The IS auditors may focus on following review areas:
i. Computerized systems and applications: The auditor should verify that systems and applications are appropriate to the users‟ needs, efficient and adequately controlled to ensure valid, reliable, timely and secure input, processing and output at current and projected levels of system activity.
ii. Information Processing Facilities: This facility must be controlled to ensure timely, accurate and efficient processing of applications under normal and potentially disruptive conditions.
iii. Systems Development: An IS auditor should ensure that systems under development meet the objectives of the organization, satisfy user requirements and provide efficient, accurate and cost- effective systems and applications. The auditor should also ensure that these systems are written, tested and installed in accordance with generally accepted standards for systems development.
iv. Management of Information Systems: MIS must develop an organizational structure and procedures to ensure a controlled and efficient environment for information processing. This plan should also specify the computers and peripheral equipment required to support all functions in an economic and timely manner.
v. Client/Server, Telecommunications and Intranets: In a client/server environment, all applications that can be dedicated to a user are put on the client. All resources that need to be shared are put on the server. Auditors must ensure that controls are in place on the client as well as on the server and on the network. Auditors must provide the same level of control assurance in an Internet/Intranet environment as in a client/server environment, with special emphasis on TCP/IP and HTTP.