I have a question, that I bet lots of people probably have too........when a security professional, or a security analyst conducts an audit on a given company, what are the areas of network security/pentesting that the audit will be based on, and also what are the most common tools employed, would you have to go through huge amounts of log files, and what will the report say?...I know is kind of complex and large question, but if someone with the knowledge and possible the experience could elaborate.

thanks in advance