A Computer Information Database System includes a software update and patch audit subsystem that manages computer profile data using system grouping and audit specification criteria. The subsystem thus selects a particular group of computers using the grouping criteria, and further selects from within the group the computers that pass or fail the applicable audit requirements. A given computer passes the requirements if the computer has installed thereon the specified software updates and patches that are applicable to the computer operating system platform. Otherwise, the computer fails. The audit subsystem may instead select particular computers using the audit specification criteria and then using the grouping criteria further select the subset of these computers that belong to a particular group. Further, the audit specification criteria may be set differently for the respective groups. Also, the grouping criteria and/or the security audit criteria may change without adversely impacting the operations of the subsystem. The audit system uses database tables and views that include value-to-match fields for either or both of the grouping and the audit specification criteria, and also software update or patch specific information and/or operating system specific information. One table includes group and operating system information for the respective computers, another table includes entries for the respective updates and patches that are installed on the respective computers, and another table includes entries that together specify the security audit specifications for the respective groups. Using the tables, the system produces views that relate, for example, to failing computers, what updates or patches the respective failing computers are missing, which or how many computers are failing within a particular group.