Salesforce Audit: How are your processes doing?

Salesforce is a living system that is constantly changing. Whether it's new data, the introduction of new processes, or automation. Salesforce is there to work and scale agilely - if it was set up that way. However, after a certain amount of time, even Salesforce can experience limitations and error messages. This is usually due to a combination of inaccurate data entry, inadequate training and change management. 

In this article, we will explain what a Salesforce Audit is, which functions you can use for this purpose and how the Salesfive Health Check can support you in this process. 

An audit refers to a risk and vulnerability analysis of a software. Threats to the security of the system can arise from criminal attacks, organizational deficiencies, technical accidents or force majeure. Vulnerabilities in this case mean errors in an IT system or organization that make it susceptible to threats. This alone is not enough to endanger the security of a system. However, it becomes dangerous when a threat encounters the existing vulnerability.   

Now you ask yourself: Where do such vulnerabilities come from, and how can I avoid them in my Salesforce system? The causes are many and varied. They can lie in the design, implementation or operation. Included here are also human error, design flaws and many more.

While Salesforce may seem intuitive and, in some cases, not overly complex to use, the platform itself is far more complex than one might think. It is therefore very important for Salesforce developers, administrators and operators to be careful and precise when implementing the platform for their customer organization. This includes regularly auditing Salesforce and its various tools and platforms to ensure their smooth functioning. This can be done thanks to a Salesforce audit.   

Audits provide information about system usage that can be critical to diagnosing potential or actual security issues. Salesforce's monitoring capabilities don't secure your company by themselves. Someone in your organization should perform regular audits to identify potential misuse.  

During a Salesforce audit, the platform as a whole or specific tools related to the platform are thoroughly reviewed. Just like a financial audit, the Salesforce audit is performed to ensure the system is running smoothly and efficiently and to take preventative measures for the issues (if any).  

The Salesforce audit process helps users to identify useful information about the CRM platform and diagnose the real potential of the same. Audit functions are available to every company and every user who uses Salesforce. We are going to present them to you now.

Record modification fields  

Salesforce gives you the ability to store and track customer information by recording it in Salesforce objects. These objects contain multiple records created by users to process customers on an individual basis. Salesforce objects also contain various fields with data on the names of users who created specific records and the names of users who modified those records. This information is an essential basis for conducting a Salesforce audit.  

Monitoring login history  

The 1x1 of a Salesforce audit definitely includes monitoring the login history. For this, you can use a function that allows you to determine and check a list of all successful and failed login attempts in your org. This is precisely the data that is of great importance for an audit. They help the auditor, i.e. the person performing the audit, to check the security of the system. The logon history can be traced back up to six months.  

Tracking the course of the field  

Your:e Auditor:in can view the history of specific Salesforce objects and retain the data for up to 18 or 24 months (if you use an API).  

Field history can be tracked for all custom Salesforce objects and a few more standard objects: Accounts, Operations, Contacts, Leads, Opportunities, Orders, Products Ordered, Entitlements, Solutions, Products, Price Book Entries, Assets, Campaigns, Items, Contracts, Contract Items, and Service Contracts.  

Each time you introduce changes to the fields of the above Salesforce objects, an entry is added to the history list. These entries usually refer to the date the change was made, the time it was made, the type of change, and the name of the user who made the change.   

Free audit version  

The Field Audit Trail gives your users the ability to set a specific policy for retaining archived data for a field history of up to ten years from the time the data is archived. This component allows you to perform Salesforce audits in compliance with industry regulations for Salesforce data retention.   

With "Field Audit Trail" you can track a maximum of 60 fields for each Salesforce object. Without this feature, you can only track 20 fields per Salesforce object. You can define field retention policies for all standard Salesforce objects whose field history can be tracked, and for all custom Salesforce objects with field audit trail enabled. This allows you to include field retention policies in the form of managed and unmanaged packages as well.

You can perform the presented functions yourself as part of your Salesforce audit. However, here you need not only enough time, but also a sufficiently trained person who has the skills to take over the audit. In most (not all!) cases, there is often neither the time available nor the selected auditor sufficiently briefed. No need to worry!  

Because we have developed our own audit strategy, which we implement for you as part of our Salesfive Health Check. We take care of the audit for you! And you can concentrate on the essentials: Your customers and your daily business. The Salesfive Health Check goes far beyond a standard Salesforce audit. We analyze not only the security, weaknesses and potential risks of your system, but also user acceptance and potential utilization.   

We calculate a Health Check Score based on a questionnaire that you complete. The calculation is made up of three dimensions that are queried in the questionnaire: technical integrity of your system, usability & user experience, and potential utilization. Based on the data obtained, we derive concrete recommendations for action and show you in the same breath how we would implement them. You decide whether we start optimizing your system together.  

If you have any questions, please do not hesitate to contact our experts. We look forward to your inquiry!