Security audits and reviews are commonly done to guarantee that
               controls are implemented as directed and working as desired. It’s

               common to include audits and reviews to check patch management,
               vulnerability management, change management, and configuration
               management programs.