ABSTRACT
Introduction Auditors perform an essential role in protecting the information assets of an organization, which should be embraced rather than feared. Many times, when an audit is scheduled, whether internally or externally initiated, the response is one of fear of what the auditors will ‚nd as gaps in the information security program. Analogous to how many people feel when they are scheduled for their annual performance review, anxiety is almost certain to be a normal response. Why is it that way? Œe answer is simple-no one likes to be criticized for what they have put their best e‰orts into, and just like the potentially stressful performance reviews, audits have the potential to be taken very personally and viewed as a negative experience.
