Ever stricter laws and guidelines are putting increasing pressure on corporate audit departments to further improve their IT security and optimize reporting. However, the laws and guidelines generally do not specify concrete IT measures that can be readily implemented. Instead, best practice approaches described in the BSI IT list of basic security measures apply. Companies are faced with the challenge of turning the measures listed there into concrete evaluation rules or policies. We provide hands-on recommendations on how to implement dynamic IT auditing and show you which requirements need to be met to be on the safe side.