Webinar review of: Preparing for the Compliance Audit by Kevin Kline and Joe Webb on 5/16/2019 at 10am CT. Kline is Principal Program Manager at SentryOne. Webb is a Partner at The SERO Group.

Agenda points discussed by Kline and Webb in the webinar:

• Why Audit?
  • Internal and external audits
• Who’s Involved?
  • Organizational Leadership
  • IT
  • Internal Auditors
  • External Auditors
  • Business Stakeholders
• Focus of Audits
  • Type I – Design of Controls
  • Type II – Operating Effectiveness of Controls
• The Audit Framework
  • Based on the American Institute of Certified Public Accountants (AICPA) Five Trust Services (formerly Principles)
  • Security
  • Availability
  • Confidentiality
  • Privacy
  • Processing Integrity
• Putting It Into Practice
  • Assessment – SQL Server artifacts and the data
  • Identify
  • Create
  • Tools
    • Sp_Blitz from Brent Ozar
    • SSMS 18 Data Masking
    • SQL Audits
    • Dynamic Management Views
    • Third Party Tools
• Summary
  • Rethink the process of auditing. Auditors are not your enemy nor looking over your shoulder!
  • Auditing Is a Continuous Process
  • Documentation Is King

The last company I worked at started auditing SQL Server and associated data by running a few hacked together reports and statistics. DBAs manually compiled the needed information using some of the tools mentioned in the webinar and custom SQL scripts. If you work at a public owned company, that solution will not satisfy auditors nor the CXOs.

Eventually the DBA team implemented a third party tool for SQL Server auditing (there are many vendor options today). It saved the DBA team tons of time and tracked hundreds of additional data points vs the make shift solutions and hacked reports. Third party SQL Server auditing tools are pricey but well worth the cost when audit compliance is important to your company.

NOTE: PAY ATTENTION to the California Consumer Privacy Act that goes into effect 1/1/2020! Many other states may be following the same privacy rules soon. Right?

Thumbs up for the Webinar ‘Preparing for the Compliance Audit’ by Kevin Kline and Joe Webb.