Data Audit
- Aki Lähteenmäki (Unlicensed)
- Mikko Juola
- Mikko Juola (Deactivated)
Overview
With DCM Audit you can run blueprint compliance audits against the actual data in your ServiceNow instance. Audit functionality reports compliance of your data against the Blueprints and helps you to identify any deviations & fix the data errors.
The audit will analyze each record and link starting from a Root record against the Blueprint. Each step in the analysis will generate audit results and messages which tell if the particular record or link was compliant against the blueprint or if a deviation was found.
DCM Audit consists of:
- Audit schedules: which can be used to schedule an automatic or repeating audit instance.
- An audit can be run as scheduled or as an On-Demand Audit that doesn't include a schedule.
- Audit instances: each audit "run" creates an audit instance that includes the audit results.
- Instances are connected to Blueprints used to run the audit against
- Audit results: contain information about each element in the data structure and how it relates to a given blueprint.
- Audit results are related to audited records (the root record)
- Audit messages: different audit results are shown to users as messages with different deviation levels.
- Unique Audit Message is a unique version of repeating audit messages. Most reporting and remediation activities are based on unique audit messages.
- Audit currently identifies three different deviation levels in addition to compliant messages:
Color | Level | Description |
|---|---|---|
| Red | Major deviation | Mandatory records or links (relationships or references) are missing. |
| Orange | Minor deviation | Field values mismatch with field conditions. Or mismatch with link multiplicity. |
| Yellow | Note | Optional records or relationships are missing. |
| Green | Compliant | No deviations were found. |
Creating a new On-Demand Audit
DCM Auditor role is needed to create an Audit instance.
Go to DCM Home page and select "Audit" or click the Audit link from the Navigation menu:
Click "New On Demand Audit":
Select a Blueprint version to use in audit and give a name to your Audit instance.
- If you select the blueprint first without giving any name, the blueprint name will be used as the default audit instance name.
- Audit can also have a Category that can be used when reporting audit results.
- Audit Categories are defined as part of the Guided Setup for DCM.
Click next and then review the Record selection window
The window will show all the Root records that match with Blueprint's root class and filter conditions.
You can change the filter conditions before starting the Audit to narrow down (or expand) the record selection.
Note!
Remember to click the "Filter" button to apply the changed filter before starting the audit.
Click "Start" to start the audit. At this point, the Audit has started and the user is taken into Audit instance view where one can follow the progress of the Audit instances.
- Once the audit is completed, one can click the "View" button to see more detailed audit results.
Creating a new Scheduled Audit
DCM Auditor role is needed to create an Audit instance.
- Go to DCM Home page and select "Audit" or click the Audit link from the Navigation menu:
- Click "New Scheduled Audit":
Give a name to Scheduled audit instance, select a Blueprint you want to use in the audit
- We recommend "Using latest published version" so that Audit schedules don't have to be updated when new blueprint versions are being created.
- Click Next and define the schedule
- We recommend scheduling audits early in the week, since weekly reporting will work better this way.
Click Next and check the Record selection view. You can modify the filter for Root records just like in the On Demand Audit.
Then click "Add" to create the Scheduled Audit. The new Audit schedule appears on the Audit home page:
You can Edit or Delete the Audit schedule from this list view and run them immediately by clicking "Execute now".
Viewing Audit results
After an Audit instance has been completed, one can view the Audit results from the Audit Instances or Audit Results lists. Results include overall compliance against the blueprint for each root record and more detailed information about each Audit message.
List of Audit instances or Audit results can be accessed from many different places. Mostly, Audit results view is opened from Audit dashboard or from the Audit module's Audit instances list right after an audit has completed.
- Go to DCM Home page and select "Audit" or click the Audit link from the Navigation menu:
And then click "Audit Instances" from DCM Audit top banner and search for the Audit instance you want to View
Click View on the right in order to see Audit results for a particular Audit instance
- Rerun button will run the same audit again immediate (not available for scheduled audits).
- Schedule button allows you to turn on-demand audit into a scheduled one.
- Colored circle with percentage will tell the percentage of highest deviation level, every record has to be 100% compliant in order to see green 100% here
- Audit Instance Results window has two sections: Overview and more detailed Audit results
Top banner tells the Audit instance name, selected Blueprint and when the data audit was completed
Top of the Audit results list has different options for filtering and showing the audit messages + search to narrow down the list
- "Gear" icon on the top right corner will open a couple of settings related to the audit results view
- "Select list view" allows you to change the grouping of Audit messages between Audited records or Blueprint elements
- Load selection will define how many records are loaded at once.
- Audit Results Overview section
The percentage for each deviancy level is showing how many root records had at least one deviation for that level.
In the above example, 4 our of 19 root records had at least one Critical deviation compared to Blueprint
Highest criticality is considered first, so if Root record didn't have any Critical deviations, then Minor deviations are considered next
In this example, 76% of the Root records didn't have any deviations to blueprint and are therefore considered Compliant.
Next to the Overview, we can see the results per Root record.
- In the above example, we can see that "Business Application: Fidelity 401K" both Critical and Minor level deviations and compliant records.
The root record "Business Application: Fidelity 401K" in this case has a majority of messages as compliant, but also has Critical and Minor level deviations against the selected Blueprint
- By clicking the "View Audit Messages", one can see an even more detailed view showing each Unique Audit Message
- Audit Messages list view includes detailed information about the root record against the blueprint.
- This Root record has one Critical message and one Minor deviation
The Critical messages include the actual message with red background
Reference to what is actually missing below: Business Unit reference
And multiple Compliant messages
Compliant and all other types of Audit messages have the same structure as the Critical deviation above
- This Root record has one Critical message and one Minor deviation
- Audit messages can be filtered in the same way as audit results
- Messages can be filtered based on:
- Deviation type to filter out all Compliant messages for example
- Unique Audit Message Status to only show "Open" messages for example
- Audit messages can be sorted from the "arrow" icon. Sorting options include
- Date created - meaning the first time for the finding
- Message text - text usually identifying what is missing
- Real record - the record into which the message is related to
- Result type - what kind of message is in question
- Total weight - showing the most or least impactful audit messages first.
Updating Unique Audit Messages from results view
Since unique audit messages have a status and may be connected to DCM Tasks, the Audit results view can be used to actually work with the messages.
- Different actions are available via the "kebab" icon next to a Unique Audit Message
- Approve deviation - there can always be exceptions to the rules. By approving a unique deviation, you're indicating that even if this is against the agreed data model, it's still OK and no actions are needed. This will update Unique Audit Message's status to "Approved".
- Mark as fixed - should be used when corrective actions are done and other people should be made aware that this is no longer an issue. This will update Unique Audit Message's status to "Fixed". If an audit still finds the same deviation again, it will update the status back to "Open".
- Successfully completing DCM TAsks will also mark related Unique Audit Messages as "Fixed".
- Open evaluated record - will simply open the related real record into a new window, for fixing the issue right away for example
- Show related task - will show a summary of the related task and give you access to open the task into a new window for more info and updating the task.
- Most of the actions will open a new overlay window at the bottom of the audit results view for more information
Viewing audit messages per Blueprint elements
Previously audit results or messages were only grouped by Audited record (aka root record). Since DCM R3.3 it's also possible to group messages based on Blueprint elements. This view was further refined in DCM R4.0.
In the example below, the Audit messages are grouped by 5 classes used in the "Business Applications Demo" blueprint and all related links which are also blueprint elements. You can read more about the Blueprint elements on the /wiki/spaces/DCM/pages/580776653 page.
- In the example above,
- User class has almost all related audit messages marked as Compliant, some with Minor deviations
- Server is "all green"
- Business Application class has been expanded to show more detailed elements such as the class itself and all related links
- Some of the Business Applications are missing the Managed by Group reference while most of the applications have this data available.
- The Blueprint elements view in audit results can give you a quick overview of the problematic data and help in order to fix certain types of deviations all at once.
- You can also open the "Audit Messages" view for a Blueprint element
Audit result types
Audit result type is a more detailed version of the deviation levels. Or in other words, the audit result has a type, which is related to a deviation level.
This list also explains what are the different things that audit will check for each record related to the audited record.
| Audit result type | Audit case type | Deviation level | Description |
|---|---|---|---|
| alternative_link_missing | Link Group | Critical | Alternative link missing |
| field_condition_match | Record | Compliant | Field conditions are matching |
| field_condition_mismatch | Record | Minor | Field conditions not matching |
| duplicate_record_found | Record | Minor | Duplicate record found |
| duplicate_root_record_found | Record | Critical | Duplicate root record found |
| conditions_match | Field condition | Critical | Model conditions are matching |
| conditions_mismatch | Field condition | Minor | Model conditions not matching |
| mandatory_ref_missing | Reference | Critical | Mandatory reference missing |
| mandatory_rel_missing | Relationship | Critical | Mandatory relationship missing |
| min_opt_rel_missing | Relationship | Note | Minimum amount of optional relationship missing |
| non_exclusive_alternative_link_found | Link Group | Minor | Non-exclusive alternative links found |
| not_cohesive_target_record | Link Group | Minor | Not cohesive target record |
| opt_ref_missing | Reference | Note | Optional reference missing |
| opt_rel_missing | Relationship | Note | Optional relationship missing |
| ref_match_defs | Reference | Compliant | Reference correctly defined |
| ref_target_rec_mul_mismatch | Reference | Minor | Reference target record multiplicity mismatch |
| rel_match_rules | Relationship | Compliant | Relationship matching with the relations |
| rel_target_rec_mul_mismatch | Relationship | Minor | Relationship target record multiplicity mismatch |
| req_min_rel_missing | Relationship | Critical | Required minimum amount of relationship missing |
Unique Audit Messages (UAM)
Unique Audit Messages were introduced in DCM R4.0.0. This new message record will group together all the audit messages regarding the same issue. It's quite common that following the blueprint links for different root records will eventually discover the same issues. The purpose of these Unique Audit Messages is to show the current state of audit messages and avoid working on duplicate records or for example creating duplicate remediation tasks based on audit results.
- The audit details view is using the Unique Audit Message records to show the results.
- In the above example,
- A Business Application called "Fidelity 401K" is missing a mandatory reference to Business Unit. This same issue has been found once. And it's found 12 times all together, including other audit instances.
- Please note that if the exact same audit (with schedule or "rerun") is run again, the previously created audit messages will be deleted and only the last messages will remain. This way we avoid creating clutter and get a better understanding of the deviation weight, since simply running the same audit over and over again does not impact the weight.
- Each Unique Audit Messages has a "Number" (ID) and a Status that is used to manage its lifecycle.
- A Business Application called "Fidelity 401K" is missing a mandatory reference to Business Unit. This same issue has been found once. And it's found 12 times all together, including other audit instances.
- Unique Audit Messages can be opened into a standard ServiceNow form view also.
- Usually, Unique Audit Messages are updated via Audit Results view or DCM Tasks, but it's possible to check some additional details and activity log from the form view
- The above example shows a Unique Audit Message which has been marked as Fixed by a user, but found again by the next audit and therefore changed back to Open status.
- This form view also includes related lists showing all
- Related Audit Messages
- and Blueprint versions used for audit
Unique Audit Message Statuses
| Status | Meaning | Usage |
|---|---|---|
| Compliant | All compliant audit messages will also have a status of compliant. | No actions needed for compliant messages. |
| Open | An audit has found a deviation. All non-compliant messages are created into "Open" status. | These issues should be fixed. |
| Fixed | Audit messages had been marked as fixed after some remediation activities. | Can be marked manually or by completing related DCM Tasks. |
| Approved | Approved UAM means that the issue is still there, but it's OK. | No actions needed, this deviation is approved. |
| Expired | Older unique audit message that has not been updated within a given time frame (31 days by default). | System will automatically expire unique audit messages that have not been updated lately. These messages are updated every time when the same issue is found in an audit. Message may expire if it's already fixed and therefore not found by audits anymore or if similar audits are no longer running. Expired status was introduced to DCM in version R4.2. |
Fix deviations in Data Content Planner
Note that you can open the Audited record into Data Content Planner and fix the issues directly from the audit results
Fix deviations by creating a task
Remediation task creation is mainly an automated process, but auditors can also create ad-hoc tasks from the audit results view.
- This action is available when
- Looking at audit results for a single audited record (not per blueprint element)
- And if there is even a single Unique Audit Message listed that is not yet related to any DCM Task
- Ad-hoc task creation is using the "One per audited record" creation method.
- and assigned to the current user by default.
Data limitations for Audit
- DCM application includes two system properties that are used to limit root record counts for audit instances.
- Maximum number of root records allowed for a scheduled audit or an on demand audit
- DCM Admin can change these values according to requirements, but it's recommended to keep the on demand audit limit reasonable.
- On demand audit will not start, if the limit is exceeded
- The scheduled audit will fail if the limit is exceeded. This will show on the Audit instance record and also in the system error log.
Considerations
- Auditing very large data sets can cause temporary performance issues.
- Especially if audited root records have hundreds or thousands of links to other records.
- Default DCM Audit Dashboard may become slow with huge Audit result, Audit message, and Unique audit messages tables.
- DCM application does not delete any records by default, so cleaning up audit tables should be planned according to reporting requirements.
© Qualdatrix Ltd 2021 | All rights reserved.