In our opinion, the modern it Audit represents the greatest value is in its last phase – the decision. " Alexander Frolov, the head of the company's projects irp Technology, believes that the procedure it audit in a company involves the collection, analysis and granting the company's management about the current state of it, the risks associated with vulnerabilities of information systems, and issue recommendations to reduce these risks and improve the quality of functioning subsystems. On frequency of it audits affect a variety of factors: the rate of business growth, changes in organization structure, change, or the emergence of new business processes, the frequency of introducing new it solutions, the method support and the frequency of changes in existing information systems, etc. And it is not an exhaustive list. "The main factors influencing the frequency and the frequency of it should be noted external requirements (CBR, iso, law Sarbanes – Oxley Act, etc.), change it service management, updating the it strategy of the company, the passage of it service internal and external audit – adds Guzik. – Remember that in the absence of regular auditing and a repeated audit within a year (maximum) after the first almost completely invalidates his findings and recommendations and does not allow for continuity and consistency in the management of it enterprise. " A Who are the judges? Valid question: what criteria should correspond to the it infrastructure of the organization during an audit? "The company's management and staff", – considers Yurkin. "IT must be checked for compliance with cobit, the main value of which is that they offer a model that provides the link between business goals and it processes, "- says Frolov.