In recent years, financial services and banking models have undergone a large-scale transformation with the entry of digital technologies. New methods of online banking, mobile banking, e-banking, and a variety of third-party payment methods have developed rapidly. On the other hand, financial institutions have closely integrated information technology with financial services and now it has become impossible to separate technology from financial innovation. It can be said that with the continuous development of digitization, the payment industry is constantly undergoing profound changes, and this change is accompanied by unlimited cyber threats. Thus, as a line of defense against cyber risks, the Reserve Bank of India (RBI) has made it mandatory for all the banks to conduct an Information System (IS) Audit within the organization. This establishes the confidentiality of data and helps protect the information. The purpose of this document is to highlight the requirement of an Information System Audit for all Scheduled Commercial Banks, authorized and approved by RBI.