Recently my company went through an internal audit of our financial systems. First let me say that I am proud because we did well and do not have many issues to resolve, and no issues on the Database Side. Any way I also want to point out that the auditors are not IT people. They are accountants and they have no idea what they are asking for from us or what we give them. An example of this is that I was working in Powershell when the auditor came over to me and asked for a screenshot of all sysadmin role users on a particular server. I pulled it up in powershell and printed it out. No he said this is no good. I need the SQL Server screen that will tell me. OK I say and I go into SSMS and pull it up and print it out for him. To me this said that he does not know what he is looking at and I could, not that I ever would, give him the same screenshot from last year and he would not know. For the remaining time that he was around I tried to point out what was what and help him learn abit about what he was asking for. Hope that will help in in future audits.