Product Review: Audit Trails
One of the announcements at Convergence was the availability of Audit Trails, a new add-on module that helps with Sarbanes Oxley compliance by creating audit trails of selected tables in your Dynamics GP database. Audit Trails was originally written by Merit Solutions, and was OEMed by Microsoft along with Merit's Electronic Signatures product.
Installation
My first test of any add-on to Dynamics GP is to try to install it ad get it working without reading the instructions. Audit Trails failed at this, mainly because of it's non-conformance to the established Dynamics GP user interface guidelines. It also didn't automatically prompt me to create tables when I logged in, so I had to find the install screen before I could use the product. But this issue will probably go away when it becomes part of the main install.
What does it do?
Audit Trails lets you select a list of tables that will be audited. Every time a new record is added, or an existing record is updated or deleted, it creates a backup of the record in a separate database, along with the user id, and the date and time that the record was updated. There is a user interface similar to SmartList that lets you run queries on the audited tables and compare the differences between records.
What doesn't it do?
The first and biggest problem with Audit Trails is that is doesn't let you audit the system (DYNAMICS) database. This database holds the setup information that spans across all of you company databases, which is really the sort of stuff that you should be auditing. The information in the system database includes user details, company details, exchange rates and global security settings. All of which are things that you would generally want to be keeping an eye on. (I'm not familiar with the HR module, but I think quite a few of it's tables are also stored in the system database.)
Another major problem is the inability to stop auditing a table, or to periodically remove records from the audit table. Because you get a new record added to the audit table every time you click on the save button, the audit tables can get very large very quickly. Not being able to back up this table and remove records from it could cause some serious performance issues, especially if you are auditing sales or purchasing transactions. Although I'm sure if I brought this up with Microsoft they would call it a security feature.
There are no options on what you are auditing either. It's all or nothing. You can't only record deletes, or audit sales orders over a certain amount.
Improvements that could be made
In the comparison interface (which is a poor man's SmartList) none of the lists refresh automatically when you select a new option. You have to click on the Refresh button every time, which is annoying. You also can't stop a table from displaying, so if you click on the sales transaction lines audit, you will either have to wait a week for it to finish redisplaying (remember, you can't ever remove anything from this table) or crash out of Dynamics GP.
Throughout the entire product, Dynamics GP table field names are used instead of the display names for these fields. So unless you know that ATYALLOC is actually Quantity Allocated and TRDISAMT is Trade Discount Amount, you may find it a little difficult to get any information out of your audits, which is really the whole point.
When comparing records, you can only compare 2 records. You can't see the entire life of a record. Being able to access the life of record from the data entry or inquiry window or SmartList would also be a nice feature. So you could be looking at a customer record wondering who changed their address, and just select an Extras menu item to find out.
Grouping of related tables would also be useful, so you could see what happened with all of the records associated with a single transaction.
A set of standard audits would also be nice, so you didn't have to wade through all of the tables in your database to set up your audits.
I could go on for quite some time, listing all of the features that this product should have, but I think you get the idea that there is very little functionality in this product and it has been poorly integrated with Dynamics GP.
Why would you buy it?
For the price that Microsoft is asking, I wouldn't buy it. You could achieve exactly the same thing yourself with a couple of SQL triggers. If you want an auditing product that has been finished, there is Auditor from Rockton Software which is an add-on for Dynamics GP, which is cheaper than Audit Trails for smaller installs (the pricing is based on user count). There are also quite a few SQL Server auditing products, which can be expensive, but if you are serious about auditing, then this may be the way to go.
Unfortunately, because of all of the hysteria that surrounds Sarbanes Oxley compliance, a lot of people will probably buy this. Which will be good in the long run, as Microsoft will have to fix all of these issues or continually deal with the support problems that it will invariably cause. Next up, I will be taking a look at Electronic Signatures. I'm not expecting too much.
Installation
My first test of any add-on to Dynamics GP is to try to install it ad get it working without reading the instructions. Audit Trails failed at this, mainly because of it's non-conformance to the established Dynamics GP user interface guidelines. It also didn't automatically prompt me to create tables when I logged in, so I had to find the install screen before I could use the product. But this issue will probably go away when it becomes part of the main install.
What does it do?
Audit Trails lets you select a list of tables that will be audited. Every time a new record is added, or an existing record is updated or deleted, it creates a backup of the record in a separate database, along with the user id, and the date and time that the record was updated. There is a user interface similar to SmartList that lets you run queries on the audited tables and compare the differences between records.
What doesn't it do?
The first and biggest problem with Audit Trails is that is doesn't let you audit the system (DYNAMICS) database. This database holds the setup information that spans across all of you company databases, which is really the sort of stuff that you should be auditing. The information in the system database includes user details, company details, exchange rates and global security settings. All of which are things that you would generally want to be keeping an eye on. (I'm not familiar with the HR module, but I think quite a few of it's tables are also stored in the system database.)
Another major problem is the inability to stop auditing a table, or to periodically remove records from the audit table. Because you get a new record added to the audit table every time you click on the save button, the audit tables can get very large very quickly. Not being able to back up this table and remove records from it could cause some serious performance issues, especially if you are auditing sales or purchasing transactions. Although I'm sure if I brought this up with Microsoft they would call it a security feature.
There are no options on what you are auditing either. It's all or nothing. You can't only record deletes, or audit sales orders over a certain amount.
Improvements that could be made
In the comparison interface (which is a poor man's SmartList) none of the lists refresh automatically when you select a new option. You have to click on the Refresh button every time, which is annoying. You also can't stop a table from displaying, so if you click on the sales transaction lines audit, you will either have to wait a week for it to finish redisplaying (remember, you can't ever remove anything from this table) or crash out of Dynamics GP.
Throughout the entire product, Dynamics GP table field names are used instead of the display names for these fields. So unless you know that ATYALLOC is actually Quantity Allocated and TRDISAMT is Trade Discount Amount, you may find it a little difficult to get any information out of your audits, which is really the whole point.
When comparing records, you can only compare 2 records. You can't see the entire life of a record. Being able to access the life of record from the data entry or inquiry window or SmartList would also be a nice feature. So you could be looking at a customer record wondering who changed their address, and just select an Extras menu item to find out.
Grouping of related tables would also be useful, so you could see what happened with all of the records associated with a single transaction.
A set of standard audits would also be nice, so you didn't have to wade through all of the tables in your database to set up your audits.
I could go on for quite some time, listing all of the features that this product should have, but I think you get the idea that there is very little functionality in this product and it has been poorly integrated with Dynamics GP.
Why would you buy it?
For the price that Microsoft is asking, I wouldn't buy it. You could achieve exactly the same thing yourself with a couple of SQL triggers. If you want an auditing product that has been finished, there is Auditor from Rockton Software which is an add-on for Dynamics GP, which is cheaper than Audit Trails for smaller installs (the pricing is based on user count). There are also quite a few SQL Server auditing products, which can be expensive, but if you are serious about auditing, then this may be the way to go.
Unfortunately, because of all of the hysteria that surrounds Sarbanes Oxley compliance, a lot of people will probably buy this. Which will be good in the long run, as Microsoft will have to fix all of these issues or continually deal with the support problems that it will invariably cause. Next up, I will be taking a look at Electronic Signatures. I'm not expecting too much.
posted by Andrew Brown at
1:10 AM
0 Comments:
Post a Comment
<< Home