I sat down with a potential new client today. They are a small business with a one man band running IT. The CFO has some concerns about if her IT guy is following best practices. They want some kind of audit to that effect. Has anyone ever done something like this?