A tip for Information Security audit readiness is REVIEW. Many parts of an organisation have great processes around user provisioning - but time and time again I find that they lack the review element. It is so important to review changes like these, and to reconcile against a monthly or quarterly defacto list. Human error is one of the greatest threats to an organisation and its information protection. It is a staple audit question - be ready folks!