When creating a new application, one of the aspects to consider is auditing your data. Remedy provides a easy-to-use solution to create audit forms quickly. But those audit forms can be very simple or very complex. Some best practices can be applied to easy create an outstanding audit system.
In this post I will show you an audit strategy that allows you to take the most of your ARS system.
Planning your audit needs
The first question you must make to yourself is: “Why I need to audit the data?” The most common answers are:
- Because I need to track user’s modifications.
- Because I need to automate some statistics or workflow about data changing.
The answer to this question defines the type of audit you must configure:
- Log audits are designed to be human friendly.
- Full audits are designed to be computer friendly.
For instance if you want to compute a KPI about assignment changes based on audit, is easier to do on an full audit, instead of a log audit. But log audits are easier to read by users.
My recommendation is to always choose log audits and compute statistics or planned workflow on audit by other means. For instance, the previous KPI can be done in another form, a Remedy KPI or other ways.
How many audit forms do I need
Remedy allows you to select the audit form for each form. Thus, you can share the same audit form with many forms, or you can use an independent audit form for each form. Even when the audit form is shared, information is not messed, since the name of the form is available. So, I think that it is a better choice to use only one log audit form and share it for all forms in your application, because there is no payoff and you get a benefit: a consolidated audit between forms. That means, for instance, that you can track one user activity between forms, and see that just after a invoice was created, the detail lines started to be created (both items belonging to different forms).
I said that there is no payoff of using only one audit form… well this is not 100% true, but we can make it true. The counterpart of it is that users can be lost inside that amount of data.
Customizing the audit form
Remedy has a lot of constraints regarding audit forms. You can’t add new data fields or workflow that modifies the audit. There are good security reasons for it. But, allowing workflow that computes data also provides some good tools and possibilities like:
- Computing the login name of the user and store the full name and contact details.
- Change the action field to a selection fields, showing the actual action instead of a number (like “Modification” instead of the number 2).
- Change the form name to a user friendly name (from “GF:TRR:InvoiceLineAsset” to “Asset Reference in an Invoice”)
- Compute dynamic group security fields to allow or deny access to the audit.
You can achieve the most of these objectives by using active links and display-only fields, but you won’t allow your users to search by surname or user location. There is a way to allow you to “customize” the audit form to your needs: create a new regular form and copy the contents of the audit form:
- Create a new form, the “customized audit”.
- Include all fields of the original audit you want to process, typically: user, audit date, action, fields changed, log, key fields, original entry id and form
- Create a filter associated with the original audit form that pushes all these fields to a new request at the customized audit form.
Now you have two audit forms, the actual one and the copy. And now you are free to customize your copy, creating as many fields and filters as you need that will fire at submit.
The next figure summarizes the concept:
Accessing each audit separatelly
My recommendation is to include at every form that is using this shared audit, a table pointing to the customized audit form with the qualification limiting the results to the current form and current request like: (‘Form’ = “TR:FFG:Invoice”) AND (‘Original Entry ID’ = $Request ID$)
You can include computed fields like the user full name, to enhance the usability of the form.
Creating an audit manager
My last recommendation is to create a display only form that includes the next elements:
- A set of fields to select search criteria like user, form, action or changed field.
- A set of hidden fields that will be filled when the user completes some search criteria with an additional qualification sentence.
- A table field showing the customized audit form requests, with the qualification plenty of EXTERNAL clauses related to the hidden fields.
- A button called “Search” that refreshes the table.