The DCM Blog

Audit Alert Correlations – Unique Audit Messages

By Mikko Juola

September 18, 2019
Road Signs

By installing the Data Content Manager (DCM) application into your ServiceNow environment, you can audit your service data against best practice blueprints or blueprints you have created yourself.

Because the same data is audited by several, sometimes scheduled and repetitive blueprint audits, a single error in your data can cause multiple audit alerts. By removing the error’s root cause, all alerts related to those multiple blueprints can be resolved at once.

So, instead of analyzing all audit alerts one-by-one, wouldn’t it be nice, if audit logic could recognize the error root cause automatically for you?

This is now a reality. DCM audit functionality can analyze all detected audit messages and create a unique audit message for every detected ?root cause?. Original audit messages are linked with the unique audit message and therefore it is easy to resolve all caused audit messages by one click. And this, of course, saves your time, resources and money but what is even more important, shortens your data error resolving time.

“Instead of analyzing all audit alerts one-by-one, wouldn’t it be nice, if audit logic could recognize the error’s root cause automatically for you?”

In this blog, I will explain how all this works and show you some examples of Unique Audit Messages. First, let’s have a look at a User data model (blueprint) that is then used for auditing User records.

Example Data Model for Users

Example Blueprint User data model connecting single users to managers and organization structures.

In the example data model, we have:

  • Users connected to Departments
  • Departments should have Managers (department head)
  • And the Department Heads should be connected to a Company
  • Users are also connected to their Managers
  • And Managers connected to Companies
  • And finally, Users also connected directly to Companies

So, we have three different “User to Company” connections in the data model. Next, we will run an audit against this data model.

 

Example data for our audit

Let’s imagine we have a very simple and symmetric organization with:

  • 100 people (Users)
  • 10 Departments
  • 10 Teams with a manager and 9 other people
  • One of the teams is a management team that manages all departments and other teams
  • And all these people should belong to three different Companies (as different legal entities)

At this point, the Company connections are missing for all users, so let’s see how the data could look like on top of the blueprint.

Audit results

Next, let’s start looking at audit results for some of the audited root records. We will increase audited records as examples move forward, but let’s start with one.

Single User Record

Single User record on top of the blueprint. Single User record on top of the blueprint.

In the previous picture, we have a single user “MJ” who is connected to “DEV” Department and has another User “AL” as his manager. The “DEV” Department has a manager called “JP” and all these Users are missing their connection to Company.

When auditing this single user record “MJ”, we get three audit messages about missing company links:

  • MJ is missing Company
  • AL is missing Company
  • JP is missing Company

Also worth noting is that the link between User and Company is actually the same Blueprint element, even though it is used in different parts of the blueprint. The concept of Blueprint elements is part of figuring out which audit messages are unique.

Two User Records

Now, we add another root record (another User) to the audit.

UAM Two Users Two User records audited against the same blueprint.

For “MJ” we have the same audit messages as before and when auditing a new User “AB” we get these new non-compliant audit messages:

  • AB is missing Company
  • HU is missing Company
  • JP is missing Company

Because both “MJ” and “AB” belong to same the Department, the missing manager for “DEV” Department is reported twice. This is a simple example of a Unique Audit Message. The same deviation has been found twice since two different users belong to the same Department that has a Department Head “JP” without a Company.

More Users

Next, we add two more users as root records “AL” and “JP”. Note that we have already come across these records as Manager for “MJ” and Department Head for “DEV”.

UAM More Users More users to be audited, more duplicated audit messages.

We already discovered earlier that “JP” and “AL” as missing the Company connection. Now when those records are used as root, the same audit messages are created again. In this example, “JP” and “AL” belong to the same department “MG” that is missing a department head. And “JP” is also missing a manager.

Without listing all the new audit messages, we have now discovered the same issues several times and we want to avoid flooding reports and task creation engine with repeating “events”, so to say. Instead of filling reports with duplicate messages, we use the duplication information a “weight” value on each unique audit message. To give some example:

  • “MJ” missing Company reference has been found once, so weight value is 1. Same thing for “AB”
  • “JP” missing Company reference has been found already four times, so weight is 4.
  • “AL” is “MJs” manager and therefore missing company info discovered twice etc…
  • Two users are connected to the “MG” department which doesn’t have a manager, so this deviation has a weight of 2.

Now imagine that you have an organization of 100 people and two of the departments don’t have a manager or the selected manager is no longer working for the company. Impact of related missing information can be bigger than single reference missing from the root record.

The point of the Unique Audit Message is to give real-time information about the data quality with a weight value to help to prioritize corrective actions. In DCM application, the Unique Audit Messages also have a lifecycle meaning that messages can be marked as Fixed or Approved depending on the case. And the status may change according to future audit results.

Better view of your data quality and what to focus on next

The blueprint-based audit and using blueprint elements to define which audit messages are unique and what is their impact, we can easily come up with reports showing what you should fix first in order the get the biggest impact to our overall data quality.

UAM Top 10 Charts Top10 Blueprint Elements and actual records with most weight from bad data.

From the charts above, we can see that the Department called “Sales” has the most weight from bad data. Maybe we should check that Department record first. When Unique Audit Messages are grouped by Blueprint Element, we can see that most weight is put on Business Units missing the Company relationship. So, that another good candidate for getting your overall data quality into better shape.

In the next image, we can see an example of an actual audit result and list of Unique Audit Messages based on User data audit with DCM.

 

UAM Actual Audit Messages Actual DCM audit messages for a single audit instance.

 

Compliant messages (6) has been filtered out from the previous image and you can see that in order to get “Henrik” User record fully compliant with the blueprint, you should add Business Unit to “Consulting” Department, make sure that new Business Unit is connected to a Company and to fix the optional deviation also linking “Henrik” user record directly to a company.

Creating remediation tasks from unique audit messages

Now that we have Unique Audit Messages that also include a lifecycle (or status), we can use these records to create tasks to responsible persons or groups to fix the issues.

Task creation can happen automatically based on certain rules or manually from audit results. In the previous image, you might have noticed a “Create Task” button. That would create a single task to fix all the non-compliant messages identified for “Henrik” user record which are not connected to a task yet. This ad-hoc task creation will assign the task to the current user, but he or she can, of course, reassign it to another person or a group.

These remediation tasks are a very efficient way to keep track of required data fixes, get more people involved into data management activities and do it as a continuous process instead of twice per year data clean-up projects.

Thanks for reading! To find out more about Data Content Manager, please get in touch with us or book a demo!

Mikko Juola

Mikko Juola

Chief Product Officer at Qualdatrix

LinkedIn

Built on now

Featured Posts

5 Challenges to Address for Better CMDB Data Quality

5 Challenges to Address for Better CMDB Data Quality

Comprehending the impact of CMDB Data Quality, especially its absence, can be difficult. It is a big problem since poor data quality is often the main reason ITSM systems, like ServiceNow, don’t meet expectations. We are deeply involved with data quality daily. Our...

How LapIT Improves CMDB Data Quality with DCM

How LapIT Improves CMDB Data Quality with DCM

LapIT designs and implements solutions for information and communication technology environment services in Northern Finland. Their customers are mainly municipal, public administration, and healthcare organizations. We interviewed Leena Broas, Development Manager at...

Video: How to Improve Foundation Data in ServiceNow and CSDM

Video: How to Improve Foundation Data in ServiceNow and CSDM

In this video, Pekka Korpi, CEO of Qualdatrix, and Mikko Juola, Product Owner of Data Content Manager, discuss the importance of Foundation data in ServiceNow and how it can be improved using Data Content Manager. Foundation Data in ServiceNow refers to the critical...

Build a Business Case for Data Quality Improvement

Build a Business Case for Data Quality Improvement

Accurate and reliable data is the backbone of any successful organization. Countless data quality improvement projects are started across organizations since poor data quality can lead to misinformed decisions, wasted resources, and lost opportunities. On the other...

How Metsä Group Improves Data Quality with DCM

How Metsä Group Improves Data Quality with DCM

Metsä Group uses Data Content Manager to improve data quality in their CMDB. We had a chance to interview Mika Lindström, the ICT Configuration Development Manager at Metsä Group. Thanks, Mika, for joining us. Metsä Group are an internationally operating frontrunner...

How to use CSDM to Improve Incident Management

How to use CSDM to Improve Incident Management

It’s been a while since this article was originally published, so I thought it would be time to update it to reflect changes to the CSDM model and our latest thinking. We published this article first in 2020 when ServiceNow’s Knowledge event included the first...

How CMDB Supports Regulatory Compliance at Danske Bank

How CMDB Supports Regulatory Compliance at Danske Bank

Data Content Manager improves data quality within an organization’s CMDB, reducing manual and disparate work for data quality maintenance. This increase in data transparency and ease of data management helps companies to achieve and maintain regulatory compliance,...

Get Started

Book a Call with us Now.

 

Explore how Data Content can enhance the quality of your data in ServiceNow. See how you can accelerate your CSDM journey and improve your CMDB or any data in your platform. All without the need for scripting, additional reports, or customizations.

 

Related Content You Might Like:

CSDM

The Recipe For Success eBook

Contents:
  • Establish Ownership & Roles
  • Manage Your Scope
  • Choose the Right Tools

We talk to people about CSDM alignment every day and constantly see organizations struggle with the same things over and over again. We wrote CSDM - The Recipe for Success to share our experiences.

It gives you hands-on guidance on some of the most important things you must address on your CSDM Journey, regardless of your maturity level.

CSDM The Recipe for Success eBook

Get Your Free eBook