Review of information systems

I'm assuming you are referring to ISO 27001 Annex A section A.18.2 Information security reviews. Considering that, the internal audit is the process which covers the controls from this section. Considering that, the steps you must consider regarding ISO 27001 requirements are:
- Document review: to (1) become acquainted with the processes in the ISMS, and (2) to find out if there are nonconformities in the documentation with regard to the standard
- Creating the checklist: write requirements you must check during the audit
- Planning the audit: plan which departments and/or locations to visit and when
- Performing the audit: execute what was planned
- Reporting: to summarize all the nonconformities and relevant information you found
- Follow-up: to check whether all the corrective actions raised during the internal audit are closed

To see how an internal audit documentation looks like, please take a look at the free demo of our ISO 27001/ISO 22301 Internal Audit Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/

For further information also see:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- ISO 27001:2013 Internal auditor course https://advisera.com/training/iso-27001-internal-auditor-course/