Auditing configuration items

One type of configuration management request is a request to audit a set of configuration items. You can perform audits that compare the "as built" and "as planned" versions of configuration items, investigate discrepancies, and take action on the results. Auditing CI attributes and relationships on a regular basis helps you to identify unauthorized changes or failures to carry out approved change requests.

Control Desk uses an actual configuration item (CI) record to represent the discovered, or "as built" version of the CI, and an authorized CI record to represent the "as planned" version. Maintaining consistency between the actual and authorized versions of your CIs is part of maintaining control of your IT environment, ensuring that your Content Management System accurately reflects your physical and logical infrastructure.

Critical business systems, regulatory requirements, and other factors will determine which CIs you will audit regularly. You can use cron jobs to run reconciliation tasks at regular intervals, comparing the actual and authorized versions of all of your CIs or any subset you choose. These tasks can be resource-intensive, so it is typical to run them at off hours. CI records are locked and cannot be modified while the task is running.

You perform audits by using the applications in the Reconciliation module. These applications enable you to define parameters to be audited, run audits on demand or on a schedule, and follow up on the results. You can set up a cron job to run audits with certain parameters at regular intervals, and you can also run or schedule individual audits that have been requested. You can compare specific attributes or run a full CI comparison, which compares all of the attributes on each CI as well as related CIs. Default job plans are provided for the two phases of the audit process; you can use these job plans to set up tasks and owners, or modify them to suit your needs. You can specify the CIs and attributes that you want to compare.