Here's a webinar put on by Application Security, Inc. that I'm participating in this Thursday (1/28/10) in case you're interested...should be enlightening.
Five Burning Questions Series: 2010 IT Security Auditor’s Roundtable
Five Burning Questions Series: 2010 IT Security Auditor’s Roundtable