New IT Auditors Should Start Here

new-auditorIf you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.

These posts will:

  1. Provide basic information regarding IT audit and security and links to other sources.
  2. Help you avoid some of the hidden pitfalls that control owners and auditors face.
  3. Give you ideas and approaches for some common and uncommon audits.
  4. Give you a few chuckles.

If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, yoo could bookmark the list and work your way through it as you have time.

 

Even if you only read a couple of them, let me know what you think.

Basics of IT Audit

IIA Basics for Auditors

Audit and IT Audit for Dummies

How to Describe What an IT Auditor Does?

Top 10 Reasons to be an IT Auditor

What Everybody Ought to Know About Auditor Secrets

What IT Auditors Ought to Know – and Don’t!

Things to Consider

Periodic Access Review Problems

Why a Wastebasket Audit?

How Virtualization Changes Audits

Audit Suggestions and How TOs

How to Perform Data Validation

How to Audit User Access

How to Ping a Server

Easiest Way to Steal Confidential Data

Searching for Secrets

How to do an Easy Server Share Audit

Server Audit for the Dauntless

Top 10 Ways to be a Lovable Auditor

Get FREE Audit Work Plans at AuditNet

The other side of the coin

Why Hate Auditors?

More on Hating Auditors

How to Kill an Auditor

Bonus Materials

If you’re still hungry for more, here are a couple series of posts (each link leads to a series of posts on that subject).

Excel: Basic Data Analytics

Certified Informations Systems Auditor (CISA) – How to get pass the exam, free study resources

Certification and Exams

Advertisements

8 Comments

Filed under Audit, Certification, Employment, Excel, Free, How to..., Humor/Irony, Technology

8 responses to “New IT Auditors Should Start Here

  1. Pingback: New IT Auditors Should Start Here – sec.uno

  2. hueyyng27

    Great sources ! Thanks !

    Does someone have to be well versed in programing in order to succeed in IT auditing ?

    Regards,
    Jazz

    Like

    • No, not at all. Most of what I’ve learned has been on the job. It certainly helps to be able to read code and interpret scripts with the automation that most companies are employing.

      But overall, no. When I was a new auditor, I merely had the subject matter expert (SME) walk me through the script at a high level. Then if anything wasn’t clear or seemed strange, I asked a more detailed question.

      Also, with the Internet, basic answers are easy to find. For example, you can copy and paste part of a python or bash script into GOOGLE and get an explanation. Or you could look up the command and the all the switches (options) and piece it together.

      Usually, I look through code or queries, search for information about the parts I don’t understand, and then I can ask the SME more intelligent questions.

      Most IT auditors are not looking at code. Many audit shops don’t even question queries or scripts, but accept them verbatim. That’s a bad idea.

      At one company I was at for a few years, I found errors in at least 30% of the queries or scripts I reviewed.

      My suggestion is to ask lots of questions and document what you’re told. Eventually you’ll pick a couple things up, which makes it easier to GOOGLE for other answers, and the more you do, the more you learn.

      Hope that helps. Mack

      Like

  3. Pingback: CISA vs. CIA Certification | ITauditSecurity

  4. Michael Onuoha

    Love your blog. Would be nice if you could do a blog post on how to break into the industry especially for those of us that are no longer students but have computer science or CIS degrees. Been trying to break in but keep hitting the need 2 years of experience barrier

    Like

    • Michael,
      Glad you like the blog.
      I assume you mean break into IT audit. I’ve given a lot of advice in the Comments of various posts (mostly the CISA posts), but I’ll try to put something together that is more focused.

      Like

      • Michael Onuoha

        Thanks for your response. Yes I meant the IT Audit industry. Would eagerly wait for any future blog posts you have on that. Thanks in advance.

        Like

  5. Pingback: How to get an IT Audit job with little or no experience | ITauditSecurity

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s