[mlinhares]

Second that here, I was an engineer at DO when the IPO work was happening and I was either working on features to customers as usual or audit features we would eventually need anyway. It wasn't the experience I expected at all after multiple people said it was going to be super complicated, the company would stop and stuff like that.

The work was mostly building audit trails with "who, what, when, and why" for the actions people were taking in specific parts of our systems (wasn't even required for everyone/everything). From what I saw most of the bad experiences people seem to have had is because there is no clear understanding from the auditors what is needed or people inside the business go way overboard with what is actually required.

We were always very clear with who were the teams that HAD to follow all audit processes and those where it wasn't required so while some places in the business had to do a lot of work (like finance/billing and platform teams) I doubt most product teams had to do much work other than changing some config files or adding some extra logging here and there.

It did help we already had a pretty strong audit trail culture for most operations internally, so most people would either produce extra events or add more fields to existing events instead of having to build a completely new solution to do it.