The purpose of audits is to ensure that the information stored in the CMDB matches the real configuration of the organisation's IT structure.
There are tools allowing automated, centralised remote management of the elements of the hardware and software configuration. The information collected can be used to update the CMDB.
If the scope of the CMDB includes aspects such as documentation, SLAs, personnel, etc. these data need to be backed up with manual audits. Audits must be carried out fairly often, and at least:
- After implementing a new CMDB.
- Before and after major infrastructure changes.
- Whenever there are reasonable grounds to suspect that the information stored in the CMDB is incorrect or incomplete.
Audits should pay special attention to aspects such as:
- The correct use of the naming conventions in the CI records.
- Communication with Change Management: information about RFCs, changes made, etc.
- The CI status is up-to-date.
- Compliance with defined levels of scope and detail.
- The match between the structure in the CMDB and the real IT structure.