What type of entities typically undergo IT audits?

The correct answer highlights that any organization with an IT infrastructure is subject to IT audits. This is because IT audits are designed to evaluate the adequacy and effectiveness of information systems and controls across various types of organizations, regardless of their size or sector.

Organizations inherently handle sensitive data, require secure systems, and must comply with regulations, making them pertinent candidates for auditing. This encompasses not just large corporations but also small businesses, nonprofit organizations, and government entities, all of which may rely on IT systems to operate.

Other options are more restrictive in nature. Stating that only large multinational corporations undergo IT audits excludes many smaller organizations that also depend heavily on IT infrastructure. Limiting audits to companies with an online presence or to retail businesses ignores the broader scope of industries, such as healthcare, education, and finance, that have essential IT operations and compliance requirements. Therefore, the inclusive approach of stating that any organization with an IT infrastructure undergoes audits recognizes the universal necessity of IT governance and risk management practices.