Sr. Consultant @YASH Technologies
How to conduct a Microsoft Dynamics CRM Application audit?Last updated on August 28, 2019
In many organizations, Dynamics CRM has grown and developed beyond a Rolodex and has become a key system to track key prospect, inventory,customer, and personal data. Any time an application is used to store high-risk or critical data, the auditors are going to check the controls in place around that data.
As CRM evolves into XRM, more and more companies are now maintaining inventory, orders and payments inside the CRM system. Risk is inherent in such transactions and is mostly related to fraud, privacy, misappropriation and financial misstatements. Controls need to be developed to mitigate these risks. These controls might be application security, database security, or processes outside of Dynamics CRM.
What to do when auditors are coming? As a starting point, focus on the following 3 key focus areas.
- First: Find It in Order to Fix It – First know, who has access to Dynamics CRM. Set up a process to review access permissions on a periodic basis. Clearly define a report that shows the users and the access that each user has.
- Second: Change Tracking Doesn’t Have to slow system performance- Monitor the changes to the data. We not only need to understand who has access to the data but what they did with that access.
- Finally: Resources: Monitor when users are being added and disabled in Dynamics CRM. To make sure that there are no unauthorized or orphaned users in the system, tie the CRM access report
What is a CRM audit?
A CRM audit enables you to review the effectiveness of Dynamics 365 CRM implementation. These audits can vary in scope and depth. Some important differentiators are mentioned below:
- Data audit: This audit focuses on the data accuracy contained within the CRM and may also assess the quality and depth of data or its accuracy ( Cleansing & De-Duplication with specified matching rules to avoid repeated customers and maintain a clean data across the eco System by ensuring the quality of data). Another technique for checking the accuracy of data over time is to look at the rate of decay.
- Usage audit: It is an established fact that sales teams that use CRM data are more effective in generating business. Usage audit looks at how regularly sales teams are using CRM using the usage report. It also checks how often data is being entered into CRM.
- Fit-for-purpose audit: There are many ways a Dynamics 365 CRM can be set up, and it can be customized as per the industry and verticals we are dealing with. An audit to check on how the CRM configuration meets business needs is very common, and fit-gap analysis should be undertaken at specified intervals to meet the ever-changing business needs and problems.
- Effectiveness: Most importantly, a Dynamics 365 CRM audit will provide pointers on the overall effectiveness of a CRM. This involves reviewing the reasons for implementing the CRM for an organization.
Processes to be considered during the CRM audit
A CRM audit should include the following:
- Review plans: Original rationale for CRM implementation, including information on key metrics critical for evaluating the CRM effectiveness.
- Data assessment: Data quality review and how data is processed.
- Gaps: Identify gaps between current CRM capabilities and future needs.
- Utility: An assessment of key information in the CRM so that the most leveraged data can be highlighted, and its importance reiterated.
- Results: Impact of CRM on top-line i.e. sales and customer churn.
- Employee satisfaction: Employee satisfaction with the CRM and overall utilization of the system by employees.
- Business metrics: A review of business metrics related to CRM usage, like the average time to close a lead.
- Project management: The audit may touch on CRM projects like ongoing improvements or the quality of periodic reviews.
- Governance: The processes are put in place to ensure that the CRM meets regulatory obligations (like GDPR in Europe).
- Reporting: Effectiveness of the reporting system to provide useful and actionable data.
The steps of a CRM audit
- Review last assessment of implementation documentation
- Data assessment
- Usage review
- Regulatory requirements
CRM evaluation checklist
Here is very simple CRM evaluation checklist. It can serve as a framework, and areas most pertinent to your business can be fleshed out in more detail.
CRM audit checklist
Is data being captured accurately?
Is data being captured at the appropriate time?
Does the data support business objectives?
Does the data support regulatory objectives?
Are users using the CRM as intended?
Is the consistency of use supporting business goals?
Is the quality of use supporting business goals?
Do users find the system useful?
Do users feel the system supports business goals?
Are users experiencing problems with the CRM?
Do users want to see specific improvements?
Are all CRM integrations working?
Are there CRM updates that need to be implemented?
Are there other integrations that may suit the CRM better?
Are the reports supporting business objectives?
Are the reports delivering the required information?
How can the reporting process be improved?
Does the CRM support compliance requirements?
Please list recommendations below including level of urgency.
A CRM audit is often seen as a technical process that evaluates the effectiveness of a CRM . The audit should check whether the CRM supports business goals and recommend ways for improvement. Happy auditing!