Anyone has already audited "IT Monitoring and reporting process"?  Any suggestion as to the audit approach? Best practices, suggested framework, etc.

Thanks for your response so far and I would like to add some precisions as follows:

The monitoring will involve elements related to security and IT operations but also any other information useful to support IT business decisions such as budget, resource capacity (IT & human), project delivery, etc.  To main objective of that audit will be to determine what is monitored & reported to help support IT decisions towards attaining/supporting business goals.  Let me know if you have thoughts about this.  Much appreciated.  André

Prior to doing an audit, a discovery or an assessment of the current state will be useful to baseline how monitoring is delivered in your organization. You might find the following questions helpful in your effort with either assessments or audits.
 
Define your Monitoring RACI 
   - Who owns the monitoring?  Who decides what to monitor?
   - Who configures the monitoring tool? 
   - Who sets the thresholds? 
   - Who responds?  
   - What is the support structure (dedicated team, service provider, self-managed)?
What all is in the scope of monitoring ? Applications, Infrastructure, Network, Facilities, On-Prem, SaaS etc. ?
Does a monitoring dashboard exist?
What tools do you leverage in your environment ? Do you have a single or best of breed solution to support element management, telemetry, event correlation, notification, logging, and visualization?
What SLOs, SLAs, SLIs and Availability metrics are set? What mechanisms are in place for auditing and monitoring the SLO guarantees?
Who decides when an alert is an incident? How do they decide that?
Where are you sending your log data?
Who can access the log data?
Do you have monitors that detect an outage, or is manual assessment required?
Is Operations notified when there's an outage with your service?  How is Operations informed?
Who owns the definition of monitoring parameters?
Do they have end to end visibility? 
Are they able to monitor individual nodes/paths in an HA/DR environment ?
Are they doing synthetic monitoring?
Is the monitoring proactive?
Can you detect escalating events?
Is threshold monitoring (low/how) available?
Are you able to perform multi-site monitoring?
Is automated correction built into the monitoring?
Does the monitoring include any anomaly detection?
How are monitoring alerts handled (email, trouble ticket, text, other)?

A good framework to reference is NIST. You can also look at SANS20, though this is falling out of favor a bit. OWASP is well-regarded for cyber testing. If this is your first foray into InfoSec Auditing, a good place to start is basic Information Technology General Controls (ITGCs). 
Best of luck.