Originally posted here by ss2chef
What kind of audit are you speaking of?

Overall security (IT I presume) of a company or a portion?
External or Internal or Both.
Does it include social engineering aspects or just pen testing and configuration audits?
How about policy and proceedure audits?

Or are you just looking for all of the above?

If you are speaking of Pen Testing and or exploit auditing, the nessus reporting is a good starting point.
Most of the scanner sites have sample reports.
http://www.hackerwhacker.com used to have a sample report. URL is not working now so not sure if ther are still around. It's been a while.

Some more detail about what you are looking for will help narrow down results.
thanks to all for reply.

audit to be internal departmental. i am auditing a network site. the are located seperate from my main network site, but they all connect to my F&P serverz.

we never done one before - so this is a first.

I was gonna look at:
* backup procedures.
* installs of non approved apps/servers
* licensing tracking
* network scan to see what is viewable to outsiders. there is a FW

i was also gonna borrow their key and go in on a weekend and note how many staff wrote their users name & password on yellow stickys in & around their desks.

penetration testing was not going to be minimal for now.

we run central managed AV/FW on all clients. unless the users actually uninstall them they are fairly secure. we got the odd smart ass who thinks he's too good for a managed desktop. those guy i will flag as unsercue host regardless.