DIY Salesforce Audit Guide for Admins
Posted by Soumya Manikkath
Every Salesforce org needs to be run by someone with a touch of the Marie Kondo spirit. For those of you who don’t know her and the KonMari method, stop whatever you are doing and check out her channel right now! Her approach to decluttering your home rests on identifying things that spark joy and finding ways to get rid of those that don’t. Picture your Salesforce org as the home and you, the Salesforce admin as Marie Kondo and its reminiscent of a Salesforce audit just waiting to happen!
A Salesforce instance, however big or small, will benefit from a regular Health Check. In KonMari terminology, an org Health Check will give you a fair understanding of the ‘clutter’ that you need to sort through. The Salesforce Optimizer is a powerful tool that sets the groundwork for Salesforce admins to provide recommendations based on 25+ org metrics to clean up and improve your Salesforce org. Once you have the report in hand, it’s time to let your inner Marie Kondo out and identify which metrics ‘spark joy’ in your Salesforce org.
Let’s take a look at a 9-point best practices guide that you can follow to make sure you get the most out of your Salesforce org:
1. Data Quality Maintenance
Each department or unit within your business will be likely to use data differently. If your source data is bad, it will reflect adversely on your business as well.
Tip #1: Identify the unused roles, profiles, fields and objects to be deleted. While deleting, make sure to be mindful of the risks of cascade delete for child and parent records.
Tip #2: Make sure you have validation rules in place that ensure user-specified data meets pre-defined standards before being saved as a record.
Tip #3: You can use customized Page Layouts that match the business process being executed.
Tip #4: Build exception reports and dashboards that tell you about missing or mismatched information on records – they are great tools to get hold of bad data.
Tip #5: Keep a tab on industry-specific regulations before moving any unused data. You don’t want legal trouble by accidentally deleting relevant data that was better off just being archived.
Tip #6: Create a weekly or monthly data hygiene schedule to have a sustainable plan in place for the future.
Tip #7: Make use of Help Text and In-App Guidance to inform users about the type and format of data to be entered.
2. Org Backup and Data Storage
To check storage within your org, follow this path:
Setup —> Admin Setup —> Data —-> Storage Usage or just search for Data Storage in the Quick Find box.
Tip #8: Set up Weekly Export Service to export your org backup to a secure location. This option is available for Enterprise Edition or higher.
Tip #9: Archived activities count against storage. Active or archived products, price books, price book entries, and assets don’t count against storage.
3. Users and Profiles
Tip #10: Make sure you reassign records from previous users who have left your organization to active or new users so that client data remains updated.
Tip #11: The number of profiles you create should be only what you need. Yes, pretty basic tip, but we feel it still needs to be called out!
Tip #12: Make use of custom profiles when necessary.
Tip #13: Check how licenses are allocated. As the Success Community Jedi Master Jeff May states here, “I always ask clients to think about using Profiles for ‘license assignments’ and use Permission Sets for everything else.”
Tip #14: Make sure you check the login history report to track user adoption.
Tip #15: A best practice to ensure password security is to request password resets for all your users at regular intervals of say, 90 days.
Tip #16 :Establish feedback loops for system users to report security incidents promptly and easily.
Tip #17: Follow the Principle of Least Privilege which gives users the barebone permissions needed to do their job right.
Tip #17: Work with the security team to build a layered security model for network access such as Zero Trust Architecture or Event-driven Architecture to place protections throughout the IT environment.
Tip #18: The ‘Modify all Data’ permissions should be reserved for admins and powerful users.
Tip #19: Fields can be marked ‘required’ depending on how relevant they really are to the business process. The aim of the page layout should always be to strike a balance between user experience and relevance. It’s always better to place the required fields at the top of the page layout to reduce the amount of scrolling needed.
Tip #20: Keep track of unused fields through the field report. In some cases, unused fields that can hold important data may still need to be maintained for business processes.
Tip #21: Make data type on custom fields as a picklist to restrict users from entering bad data.
Tip #21: Enable Field History Tracking for all objects to know what happened with a field and when.
Tip #22: You can enable Field Level Security or the read and write accessibility of a field at the Profile, Field or Page Layout Level to set how different users interact with the field.
6. Apps and integrations
Tip #23: Review installed Appexchange apps to see if any of them need to be uninstalled or updated.
7. API Usage
API resources have limits in a Salesforce org. Each org allows a definite number of API calls within a 24-hour period which refresh every 24 hours.
Tip #24: Carefully administer and schedule processes as needed to ensure no critical jobs fall short of necessary API resources and impact your business.
8. Documentation Strategies
Tip #25: Create data dictionaries that provide detailed information about your org’s data elements and how they connect.
Tip #26: Implement change logs to have a clear audit trail of the history of your org.
Tip #27: Create a visual illustration of how the elements of your org work together to know what improvements can be done.
9. Org streamlining
Tip #28: Make use of page layouts, record types and required fields to enter information easily.
Tip #29: An object can have a maximum of 10 record types for manageability. If there are more, you can evaluate the possibility of splitting this into its own custom object.
Tip #30: Use List Views to ensure information can be found easily.
Tip #31: Make use of the Search Layout option to find multiple data types and field numbers quickly. This allows you to look up multiple fields in global search or in lookup function.
Tip #32: Use compact layouts to customize the fields of object records that are displayed on the Salesforce mobile app and Lightning Experience.
Tip #33: For objects with more than one record type, the Record Type Overrides section that appears when the primary layout is selected helps you assign specific compact layouts to different record types.
Tip #34: Each object should have only one active trigger for the same event to abide by governor limits.
Through a complete Salesforce Audit of your org, you can understand if technical debt has been built into your Salesforce instances and by how much and if it is slowing down your business. Talk to our expert consultants at Dazeworks for a bonus, no-strings attached Org Health Check.