Information technology auditing is a specialized form of accounting that analyzes an enterprise’s information technology systems to detect mismanagement, fraud or inefficiency. Professionals engaged in IT auditing possess expertise in both accountancy and IT systems, as the operational platforms of almost all enterprises are now run on computational networks. The three primary categories of IT auditing are financial, security and ROI analysis of IT systems.
Due to the considerable value of information on enterprise networks, IT auditors must carefully assess the security of data networks as well as evaluate the data itself. IT auditors examine network equipment, applications, network architecture, and communication systems to ensure that components and networks are appropriate for enterprise objectives, secure, and able to perform under extreme circumstances.
IT auditors utilize an array of software tools, accounting techniques, and investigative methods to identify areas within an organization that are underperforming. The primary role of such audits is to ensure peak operational efficiency, but they may also be utilized to document regulatory compliance. The audits are typically performed at the request of management and according to industry and corporate standards. The results of audits are presented to senior management along with possible optimization remedies.
IT Auditor Job Functions
In order to accurately evaluate the operational efficiency of an organization, an information technology auditor performs many duties including:
- Acquire comprehensive knowledge of enterprise network
- Acquire understanding of company policies, financial strategies and performance standards
- Remain current about network changes and modifications
- Assess network and IT risks
- Liaise with non-IT auditors
- Consult with IT staff
- Design comprehensive or project audit parameters
- Manage IT or auditing projects
- Remain up to date about latest auditing techniques and industry procedures
- Conduct risk assessment studies
- Produce documentation for regulatory agencies
- Report enterprise areas of weakness and operational inefficiency
- Develop remediation strategies for improving performance
This profession is heavily dependent on standardized methods for assessing value and performance. A number of organizations that support the industry have developed certification programs that formally recognize professionals who have achieved proficiency in these industry-wide techniques. The most important of these certifications are
- Information Systems Audit and Control Association offers professionals the Certified Information Systems Auditor (CISA) certification upon successful completion of an exam.
- International Information Systems Security Certification Consortium ((ISC2) offers the Certified Information Systems Security Professional (CISSP) certification upon successful completion of a comprehensive exam. Recertification every three years is required.
Education for Information Technology Auditors
Most IT auditors come from a financial auditing background and therefore possess similar academic credentials. To perform in either field, a bachelor’s or master’s degree in accountancy, business management or finance provides sufficient competencies to enter the profession. Although many employers will accept an IT auditor with only a bachelor’s degree, due to the more extensive responsibilities and technological skills required by this profession, dual or advanced degrees are an advantage.
Prospective information technology auditors are also strongly encouraged to pursue a secondary degree in one of the following
- Computer engineering
- Information science
- Information systems management
- Information technology
Many IT auditors originate from an accounting or IT background and acquire further education and training in order become conversant in both fields.
Salary and Employment Projections for Information Technology Auditors
The Bureau of Labor Statistics published information on salaries for IT auditors under its industry classification for information security analysts. According to the Bureau, some 272,000 IT auditors are gainfully employed in the US, as of its most recent report published in May 2011.
The Bureau’s report revealed that the average salary among IT auditors surveyed was $81,670, while the median figure among all those surveyed was $77,990. Those in the 75th percentile earned an average of $101,570, while the most experienced IT auditors, representing the 90th percentile, earned an average of $124,860 as of the Bureau’s 2011 report.
Those that worked in the financial services industry earned the highest average salary, at $109,480. Just behind them were IT auditors in the processed food manufacturing industry, which earned an average of $103,530. The third highest paying industry for IT auditors was rail transportation, followed by the household appliance manufacturing industry. Rounding out the top five best paying industries for IT auditors were the major manufacturers of semiconductors and microprocessors that comprise the electronic components industry.
Resources for Information Technology Auditors
- International Information Systems Security Certification Consortium (ISC2)
- Information Systems Audit and Control Association (ISACA)
- Association of Information Technology Professionals (AITP)
- International Association of Privacy Professionals (IAPP)