Reports provide a view of your company's current compliance status. They are key to a successful compliance program. Based on the information provided by compliance reports, companies can decide when further activities are necessary. Reports should provide answers and achieve specific company objectives. If they don't meet a specific goal, they can be a waste of time and, more importantly, of money. Avoid creating reports just for the sake of having reports. Unnecessary reports can create a false sense of security. Of course, you may be able to tick the checkbox on your project plan that says you are compliant with your access policy but, if no one uses those reports, then no one will react to a compliance issue when it occurs. So your company may believe that everything is OK as you have those reports while in reality your system becomes non-compliant.

This chapter focuses on the considerations for a reporting process and the kind of reports the System Center products provide...