I will be at oPASS on March 8th (Thursday) in Orlando, Florida. I'll give a preview of the talk I'm giving at SQL Saturday #110 - Tampa: The Dirty Business of Auditing. This is a nuts and bolts presentation which is a slimmed down version of what I teach to IT auditors. I say slimmed down because in a lot of cases they aren't application specific, meaning things we take for granted as knowledge in SQL Server is something they have to be brought up to speed on. If you're interested, here's the abstract:
Auditing is often a dirty word among DBAs because it equates to more work with little perceived business value. However, auditing is a necessary evil for most businesses and it usually falls to the DBA to ensure SQL Server is properly audited. In this session we'll look at what the operating system and SQL Server provide for us in order to meet the requirements of internal and external auditors, regulatory legislation, and even overbearing system owners who want to know everything about what's going on in their application. We'll consider what tools to use to quickly implement the properly level of auditing to meet the need.
I'll have a checklist to hand your auditor as well as the scripts you need to produce the information which should satisfy their questions.