Missing assets. Criminal activity. Compliance. These are all possible reasons you could find yourself needing to audit your business’s key control practices.
If you don’t manage your keys properly and keep accurate key logs, these audits could take hours upon hours of sorting through incomplete or nonexistent records and counting keys. The results could be detrimental to your business, your employees, your job, and even your community.
Consider these examples:
- A California dealership relied on a key attendant to update its key control log. With a cumbersome process and no system of checks and balances, employees didn’t always return vehicles in a timely manner and sometimes drove vehicles without authorization. In one case, an employee caused a wreck that resulted in legal action against the dealership.
- In Utah, an audit revealed that higher education institutions were distributing large numbers of master keys to employees. Dozens of keys had been lost or unaccounted for, and many locks hadn’t been rekeyed.
- At an Arizona prison, a routine state audit revealed that key inventories were inaccurate, key logs weren’t completed properly, historical records were missing, and inmates had keys.
So what should you do to better prepare for an audit of your organization’s keys?
Evaluate Your Existing Key Audit Process
Before overhauling your key control audit process, consider how you’re doing things currently and pinpoint any deficiencies.
Ask questions such as:
- How many people are involved in the audit? Are there any people or departments who aren’t included but should be?
- Do you conduct audits frequently enough? How long do they take?
- What bottlenecks are there in the audit process?
- What are the goals of the audit (e.g., to avoid theft, meet compliance requirements, reduce rekeying costs)?
- What data needs to be included in the report to help you meet those goals? That could include the names of employees and departments included in each audit, the overall number of keys your organization manages, different types of keys (office, fleet, etc.), different classifications (grand master, master, long-term issue, etc.), or the number of keys each person has checked out.
Once you’ve determined what’s working and what’s not, you can create a new, more efficient process.
Set up a Centralized Repository for Keys
The more spread out your keys are, the more difficult it’ll be to track them. Keys don’t physically have to be in that location at all times (for example, employees often hold onto office keys long term). However, these keys should have a designated spot, such as in an electronic key control system.
If you need to track keys across multiple locations, work with a key management provider to set up an enterprise-wide solution.
Keep Real-Time, Verifiable Records
One of the biggest time sucks in key management audits is waiting until the audit process is to figure out where all your keys are and who has them. If you keep records up to date by automatically recording who checks out keys, when, and why, you won’t have to backtrack.
Run Reports
If you’re already tracking keys and automatically capturing the key control data you need using an electronic key control system, your audit goes from hours to seconds. Rather than manually verifying key management data, you can run reports including data such as:
- Checked-out keys
- Overdue keys
- User activity
If the reports don’t already include the exact combination of data you need to meet your goals, contact your key management system partner for assistance creating a custom report that can be automatically run when it’s time for your audit.
Key control audits don’t have to be complicated and time-consuming. When you automate your audit trail, you can run key control audits in seconds and address any problems — before you encounter any compliance or legal issues.