To know that information systems controls are effective, organizations must conduct comprehensive and systematic audits. An MIS audit identifies all the controls that govern individual information systems and assess their effectiveness. To accomplish this, the auditor must acquire a thorough understanding of operations, physical facilities, telecommunications, control systems, data security objectives, organizational structure, personnel, manual procedures, and individual applications.
For this audit, the auditor usually interviews key individuals who use and operate a specific information system concerning their activities and procedures. Application controls, overall integrity controls, and control disciplines are examined. The auditor should trace the flow of sample transactions through the system and perform tests, using, if appropriate, automated audit software. In addition to interviews, the auditor can also test the system, its design robustness, security and functional details. Inspection of documents user privileges, logs etc are also part of the audit process.