Key tasks: Audit policies
Important
This content is archived and is not being updated. For the latest documentation, see Microsoft Dynamics 365 product documentation. For the latest release plans, see Dynamics 365 and Microsoft Power Platform release plans.
Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012
Audit policies help you implement the compliance strategy for your organization. This topic explains how to create audit policies, audit policy rule types, and policy rules. It also explains how to modify or retire an audit policy.
Note
This topic includes information about features that were added or changed for cumulative update 6 or later for Microsoft Dynamics AX 2012 R2. This information also applies to AX 2012 R3.
What do you want to do?
Learn more about...
Prepare to create audit policies
Create audit policy rule types
Define an audit policy
Develop policy rules
Modify an audit policy
Retire an audit policy
Find form help
Find related tasks
Learn more about...
Click these links to find more information about the concepts that are discussed in this topic.
About audit policy violations and cases
Prepare to create audit policies
Before you can create an audit policy, you must define the policy parameters that are used by all audit policies.
Click Compliance and internal controls > Common > Policies > Audit policies.
On the Action Pane, click Parameters to open the Policy parameters form.
The available organization types are displayed in the Organization types: list. Select the organization types to create policies for, and then click the Add button.
Note
Although you must select at least one organization type to use audit policies, you do not have to change the order of precedence for those organization types. When an audit policy is run, all rules in that policy are run. The system does not select which audit policy rules to run based on the order of precedence. For more information about the order of precedence for policies, see Organizations and organizational hierarchies.
Back to top
Create audit policy rule types
Policy rule types define the document and query parameters that are used when you develop specific policy rules.
Click Compliance and internal controls > Setup > Audit > Policy rule type.
Click New to create an audit policy rule type.
Enter a name and a brief description of the policy rule type.
In the Query name field, select the default Application Object Tree (AOT) query to use as the starting point for developing policy rules for this policy rule type. The query indicates the source document that the policy rule type is defined for. For more information about query names, see Policy rule type (form).
In the Query type field, select the type of database query that users can build when they create audit policy rules by using this policy rule type. For more information about query types, see Policy rule type (form).
In the Document date reference field, select the field in the source document that identifies the date to use when documents are selected for audit.
Create any additional policy rule types that your organization needs, and then close the form.
Back to top
Define an audit policy
Before you can define an audit policy, you must create the policy rule types that define the document and query parameters for the policy rules. You must also make sure that the policy parameters have been set up appropriately.
Click Compliance and internal controls > Common > Policies > Audit policies.
On the Action Pane, click Policy to create an audit policy.
On the General FastTab, enter a name and description for the audit policy.
On the Action Pane, click Additional options, and then follow these steps:
Enter the starting date and ending date of the document selection date range. This range determines which version of a policy rule to use, based on the effective dates of the policy rule. It also determines which organization nodes were associated with the policy during that date range. For more information, see Additional options (form).
Each audit policy is run in batch mode. To verify or change the parameters for the batch job, click the Batch button.
In Microsoft Dynamics AX 2012 or Microsoft Dynamics AX 2012 R2:
If you are creating a policy rule that uses the List search query type to evaluate source documents for specific entities, enter the entities on the Monitored entity FastTab. In cumulative update 6 for Microsoft Dynamics AX 2012 R2, specify the monitored entities in the Audit policy rule form.
If you are creating a policy rule that uses the Keyword search query type to evaluate source documents to determine whether they contain certain words, enter the words on the Prohibited words FastTab. In cumulative update 6 for Microsoft Dynamics AX 2012 R2, specify the prohibited words in the Audit policy rule form.
Click Close to return to the Audit policy form.
On the Policy organizations FastTab, select the organization type that the audit policy applies to.
Tip
A single policy can apply to only one organization type.
The organization nodes that have been created for the selected organization type are shown in the Available organization nodes: list. Select the nodes that are affected by this audit policy, and then click the Add >> button to move those organization nodes to the Selected organization nodes: list.
Important
The association of the organization node and the audit policy is effective from the date and time that you add the organization node to the Selected organization nodes: list. The association expires when you remove the organization node from the list. Policy rules cannot be tested for any dates on which no organization node is associated with the policy.
On the Policy rules FastTab, develop the policy rules that are needed for this policy. For more information, see the “Develop policy rules” procedure.
Back to top
Develop policy rules
An audit policy rule consists of a database query that is run against source documents. The policy rule types define the document and query parameters that are used when you develop policy rules.
Click Compliance and internal controls > Common > Policies > Audit policies.
Double-click the policy to create policy rules for.
On the Policy rules FastTab, select the policy rule type to develop a policy rule for, and then click Create policy rule. The fields that are displayed in the Audit policy rule form depend on the selected policy rule type and its associated query.
In the Effective date and Expiration date fields, enter the date range when this policy rule is effective. If you do not enter values in these fields, the policy rule is effective when it is created, and it never expires.
Complete other fields as required, depending on the query type that is associated with the policy rule type.
In AX 2012 R3 and cumulative update 6 or later for AX 2012 R2:
If you are creating a policy rule that uses the List search query type to evaluate source documents for specific entities, enter the entities on the Monitored entity FastTab.
If you are creating a policy rule that uses the Keyword search query type to evaluate source documents to determine whether they contain certain words, enter the words on the Prohibited words FastTab.
Click Select to open a query form.
This button is not available for policy rules that are based on the List search or Keyword search query type.
Use the query form to specify the criteria to use for this policy rule, and then click OK. The fields that were set up by default in the policy rule form also are set up in the query form.
Important
If the data tables that are used in the query are shared among different legal entities, set the AllowCrossCompany property on the AOT query to Yes. This enables the policy engine to query on that table when the legal entity that is running the policy differs from the legal entity that the resulting query records belong to.
After the policy rule is set up, click Test. Enter the document selection date range to use for the test.
Note
The dates that you enter in this form are used only for the test. They are not saved, and they do not affect the document selection date range that is defined in the Additional options form.
Click Run test.
Review the results of the test. If the results are not what you expected, modify the database query, and repeat the test.
Important
If you do not receive results, do the following:
-
Verify that an organization node was associated with the policy during the data selection date range that you specified for the test. Policy rules cannot be tested for any dates on which no organization node is associated with the policy.
-
Verify that source document records exist that were created on or after the policy was created. Records that existed before the policy was created cannot be audited. The only exception is for policy rules that are based on the Duplicate query type, which can audit records up to 180 days in the past.
-
Back to top
Modify an audit policy
Audit policies help you implement your organization's compliance strategy. As your organization grows or your audit policies become more complex, you might have to modify these policies. For example, if your organization has acquired another organization, you might want to add that organization to an existing audit policy. To do so, add the organization to the Selected organization nodes: list on the Policy organizations FastTab of the Audit policy form.
Click Compliance and internal controls > Common > Policies > Audit policies.
Double-click the policy to modify.
On the Policy organizations FastTab, the organization nodes that are affected by this policy are shown in the Selected organization nodes: list. The organization nodes that can be assigned to the policy are shown in the Available organization nodes: list. Click the Add >> or << Remove button to move the organization nodes to the appropriate list.
On the Policy rules FastTab, you can modify any policy rules that belong to this audit policy. To select the policy rule to modify, select the policy rule type to display the list of policy rules that are associated with that type, and then select the policy rule.
To change the expiration date of a policy rule, click Change date, and then enter the new expiration date.
To retire a policy rule, click Retire policy rule. Policy rules are not deleted and can be reactivated at any time by changing the effective dates on the rule.
To change a policy rule, double-click the rule to open it, and then make the changes.
Back to top
Retire an audit policy
There might come a time when you no longer need a specific audit policy. Although you cannot delete a policy, you can retire it so that it is no longer used. When you retire a policy, you also retire all the corresponding policy rules for that policy.
Important
A retired policy cannot be reactivated.
Click Compliance and internal controls > Common > Policies > Audit policies.
Select the policy to retire.
On the Action Pane, click Retire policy.
Back to top