Top 10 Reasons to be an IT Auditor

Here’s my list of the top 10 reasons to be an IT auditor:

10. You have access to all systems, data, and people (with a business reason, of course). Employees rarely ignore you.

9. You can uncover fraud, mischief, ignorance, and just plain laziness. Either way, you “add value to the business” (yeah, I hate that term too, but it is what audit is about, and so appropriate).

8. You can work hand-in-hand with security to raise risk awareness.

7. You get a broad overview of all company operations and get to know people in all departments. That helps you know whether you want to stay with that company or whether to leave it before it implodes. If you choose to stay, all those contacts will be valuable in advancing into other areas of the company.

6. Sometimes your work enables IT to get the funding that it needs, which it hasn’t been able to get on its own.

5. You get to do some cool data analytics to discover misconfigurations, anomalies, trends, and more.

4. You can cross pollinate ideas from one area of the company to another (or one division to another).

3. You are able to constantly learn about technology without having to implement and support it. And when you identify problems, you get to provide guidance on how to fix them, but you don’t have to fix them.

2. You work with technology all day, but when you go home, your work doesn’t follow you. No phone calls at 2 a.m. for support.

1. It usually pays better than financial auditing!

I admit that most of these apply to financial or operations auditors also. But I think the last 3 reasons really make IT audit stand out.

What are your reasons? Or why are you glad that you’re NOT an IT auditor or any kind of auditor?

See also:

Top 10 Bad Jobs

Top 10 IT Jobs

Top 10 Ways to be a Lovable Auditor

15 Comments

Filed under Audit, Humor/Irony, Technology, Top 10

15 responses to “Top 10 Reasons to be an IT Auditor

  1. I was an IT auditor 1 year and 3 months, and during that time I got some really good exposure to different business areas within a financial institution, thus I would support no. 7 on the list as my prime reason for being an IT auditor.

    The drawback of being auditor is that you have a very little room to make a mistake, one has to be right on the dot with analysis, issues and recommendations. Because people are more than ready to point a finger at audit for being unaware of product functionalities, day to day operations and etc. The credibility is at stake for an auditor more than it is for any other role in a organizations.

    Just a personal opinion.

    Like

    • #7? Interesting. I can understand that, but it surprises me. #6 on down are my big drivers. But I am glad you highlight that aspect for our readers.

      I hear you on the drawback. It’s tough when you audit a new area – you have little time to learn all you can about it, and meanwhile, you get to convince the experts in that area that they need to start doing X and improve how they are doing Y and Z.

      New areas or not, you’re right, you can’t make too many mistakes. I’ve found that when you do, admitting it and doing what you can to make it right can smooth things over. It also helps to be right on a few big things occasionally. The key to both is to do your homework, audit carefully, and recheck everything, especially findings, before you bark. And never surprise auditees. It’s a tough job, especially when your manager has a tight grip on the hours you charge each audit.

      Like

      • I know a CIA who used to say “in an audit you don’t make any mistakes, if you do then stick to it and do everything and anything to stand by it fight it”. Now this is more or less from a political point of view.

        Like

        • I can’t see any reason to do that other than to save face or your job. Everyone makes mistakes, and if you admit it, fix it, and apologize, everyone should be able to move on, provided you don’t make repeated mistakes. To fight for a falsehood, misunderstanding, or outright error is flat wrong and a violation of ethics of any reputable certification, including CIA or CISA.

          I made a serious mistake in my career years back, and while it wasn’t easy to own up to, I’m still glad I did it, in spite of the serious consequences. It’s behind me now, and I never have to worry about being “found out”. I also learned a lot from that mistake.

          Covering up mistakes is not only unethical, but immoral. I’d rather see my maker with a clear conscience.

          Like

        • I think his message was more less that don’t make mistakes, period.

          Like I said it was more or less from a political point of view, since it was a heavily political environment. People were ready to point fingers at audit in no time, and one reason for this could be that audit was doing an excellent job bringing very valuable issues to the table.

          Like

  2. Pingback: Audit fees bouncing back in the USA. Will Europe follow? « Quoracy.com

  3. Audit Monkey

    Regarding point 10. As you rightly note, you will not get carte blanche access to all systems. For the FTSE firms I’ve worked for, there’s often some very price sensitive information kicking about on the network or some system. Even for your pretty eyes, you won’t get near it without a damn good reason.

    Like

  4. Interesting and fair list. I sent a link to your post to our IT audit team. Asked them to see how this list aligns with what they like about IT audit – and if the list matches how we describe the merits of the function to the new staff and interns we routinely recruit.

    Like

  5. geebie

    I work for an audit firm so #2 it isn’t true all the time. My main reason is #1 though I am still waiting for the payoff. For an audit firm IT audit work is not as intensive as financial audit.

    Like

    • Geebie,
      I’d be interested in what kind of #2 you get. Care to share?
      By audit firm, you mean you audit other companies; you’re not an internal auditor for 1 company?
      If so, #1 will come when you go to internal audit.
      How many years have you been doing IT audit?

      Thanks for your input.

      Like

  6. Pingback: 2014 Top Paying Certs (United States) | ITauditSecurity

  7. Pingback: Some of my Favorites | ITauditSecurity

  8. Arnold Tan

    I am a financial auditor for sometime before who went into IT audit. Currently, I am lacking in IT skills. Had a tough time gaining knowledge about IT. The reason i joined is the working hours as compared to the financial auditors. I am having a tough time understanding IT stuffs like High Availability and how SAP/ERP system works. I am considered IT savvy among my peers, but when comes to system I am basically an idiot. Any Idea how do i improve? My boss ain’t going to give much time for me to learn. He has already threaten to fire me. Anyone who switches from financial audit to IT audit too?

    I am so depressed.

    Like

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s