IT Security Audit designed to assess the security risks facing your business and
the controls or countermeasures you can adopt to mitigate those risks. The IT
Security Audit is typically a human process, performed as a team with technical
and business knowledge of the company’s information technology assets and
business processes. As part of any audit, our team will interview your key
personnel, conduct vulnerability assessments, catalog existing security policies
and controls, and examine IT assets covered by the scope of the audit. In most
cases, our team relies heavily on technology tools to perform the audit.
IT Security Audit will not only assess compliance, but also assess the very
nature and quality of the policies and controls themselves. In many cases,
security policies become rapidly obsolete with the release of new technologies
or process overhauls. Security audits are the most effective tool for
determining the validity of those policies.
Many businesses have an easy time defining the physical security perimeter
that encloses the audit. It is relatively easy for our audit team to limit an
audit to a physical location (like a data center) or logical grouping of assets
(all production storage devices).

Often, IT security audits are best understood by focusing on the specific questions they are designed to answer. For example:
How difficult are passwords to crack?
Do network assets have access control lists?
Do access logs exist that record who accesses what data?
Are personal computers regularly scanned for adware or malware?
Who has access to backed-up media in the organization?

These are just a small sample of the questions that the security audit will
answer.

Article source:http://www.wicresoft.com/pagesE/pages.aspx?page=888
Article source:http://www.milesconsultingcorp.com/IT_Security_Audit.aspx