The IT Compliance Institute has amassed an excellent collection of IT governance-related white papers, articles and resources. Their IT audit checklist for reviewing information security management, a new addition, has many potential uses [access requires you to register on the website]. It can be used directly by experienced IT auditors and compliance assessors as a checklist to guide a review of key controls, and it provides pointers on audit preparation, testing and reporting. Prospective auditees and managers will benefit from reading about and preparing for the kinds of things the auditors will be doing, especially the section on things the auditors will be looking for. Those designing and implementing Information Security Management Systems will appreciate the guidance on elements of an ISMS that auditors find particularly important. The checklist can even form the basis of a structured description or specification for a robust ISMS. All in all, a nice paper from the IT Compliance Institute. It's worth browsing the ITCi website for other similar resources including the biannual IT Compliance Journal [again, "free" to those who register].
More information security management, IT governance and IT audit resources