IBM Power Systems have long been perceived as one of the most secure platforms available. But, experts agree that security is only as effective as the policies, procedures, and configurations put in place to manage a system. This study highlights a number of common security exposures and configuration management practices that must be addressed to protect the data on IBM i systems. In general, the study demonstrated that all organizations could improve the IT controls on their IBM i server. In particular, there are six critical audit areas of concern that warrant immediate inspection and action.