By Ohana Focus Team| January 12, 2025 | 19 min read

The go-live celebration is over. Your team has been using Salesforce for six months. Things are... mostly working. Some processes feel smooth, others still frustrating. Staff have developed workarounds for things that don't quite fit. Data is accumulating, but you're not sure how clean it is. This is precisely when you need a Salesforce audit—a systematic review of what's working, what isn't, and what needs attention before small issues become major problems.

In this guide, we'll walk through conducting a comprehensive 6-month post-implementation audit of your Salesforce environment. You'll learn what to review, how to identify problems, which metrics matter, and how to prioritize improvements. Think of this as your Salesforce health checkup; diagnosing issues early prevents costly interventions later.

Why 6 Months Is the Right Timing

Why not audit at 3 months or 12 months? Six months hits the sweet spot for several reasons.

Patterns Have Emerged

At 3 months, you're still in the adjustment period. Problems might be teething issues that will resolve as staff gain confidence. At 6 months, patterns are clear. If duplicate contacts keep appearing, if certain fields consistently remain blank, if reports always need manual correction—these aren't temporary bumps, they're systemic issues requiring fixes.

Sufficient Data for Analysis

With 6 months of data, you can analyze trends. Are gifts being categorized correctly? Is donor communication being logged? Are GAU allocations matching expectations? You need enough history to identify patterns, but not so much time that you've accumulated years of problematic data.

Staff Have Real Opinions

At go-live, staff were nervous and tentative. Now they've used Salesforce long enough to have informed opinions about what's working and what's frustrating. Their feedback is more valuable now than it was during the first month when everything felt overwhelming.

Issues Haven't Become Entrenched

Six months is long enough to identify problems but early enough that bad habits haven't become institutionalized. If you're entering data incorrectly, 6 months of cleanup is manageable. If you wait 2 years, it becomes a major project.

Audit Framework: The Five Core Areas

An effective audit examines five key areas. Don't skip sections—problems in one area often cause issues in others.

1. Data Quality

Data quality issues are insidious. They don't prevent the system from working, but they undermine trust in reports and cause frustration when searching for information.

Duplicate Records

Run duplicate reports for both Contacts and Accounts. How many duplicates exist? Are they obvious (same name, same email) or subtle (slight name variations, different email addresses)? Duplicates usually indicate either inadequate duplicate checking at entry or staff not knowing how to properly search before creating new records.

Duplicate Detection Checklist:

•       Run Contact duplicate report

•       Run Account duplicate report

•       Check if Salesforce duplicate rules are enabled

•       Verify duplicate rules match your matching criteria

•       Review merge history—are staff merging regularly or ignoring duplicates?

•       Ask staff if they're encountering duplicates frequently

Incomplete Records

Which required fields aren't being filled? Run reports showing Contacts missing email addresses, phone numbers, or mailing addresses. Check Opportunities missing campaign attribution or GAU allocations. Incomplete data suggests that either the fields aren't truly required for your workflow or staff need better training on their importance.

Data Consistency

Look at the picklist values being used. If you have a 'Donor Type' field, are staff using values consistently or creating variations? Check text fields for inconsistency—is the same organization entered as 'Smith Foundation,' 'Smith Fdn,' and 'The Smith Foundation' across different records? Inconsistency makes reporting impossible.

2. User Adoption

Technical implementation doesn't matter if staff aren't using the system correctly—or worse, finding workarounds to avoid it entirely.

Login Frequency and Activity

Salesforce tracks login history. Review who's logging in daily versus weekly versus never. Are development officers using Salesforce regularly or still defaulting to spreadsheets? Is gift processing happening in Salesforce or are donations being entered elsewhere first, then copied over?

Target Adoption Rates:

•       Development Staff: Daily logins to log donor interactions and review portfolios

•       Gift Processors: Multiple logins per day during processing hours

•       Leadership: Weekly checks of dashboards and reports

•       Red Flag: Staff not logging in indicates avoidance or workarounds

Feature Utilization

Which features are being used and which are ignored? Check if Tasks are being created for donor follow-ups or if that's still happening in email. Are Campaigns being used to track fundraising appeals? Unused features suggest they weren't properly trained, don't fit the workflow, or staff don't understand their value.

Shadow Systems

The most dangerous adoption problem: staff maintaining separate systems alongside Salesforce. Are gift officers keeping personal spreadsheets of their portfolios? Is communications still pulling mailing lists from an old Access database? Shadow systems create data divergence and defeat the purpose of implementing Salesforce.

3. Security and Permissions

Security issues often go unnoticed until there's a problem. Six months is a good time to ensure you haven't been too permissive during implementation.

User Access Levels

Review each user's profile and permission sets. Does everyone truly need the access they have? Implementation often grants broad permissions to avoid blocking work. Now that workflows are established, tighten access. Does the communications coordinator really need to edit gift amounts?

Security Red Flags:

•       Former employees still have active accounts

•       'Admin' credentials shared among multiple people

•       No field-level security on sensitive donor data

•       All users can view and edit all records

•       MFA not enforced for administrators

•       Generic 'shared' user accounts for multiple staff

4. System Configuration

Initial configurations that seemed right at go-live may need adjustment based on actual usage.

Custom Fields

Review all custom fields. Are they all being used? Organizations often create fields 'just in case' during implementation. If fields remain consistently blank after 6 months, either staff don't understand their purpose or they're unnecessary. Unused fields clutter the interface and confuse users—consider removing them.

Page Layouts

Are page layouts optimized for how staff actually work? During implementation, you might have included every possible field. Now that usage patterns are clear, streamline. Move rarely-used fields to separate sections. Promote frequently-needed fields to the top.

Validation Rules and Workflows

Review validation rules. Are they preventing bad data or just frustrating staff? A validation rule that blocks gift entry might be catching errors—or might be forcing staff to enter fake data just to get past the validation. Balance data quality goals with practical workflow needs.

5. Reports and Dashboards

Reports are how you extract value from Salesforce. If reporting isn't working, Salesforce isn't working.

Report Usage

Salesforce tracks which reports are run frequently and which are never used. Review report run history. Are the reports you thought would be valuable actually being used? Are staff creating their own ad-hoc reports constantly because standard reports don't meet needs?

Report Accuracy

Spot-check key reports against known data. Does your year-to-date revenue report match accounting records? Does your major donor list include people you know are major donors? Report inaccuracies usually stem from filters that are too broad or narrow, incorrect field selections, or a misunderstanding of Salesforce's reporting logic.

Dashboard Relevance

Review dashboards with the people who use them. Are they showing meaningful metrics or just pretty charts? Dashboards should drive action. If a dashboard doesn't prompt anyone to do anything differently, it's decorative—not functional

Conducting the Audit: Practical Steps

Now that you know what to review, here's how to actually conduct the audit.

4-Week Audit Timeline

Week 1: Data Analysis

Run reports on data quality—duplicates, incomplete records, data consistency. Review Salesforce usage statistics and login history. Export key datasets for analysis. Focus on quantitative assessment before gathering qualitative feedback.

Week 2: User Interviews

Schedule 30-minute sessions with representatives from each role—gift processors, development officers, leadership, communications staff. Ask about pain points, workarounds, and wished-for features. Listen more than you explain.

Week 3: Configuration Review

Systematically review custom fields, page layouts, validation rules, workflows, permissions, and security settings. Check integration logs. Test key processes end-to-end. Compare actual configuration against documented requirements.

Week 4: Synthesis and Reporting

Compile findings into prioritized recommendations. Categorize issues as Critical (breaks functionality or major security risk), Important (causes friction but workarounds exist), or Nice-to-Have (improvements that enhance experience).

Who Should Conduct the Audit?

Ideally, someone who wasn't deeply involved in the initial implementation. Fresh eyes catch issues that implementers might overlook. Options include:

• External consultant: Most objective perspective and brings experience from other implementations. Cost: $3,000-$8,000 for comprehensive audit.

• Internal Salesforce admin: If you have an internal admin who wasn't the primary implementer, they can conduct the audit. Advantage: deep knowledge of your organization.

• Blended approach: Internal admin conducts technical review, external consultant facilitates user interviews and provides objective assessment.

Common Findings: What Audits Typically Uncover

While every organization is unique, certain issues appear in almost every 6-month audit.

Duplicate Management Breakdown

Even with duplicate rules enabled, duplicates accumulate. Staff create new records instead of searching because searching feels slow or unreliable.

Fix: Tune duplicate rules to balance catching duplicates without blocking legitimate work. Train staff on effective search techniques. Establish a monthly duplicate cleanup protocol.

Inconsistent Data Entry Conventions

Without clear standards, staff enter similar data differently. Organizations get entered as accounts sometimes, contacts other times. Some gift processors enter tributes in a specific field, others in gift notes.

Fix: Document data entry standards. Create visual quick-reference guides showing exactly how to handle common scenarios. Conduct refresher training focused on consistency.

Over-Reliance on System Admin

Staff are still going to the system admin for tasks they should handle themselves—running simple reports, updating contact information, creating tasks. This bottlenecks work and prevents staff from becoming truly proficient.

Fix: Empower staff with additional training on self-service tasks. Document procedures for common admin requests. Designate power users in each department to be first-line support.

Unused Customizations Creating Clutter

Fields, record types, or processes created 'just in case' during implementation remain unused, cluttering interfaces and confusing staff.

Fix: Remove unused fields and simplify layouts. If uncertain whether something is used, hide it rather than delete it. Simpler is better.

Reports That Don't Answer Real Questions

Standard reports were created based on anticipated needs, but actual questions are slightly different. The 'major donors' report uses an arbitrary $1,000 threshold when your organization considers $2,500+ major gifts.

Fix: Rebuild reports to match how staff actually think about the data. Small definition changes dramatically improve the report's usefulness

Recommended Audit Tools

Salesforce Optimizer: Built-in tool that analyzes your org and suggests improvements. Free, runs in minutes.

DLRS: If using complex rollup summaries, DLRS helps understand what's configured and spot performance issues.  

Workbench: Developer tool for querying data and examining configuration. Useful for deeper technical analysis. 

Salesforce Health Check: Free tool that assesses security settings and identifies risks. This takes 5 minutes.

Prioritizing Improvements: The Fix Triage Framework

Your audit will uncover dozens of issues. You can't fix everything immediately. Prioritize based on impact and effort.

Critical: Fix Immediately

Examples: Security vulnerabilities, data corruption issues, broken integrations causing financial discrepancies, validation rules blocking critical workflows

Timeline: Within 2 weeks

Important: Address in Next 1-3 Months

Examples: Duplicate accumulation, inconsistent data entry, missing reports, excessive permissions, automation opportunities

Timeline: Prioritized project work over next quarter

Enhancement: Nice-to-Have Improvements

Examples: Page layout optimization, additional fields for nice-to-have data, dashboard beautification, advanced features not currently used

Timeline: Backlog for future consideration

Creating Your Audit Report

Document findings in a structured report that serves as both record and action plan.

Executive Summary

One page highlighting overall health assessment, top 3-5 critical findings, highest-impact recommendations, and estimated effort to address priority issues. Leadership should understand the situation in 5 minutes.

Detailed Findings by Category

For each audit area (Data Quality, User Adoption, Security, Configuration, Reporting), provide:

•       Current state assessment

•       Specific issues identified with examples

•       Impact on operations or user experience

•       Recommended fixes with estimated effort

•       Priority level (Critical/Important/Enhancement)

Sample 6 Month Salesforce Audit Finding Format:

Post-Audit: Implementing Improvements

An audit without follow-through is wasted effort. Here's how to ensure improvements actually happen.

Secure Buy-In and Resources

Present audit findings to leadership and get explicit support for addressing priority issues. This might mean approving a budget for consultant help, allocating administrator time away from other projects, or adjusting timelines for other initiatives.

Create an Improvement Backlog

Use a project management tool (even a simple spreadsheet) to track audit recommendations. List each issue, its priority, owner, target completion date, and status. Review progress weekly.

Communicate Changes to Users

As you implement fixes, tell users what changed and why. 'We heard feedback that duplicate checking was too strict—we've adjusted the rules to be more flexible.' When staff see their feedback leading to improvements, they engage more constructively with future changes.

Schedule Follow-Up Reviews

Set checkpoints at 30, 60, and 90 days post-audit to review progress on priority items. Don't let the improvement plan stall. If certain fixes aren't happening, understand why and adjust.

Plan Your Next Salesforce Audit

Make audits regular, not one-time events. Schedule the next audit in 12 months. Regular audits normalize continuous improvement and prevent problems from accumulating unnoticed for years.

Partner with Ohana Focus

Professional Salesforce audits that identify issues and prioritize improvements.

Ohana Focus specializes in comprehensive Salesforce audits for nonprofits. Our consultants bring objectivity, technical expertise, and experience from hundreds of implementations.

Our audit process includes:

•       Complete technical review of configuration, data quality, and security

•       User interviews across all roles

•       Usage analysis and adoption assessment

•       Integration health checks

•       Prioritized recommendations with effort estimates

•       Detailed action plan with timeline and owners

We deliver findings in a clear, actionable report that serves as your roadmap for optimization. And we can help implement priority recommendations if you need support beyond the audit.

About Ohana Focus

Ohana Focus is a certified Salesforce consulting partner specializing in nonprofit CRM optimization. We understand that implementation is just the beginning, ongoing monitoring and optimization ensure Salesforce continues delivering value as your organization evolves.

Our team has conducted audits for organizations ranging from grassroots nonprofits to major institutions. We know the common pitfalls, understand nonprofit workflows deeply, and bring perspective from seeing what works (and what doesn't) across hundreds of implementations.

When you work with Ohana Focus on a Salesforce audit, you get an objective assessment unclouded by implementation involvement, expertise in nonprofit-specific Salesforce configuration, practical recommendations grounded in real-world experience, clear prioritization that respects resource constraints, and support implementing improvements if you need it.

Topics: Salesforce Audit, Salesforce Health Check, Data Quality, System Optimization, User Adoption, Post-Implementation, Nonprofit CRM