I've audited over a dozen Salesforce orgs across fintech, healthtech, SaaS, and manufacturing. Every single one had issues the admin team didn't know about.
Not because they were bad admins — because Salesforce doesn't surface these problems. There's no built-in "org health score." No dashboard that says "hey, 3 of your users have 15 permission sets each and that's a security risk."
1. Permission set bloat. Users accumulate permission sets over years. Nobody removes the old ones. I've seen users with 20+ permission sets where 12 were redundant. That's not just messy — it's a compliance risk.
2. Duplicate accounts. "ACME Corp" and "Acme Corporation" and "ACME" are three different accounts with three different pipelines. Your reports are wrong and you don't know it.
3. Stale automation. That Process Builder from 2019? It's still running. That Workflow Rule nobody remembers creating? It fires on every Account update. You have 140 active validation rules and 15 of them conflict.
4. Governor limit creep. You're at 78% of your daily API calls and nobody's monitoring it. One bad integration update away from a production outage.
5. Zero documentation. Your org has 80+ flows. How many have documentation? If your senior admin leaves tomorrow, can anyone explain what "Auto_Update_Territory_v3_FINAL_fixed" does?
I built a scanner that checks all of this automatically. Read-only. Takes under a minute. You get a score out of 100 and a prioritized list of what to fix first.