Based on the limited availability of literature and academic research that address the subject of auditing, based on information technologies, the limited theoretical support and the tendency to increase the complexity of the organizational environments where they are executed, the design of a methodology for conducting information technology audits during control actions, which integrates the 20 critical security controls.