An IT auditor participates in projects and assignments that improve internal processes and performances. They report problems, analyze data and increase internal controls. The bulk of their work involves the collection and examination of data from database, software programs and information management systems. Most IT auditors work for in the fields of finance, education, technology, compliance and health care.
IT auditors who work in finance or accounting firms will evaluate the adequacy and effectiveness of the organization’s IT systems and internal controls against policies and regulations. They may be required to research, interpret, and evaluate the compliance expectations against contractual requirements or government regulations. IT auditors will communicate with external auditors who are either consultants or employed by regulatory bodies. IT auditors provide guidance to coworkers and management regarding accounting discrepancies, compliance vulnerabilities and internal controls.
IT auditors identify, document, summarize and present audit findings to external shareholders, such as regulatory bodies, and internal shareholders, such as executives. Their final reports include optional recommendations and mandatory corrective actions. They will regularly conduct ad-hoc internal reviews and operational audits of IT system components. IT auditors will deal with business ethics, risk management, organizational structure, business processes and governance oversight.
IT Auditors must have detailed attention, the ability to re-prioritize tasks throughout the day and extensive expertise in IT systems, infrastructure and applications. They should be customer focused, which means they will have excellent interpersonal skills to influence others, and technical skills, which gives them the ability to identify IT issues and develop corresponding solutions. They should have the ability to create customized solutions of differing scope, flexibility and complexity.
Their excellent analytical and communication skills will help them accurately document and present data in non-technical terms. They should be comfortable interacting with senior managers and external parties, and responsible enough to maintain the confidentiality of sensitive information. They must know how to organize, schedule and adjust workloads to meet established deadlines and milestones. They must know how to establish, execute and evaluate risk-based plans and monitoring programs.
Most employers will want them to possess the Certified Internal Auditor (CIA) certification through The Institute of Internal Auditors. In order to qualify for the exam, candidates must have a bachelor’s degree and a letter from their accredited university confirming their degree. Candidates may also qualify for the CIA if they have two years post-secondary education and five years of internal auditing experience.
Exam candidates with a four-year degree must have at least two years of work experience related to internal auditing. Alternatively, candidates may substitute a master’s degree for one year of the required two years of work. Exam candidates must submit a signed Character Reference Form that is approved by a current internal auditor. The exam covers internal audit basics, such as risk concepts and internal controls, and strategic and operational audit management.
Related Resource: What is Risk and Compliance?
Most IT auditors will have a degree in computer science, information technology or management information systems. They may also have a bachelor’s degree in business administration with an emphasis in accounting or technology.