AUDITS COME IN ALL SHAPES AND SIZES. Regardless of size, audits represent a systematic and measurable assessment of the environment of an organization. Auditing for IT compliance is part of the ongoing process to ensure an organization is putting in place and maintaining effective security policies and controls. The audit makes use of various tools, but is primarily concerned with how the security policies are actually used. The IT environment is vast, and can be broken down into manageable and auditable chunks or domains. This chapter explores what is required to achieve and sustain compliance across different scopes of the IT environment.