Just a normal, slow moving, bureaucratic corporation.
But even if they were faster, I'm sure an audit of all existing systems is not as simple as making sure all the doors and windows are locked around the house.
You can hire a good group of independent pen testers or security companies, and let them hammer your public facing sites. They don't lack the necessary financial resources. At least they would have discovered that type of problems. It's not difficult when there's a will.
But even if they were faster, I'm sure an audit of all existing systems is not as simple as making sure all the doors and windows are locked around the house.