In this lesson, Nick Palazzolo, CPA, gives a detailed walkthrough of an organization’s IT security procedures, illustrating the necessary steps to evaluate whether a company’s practices align with established best practices and documented policies. He outlines various components, ranging from simple encrypted file tests to elaborate comprehensive risk assessments involving hypothetical disaster scenarios. Nick covers critical areas such as IT risk management, human resources protocols for employee onboarding and offboarding, and training program assessments. Throughout the lesson, he emphasizes the importance of observing, documenting deviations, conducting gap analysis, and culminating the walkthrough with a robust report and a conclusive action plan. This approach not only demonstrates the thorough testing of a system but also showcases how to document evidence and findings for accountability and improvement.