A Candidate’s Guide to IT Audit
A career in IT Audit requires candidates to be fluent in an organisation’s accounting and information systems as they assess whether the internal controls in place are robust enough to keep those systems running efficiently and fluidly. The role of the IT Auditor demands a continual evaluation of those unseen infrastructures operating behind the scenes, in addition to the organisation’s policies, software programs and operations. Whether working under the remit of the Big Four, a small firm or large corporation, individuals working in IT audit must commit themselves to extensive regulatory and financial knowledge as well as possessing the softer skills of communication, both written and verbal to interact effectively with individuals and departments at every level of the business.
Looking at a day in the life of an IT Audit professional, it may appear on the surface not too dissimilar from the other factions of the auditing field, with the constant balance of copious emails, paperwork and client and team interactions taking up much of a typical day.
Time spent checking emails can be significant for an IT auditor, with the start of essentially every working day being spent in this manner. Client requests, ongoing projects and prioritising regulatory and client deadlines must all be assessed before the day can commence proper. A lot of time will also be spent chasing client contacts and senior members of your team for important information to complete reports you are working on before you can present your findings to the relevant parties.
An IT audit role with the Big Four will place you in a great position, not only to gain invaluable experience but also excellent exposure to a variety of blue chip clients as well as affording you the opportunity to see the business from various angles. From financial services to manufacturing, the job of a Big Four IT auditor is rarely dull as it encourages collaboration with different clients and companies across their specific industry. IT auditors working in-house for a company can expect a certain degree of travel, though of course with the advent of remote working tools revolutionising the audit function this may be seen less and less in job descriptions, though historically IT auditors could expect travel, both foreign and domestic, to take up around 30% of their working life.
As the pressures of increased regulations, case in point the impending arrival of GDPR in May 2018, and cybersecurity impact the audit function, the criteria for those working in IT audit has shifted. While the need for technical skills remains a high priority for hiring managers and internal recruiters, so too a commercial mindedness and grasp of the business is equally important. Not only does it give IT auditors credibility with their financial colleagues, but it also gives them a more dynamic filter through which to conduct their own investigations and assessments.
As cyber-attacks increase and big data becomes ever more of a talking point within modern business, technology risk is another area that has become increasingly important for those with careers in IT audit to tap into. Solid knowledge and experience in this area, and certainly the acquisition of certifications such as CISA, CSX and CISSP will enable an IT auditor to leverage their position within an organisation. Big Four experience, particularly upwards of 5 years is hugely beneficial to furnishing IT audit professionals with the insights and practical experience they need to progress in their career.
With a number of routes into IT Audit, this is a job that would typically suit professionals coming from cyber security roles or those working in data centres, as well as system or network engineers and even accountants with an interest in and some knowledge of IT, planning a move from accountancy to systems and then into IT Audit.