ONCE THE AUDIT TEAM COMPLETES an approved auditing plan, they can begin auditing the IT infrastructure for compliance. Testing for compliance is centered on the presence of adequate controls or countermeasures within the planned scope of the IT infrastructure. This includes verifying policies are put in place and appropriately followed.

The actual execution of an audit can vary widely based on the scope and objectives of the plan. Several methods, frameworks, and automated tools are available to assist in the process. The choices made will depend on the areas being assessed and the depth and breadth to which controls need to be examined.