The information system auditor’s evaluation of systems, practices, and operations may include one or both of the following:

• Assessment of internal controls within the IT environment to assure the validity, reliability, and security of information
• Ensure information management processes are following IT specific laws, polices and standard procedures.
• Determine risks to company information assets and help identify methods to minimize those risks.
• Examine not only the physical controls, but also overall business and financial controls that involves information technology systems.
• Determine inefficiencies in IT systems and associated management.

To provide a report on summarizing the observations and recommendations which resulted from audit? Then the implementation by management of these recommendations should assist management in improving internals IT controls.