Auditing for Internal Controls and Regulatory ComplianceSharePoint Auditing DataSync

Auditing of SharePoint lists and libraries is useful for internal purposes, such as tracking progress and performance of a help desk or a document management system, for example. However, auditing is often done because it is mandatory as part of Regulatory and Compliance rules and Record Management.

Organizations are often required to audit items or documents to establish who changed what when and what that change was. Native SharePoint auditing falls short of this requirement in many cases.

Native SharePoint Auditing

The native SharePoint Auditing feature can track many changes on the SharePoint server. In addition to recording configuration changes to the server, it logs events and operations performed on lists and libraries. This type of logging can be useful, but the built-in auditing tool has some serious shortcomings:

Drawbacks of native SharePoint Auditing
  • Not available in SharePoint Foundation.
  • Records that an item was changed, but not what fields were changed or the prior and new values of the field.
  • Does not include Version History
  • Audit logs bloat the SharePoint database
  • Audit logs must be managed and are not easy to use

Native SharePoint Auditing is only available in SharePoint Server or Enterprise, not Foundation. Even with those versions, SharePoint auditing logs do not record details of field changes and therefore cannot be considered a true versioning or regulatory compliance tool.

Crow Canyon’s DataSync and Auditing for SharePoint provides a more thorough way of auditing by including versioning history. DataSync for SharePoint provides important details such as what items were changed, which fields were modified, what the old and new values are, who made the change, and when it was made. The tool works in SharePoint Foundation, Server, and Enterprise editions.

The DataSync tool manages data synchronization and auditing between SharePoint and a database. Version history is retrieved and recorded. This ensures the integrity of content in all lists and libraries and enables the generation of detailed audit log reports.

The DataSync tool puts the audit information into a database, not in SharePoint, so there is no expansion of the SharePoint data storage. With the logs in a database, powerful reporting and auditing capabilities are available using familiar tools, such as SQL Server Reporting Services, Crystal Reports, or even Microsoft Access or Excel.

Authorized managers and system administrators can generate reports from the audit logs in the database. All changes to lists and even the usage of individual users can be audited and managed.

Crow Canyon’s DataSync for SharePoint provides an audit trail that is critical to internal performance reviews as well as regulatory and legal compliance requirements, without the limitations and drawbacks of native SharePoint Auditing.

Creative Commons Attribution: Permission is granted to repost this article in its entirety with credit to Crow Canyon Systems.