The following areas are of interest to the computer auditor in considering IT infrastructure, although the amount of work required under each heading will vary. For example, a physical security review of a purpose built computer centre housing a large IBM mainframe computer may require a specific audit of several weeks duration. A review of the physical security aspects of a user based PC, however, may only, require a few hours work and could be incorporated into a larger scope audit. Accidental or deliberate physical damage to IT equipment could damage the software and data of the organisation. Given the large capital investment made by organisations in IT, not only.