I've been through relatively few audits in my database career. I've worked in a few industries that didn't require them, and avoided the stringent requirements of PCI and HIPAA. ISO 9000 was the first audit I encountered and I had been preparing for Sarbanes-Oxley (recently passed) when I left to work for SQLServerCentral.

The preparation for an audit required a lot of work, meetings, and organization. The first time I suffered through an ISO audit, I was amazed at how much of our daily work was interrupted and the time spent ensuring we would pass the audit. The second time wasn't much better, though I'd instituted some processes and controls for the DBA group that did reduce the amount of preparation needed for our portion of the audit.

Read the rest of "Acing an Audit" at SQLServerCentral