Salesforce Org Audit Guide

WHY SALESFORCE ADMINS SHOULD AUDIT BEFORE THEY CHANGE ANYTHING.

Most Salesforce mistakes happen after changes are made without enough visibility. Learn how a structured audit helps admins prioritize cleanup, permissions review, automation review, and record-readiness before making changes.

Read-only diagnostics · Review-ready workbooks · No package install · No Connected App

Every Salesforce admin eventually faces a moment where the org needs to change. A field cleanup project. A data migration. A permissions review. A new automation. An inherited org with no documentation and too many open questions.

The instinct in those moments is to start making changes. The more reliable approach is to run a Salesforce org audit first.

A structured audit is not a lengthy engagement or a prerequisites checklist from a consultant. It is a focused, first-pass diagnostic that gives you the visibility to prioritize work, identify risk, and make changes with confidence rather than guesswork. Independent consultants and fractional admins can run the same diagnostic as client discovery workbooks before scoping a project.

This guide covers why the audit-first approach matters, what to review across fields, permissions, automation, and object-readiness, and how to turn findings into a review process that actually supports change work.

The Problem With Changes

WHY CHANGE CREATES RISK.

Salesforce configuration changes feel straightforward in isolation. Delete a field. Modify a permission set. Deactivate a flow. Import a batch of records. Each action looks contained from the outside — but in a mature org, those actions interact with systems that were never fully documented.

Cleanup projects remove fields that are still referenced by reports, dashboards, or formulas. Permission changes break access patterns that users depended on but no one explicitly set up. Automation edits interfere with flows that share trigger objects. Data migrations fail because required fields, restricted picklists, or validation rules were not identified before the first record loaded.

The problem is not that the changes were wrong. The problem is that they happened without enough visibility into what the org was actually doing.

The cost of fixing a bad change is always higher than the cost of reviewing the org before making it.

A structured Salesforce org audit gives you that visibility. It does not eliminate all risk, but it surfaces the review candidates, constraint patterns, and access signals that make informed decisions possible.

The Visibility Gap

MOST ORGS HAVE VISIBILITY PROBLEMS.

Salesforce orgs grow in layers. Each admin, each project, each integration, each consultant adds configuration without always removing what came before. Over time, this produces an org that is difficult to reason about: fields with unclear ownership, permission sets with no assigned users, automation that runs on every record save without anyone knowing why.

This problem is especially visible in inherited Salesforce orgs, where the original configuration decisions were made by people who are no longer available to explain them. But it appears in mature orgs too — even ones where the admin has been in place for years. The org grows faster than documentation can keep up.

Common visibility problems across Salesforce orgs include:

  • Fields that appear unused in layouts but still carry data or appear in reports
  • Permission sets assigned to users that have never been reviewed for over-privilege
  • Flows with no description, unclear ownership, or unknown interaction with other automation
  • Required fields, restricted picklists, or validation rules that were never documented
  • Apex triggers on high-volume objects with no record of what they do
  • Profile-level access that contradicts the intended least-privilege configuration

A Salesforce org assessment does not fix these problems. It gives you a review-ready picture of them so that cleanup, permissions work, and automation changes can be sequenced correctly.

Start Here

AUDIT FIELDS AND OBJECTS FIRST.

Fields are the foundation of every Salesforce cleanup project. Before any field is removed, restructured, or consolidated, you need a working picture of what is actually in use — not what appears to be in use from a layout inspection.

A field and object audit surfaces fill rates, layout coverage, field-level security visibility, and object usage signals. These findings help separate fields that are genuinely unused from fields that are low-traffic but still referenced by reports, automation, or integrations.

The Salesforce field cleanup checklist covers the review steps most cleanup projects miss before they start removing fields.

What a field and object audit surfaces

  • Field fill rates — how much of the field population carries data
  • Layout coverage — whether the field is visible to users or hidden from view
  • FLS exposure — which profiles and permission sets can see or edit each field
  • Low-usage fields — candidates for review, not automatic removal
  • Unused fields — fields with no data and no layout coverage to prioritize for cleanup review
  • Object-level data quality signals — required field coverage, fill gaps, and scoring

The output of a field audit is a review-ready workbook, not a delete list. Every cleanup decision still requires validation with business owners, reporting owners, and automation owners before action is taken.

Relevant Workbook

Field & Object Audit

Field & Object Audit produces a review-ready workbook covering fill rates, field definitions, layout coverage, FLS visibility, and cleanup candidates for selected Salesforce objects. A first-pass diagnostic for any cleanup project or org assessment.

Access Review

AUDIT PERMISSIONS BEFORE CLEANUP.

Permissions are one of the most overlooked areas before a Salesforce cleanup project or org assessment. Most admins know which profiles exist. Fewer have a clear view of which permission sets are assigned, which users have over-privileged access, and which field-level security configurations create unintended exposure.

Running a Salesforce permission audit before cleanup work surfaces access patterns that interact with the changes you are planning. Removing a field that sensitive profiles can edit requires reviewing FLS before removal. Modifying automation that interacts with restricted records requires understanding who has access to those records first.

A permissions diagnostic covers the access picture across profiles, permission sets, and field-level security in a single reviewable report.

What a permission audit surfaces

  • Profile permissions — object and field access across all active profiles
  • Permission set coverage — which users have which permission sets assigned
  • Over-privileged access — profiles or permission sets with broader access than their role requires
  • Field-level security exposure — which fields are readable or editable by which access paths
  • Unassigned permission sets — permission sets with no active user assignments
  • Admin-only fields — fields that may affect sensitive operations if access is inadvertently broadened

A permission audit does not produce a list of what to remove. It produces a structured review of access patterns so that cleanup and restructuring decisions are made with the full access picture visible.

Relevant Workbook

Permission & FLS Audit

Permission & FLS Audit maps profile permissions, permission set assignments, object access, and field-level security into a review-ready workbook. Surfaces over-privileged access, FLS exposure, and permission stacking patterns across your org.

Automation Review

AUDIT AUTOMATION BEFORE MODIFYING PROCESSES.

Salesforce automation accumulates faster than it is documented. Active Flows, Apex triggers, validation rules, approval processes, and workflow rules each operate on their own schedule — and in a mature org, several may share the same trigger object without any single person knowing all of them.

Before modifying a business process, deactivating automation, or making record changes that may affect automation behavior, understanding what automation is present is a prerequisite. Automation that was not identified before a change may run when you did not expect it to, or may stop running when something that depended on it is altered.

An automation inventory is a first-pass diagnostic — it catalogs available metadata across active automation types, flags legacy automation candidates, and surfaces areas where documentation or governance gaps exist.

What an automation inventory surfaces

  • Active Flows — flow metadata catalogued by object, trigger type, and category
  • Apex classes and triggers — available metadata across class types and trigger objects
  • Validation rules — active rules by object, with error condition and field references where available
  • Approval processes — active approvals catalogued by object and entry criteria
  • Legacy automation candidates — older automation types flagged for modernization review
  • Name-similarity review candidates — automation entries that may represent duplicates or overlap

The output is a review-ready workbook, not a remediation plan. Identifying which automation matters for a specific change still requires business context and owner input — but you cannot have that conversation without first knowing what automation exists.

Relevant Workbook

Automation Inventory

Automation Inventory catalogs available Salesforce automation metadata across Flows, Apex classes, triggers, validation rules, and approval processes into a review-ready XLSX workbook. Built for admins who need to understand what automation exists before making changes.

Import & UAT Readiness

AUDIT RECORD READINESS BEFORE IMPORTS AND UAT.

Data migrations and UAT cycles are among the most common places where change-without-visibility creates real cost. A failed import, a blocked record creation, or a batch of test data that triggers unexpected validation errors all trace back to the same root cause: the object configuration was not reviewed before records were created.

Salesforce objects carry constraints that are not visible in a typical admin review. Required lookups are not always obvious. Restricted picklists block record creation when external data does not match the controlled value list. Validation rules may affect specific record types or condition combinations. Active triggers and flows may run on insert in ways that create unexpected downstream behavior.

An object readiness diagnostic surfaces these constraints before the first record is loaded — so that imports and UAT cycles are structured around what the object actually requires, not what it appeared to require from a quick Setup review.

Object readiness factors to review before import

  • Required fields
  • Required lookups
  • Record types
  • Restricted picklists
  • Validation rules
  • Apex triggers
  • Formula and read-only fields
  • Flow metadata where available
  • Import readiness review
  • UAT test data review

Relevant Workbook

Automation Impact Awareness

Automation Impact Awareness analyzes selected objects to surface required fields, required lookups, record types, restricted picklists, validation rules, Apex triggers, and flow metadata where available — before imports, UAT cycles, or configuration changes begin.

Turning Findings Into Action

TURN FINDINGS INTO A REVIEW PROCESS.

A diagnostic pass is not the same as a remediation plan. It is the foundation for one.

The most common mistake after an audit is treating the output as a to-do list. Field cleanup candidates are not fields to delete — they are fields to review with business owners before any decision is made. Permission findings are not access to remove — they are access patterns to evaluate against the intended least-privilege model. Automation candidates are not flows to deactivate — they are entries to investigate before any process is modified.

A structured review process turns audit findings into prioritized, explainable decisions. It gives admins a way to work through findings sequentially, identify what needs stakeholder input, and document decisions so that the next person has context for what was reviewed and why.

KeelCadence workbooks are designed for this workflow. Each workbook includes findings, evidence, recommendations, and remediation tracking organized across multiple tabs — in a format that can be shared with admins, project teams, managers, or auditors without requiring access to the Salesforce org itself.

Once findings are prioritized and documented, cleanup work can be sequenced without stepping on active processes. Permissions can be reviewed in context of the access picture. Automation changes can be planned around what was catalogued rather than discovered mid-project.

  • Prioritize which findings are worth acting on first based on risk and business impact
  • Identify what requires stakeholder input before any change is made
  • Document review decisions so the work is auditable and handoff-ready
  • Sequence cleanup, permissions, and automation work without unexpected conflicts
  • Rerun diagnostics after remediation to compare findings and track progress
The Core Principle

THE AUDIT-FIRST APPROACH.

Every admin who has cleaned up an org too quickly knows the pattern: a field was removed and something stopped working. A permission set was modified and access broke for the wrong users. An automation was deactivated and a business process quietly failed.

The audit-first approach is not a bureaucratic gate before change work. It is a practical acknowledgment that Salesforce orgs are more interconnected than they appear — and that visibility is cheaper than recovery.

A structured Salesforce org audit gives you:

  • A field picture that separates unused fields from low-traffic fields with active references
  • A permissions picture that surfaces access risk before cleanup or restructuring begins
  • An automation picture that identifies what may run before process changes are made
  • An object-readiness picture that surfaces import and UAT constraints before records are created

None of these diagnostic passes require a long-running project, a managed package install, or a consulting engagement to set up. A read-only audit can run in minutes and produce a review-ready workbook that supports months of structured cleanup and change work.

Visibility first. Changes second. That is the audit-first approach.

For more on getting started with a new or unfamiliar org, see the inherited org checklist and the Salesforce field cleanup checklist.

Common Questions

COMMON QUESTIONS.

What is a Salesforce org audit?

A Salesforce org audit is a structured first-pass diagnostic review of your org's fields, permissions, automation, and object-readiness. The goal is to surface review candidates, fill-rate signals, access risk, and automation patterns before cleanup or change work begins — not to produce a complete inventory of every configuration decision ever made.

Why should I audit Salesforce before cleanup?

Cleanup without visibility creates risk. Fields that appear unused may still carry data, appear in reports, or be referenced by automation metadata. Reviewing fill rates, layout coverage, and FLS exposure before removal significantly reduces the chance of deleting something that is still in active use.

What should a Salesforce admin review before making changes?

Before making changes, review fields and objects for fill rates and cleanup candidates, permissions for over-privileged access and FLS exposure, automation for active flows and legacy candidates, and object readiness for required fields, picklist constraints, and validation rules that may affect your changes.

How often should Salesforce org audits be performed?

There is no fixed schedule. A first-pass diagnostic is most valuable before a cleanup project, a data migration, a permissions review, or when inheriting an unfamiliar org. Many teams run a targeted diagnostic annually or whenever major configuration changes are planned.

What is included in a Salesforce health review?

A Salesforce health review typically covers field bloat and data quality signals, permission and FLS exposure, automation coverage and legacy automation candidates, and object readiness for record creation. KeelCadence produces review-ready workbooks for each of these areas.

Start Here

Start your pre-change audit with the field review.

Start with the read-only Field & Object Audit to surface field inventory, fill rates, hidden populated fields, layout coverage, and cleanup candidates in one review-ready workbook, then layer in the permission and automation reviews before you change anything. See the free on-screen summary before purchase.

Opens audit.keelcadence.com. Best run from desktop, since the diagnostic uses your active Salesforce browser session. On mobile, view the sample workbook or save this page for later.

Read-only · No package install · No Connected App setup · No Salesforce writes

KeelCadence uses session cookies and Google Analytics 4 for site usage insights. GA4 does not receive Salesforce credentials, Org IDs, Report IDs, or payment data. You can opt out for this browser.