Right now it looks like I'll be putting a training session on for my local ISACA chapter on SQL Server security and auditing SQL Server. I know there is usually a lot of griping by DBAs when auditors show up and ask about their databases. Typically it's around how the auditors are going from a checklist and aren't really well-versed in the technology itself. I'm volunteering to teach the training so that they better know what needs to be looked at from a SQL Server perspective because I've been there, too.
So what are your pain points when dealing with auditors? If you had the chance to teach them a subject or area before they walked over and started their checklist of questions, what would it be? What do you think they should be looking at? I'll try to work a lot of that into the class. The better we educate them as to what really matters, the less they'll be in our hair.