exist within Salesforce to help with conducting an audit:
It provides a score to measure how well your current security settings meet the baseline standards set by Salesforce.
Available in production orgs, this allows Administrators monitor adoption and utilization metrics, such as daily active users (DAUs), active licenses, most visited pages, and more. This is a critical tool to understand how Salesforce is actually being used internally and should be paired with qualitative user interviews as part of a thorough audit.
If your company is using Communities (Experience Cloud) to connect with external B2B or B2C users, it's critical that you run a portal health check to monitor access points and security-related protocols.
This is a critical component to monitoring your technical debt on a periodic basis. These serve as notifications to monitor when an Apex class or trigger exceeds 50% of an Apex governor limit or when an unhandled exception occurs in a trigger or class.
Keeping tabs on the usage limits for API requests is important to maintaining best practices and ensuring there are no outages or lost data syncs with 3rd party tools you have integrated to Salesforce. Particularly for growing startups with a number of unmanaged applications integrated with Salesforce, you will want to monitor these limits.
As a general best practices for data hygiene and general usability of your Salesforce tool, you want to conduct these reports on a periodic basis and devise a strategy for de-duplication.
As companies move away from process builder and flows continue to take over as the primary way to enhance Salesforce functionality, you want to monitor performance and debug regularly. Especially as we see orgs migrate legacy Apex code into automations powered by flows, this regularly maintenance is important to ensure best practices.
While a Salesforce audit is dependent on the size and complexity of an org (as well as the actual Salesforce products implemented), here is a general checklist you can follow when conducting one.
Before diving into the actual application, a Salesforce Consultant will need to conduct a very quick business process review to document the primary workflow of the teams actually leveraging the product. This can often be done through a couple user interviews and a session with stakeholders.
These are out-of-the-box tools that an Administrator or Consultant can initiate within the org. Start with running these tools within Salesforce to get the basic metrics that will inform on areas of the platform that should be evaluated in more detail as you undergo the audit.
Another step that involves out-of-the-box tools available in Salesforce, this will provide metrics on usage data, daily users, data volumes being added to Salesforce, and more that helps understand where a company might be spending for licenses that aren't leveraged. (It's also an important component in looking at user privileges and standardizing your permission sets.)
Run through general items like the Apex error e-mails, default workflow rules, and current settings to form a general understanding of what has been implemented. Documentation of Workflows, Process Builder, Flows, and Apex code is the most involved step of a Salesforce audit and details the specific functionality that has been deployed, how the automations are triggered, where best practices have been followed, current issues or bugs in the build, and overall data flow.
A look at the architecture and utilization of standard and custom objects to better document and diagnose the relationship automations have throughout your entire Salesforce org. This is often where architecture standards have a lot of area to improve so this diagnostic phase will often result in high-impact projects that could be approached as part of an optimization effort.
If you are a startup or mid-sized Salesforce Customer, a thorough audit shouldn't take more than ~20 hours of work by a Salesforce Consultant or Sr. Salesforce Administrator.
The finished product of this audit should provide a general assessment of your org's health across all categories detailed above.
The goal of conducting these health checks is to identify the bugs or issues in your current setup (top priorities), a slate of recommended projects that will help optimize current utilization or deliver significant value in how the tool is being used, and a broader Salesforce roadmap for how the instance could be built upon in the future.
When selecting Salesforce, a company is typically looking for it to be a tool that can scale with the business and completing Salesforce audits consistently will enable you to adhere to best practices and maintain the standards needed for it to serve as a scalable platform.