The constant increase in laws, ordinances, norms, standards, contracts, guidelines, etc. leads to intransparency in companies regarding the legal provisions and regulations to be complied with. This results in considerable, latent uncertainty regarding the risk of possible rule violations. The avoidance of such risks by ensuring adherence to provisions is the objective of corporate compliance and in IT specifically, IT compliance. Internal audit can make a valuable contribution to this, as it can objectively assess the IT compliance efforts in companies through its specialist knowledge, methodical knowledge and independence, thereby assisting in the prevention of rule violations. Furthermore, it can assist in IT compliance adding value to the company by providing valuable information.