New IT Auditors Should Start Here

new-auditorIf you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.

These posts will:

  1. Provide basic information regarding IT audit and security and links to other sources.
  2. Help you avoid some of the hidden pitfalls that control owners and auditors face.
  3. Give you ideas and approaches for some common and uncommon audits.
  4. Give you a few chuckles.

If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.


Even if you only read a couple of them, let me know what you think.

Getting Started

How to get an IT Audit job with little or no experience

Basics of IT Audit

IIA Basics for Auditors

Audit and IT Audit for Dummies

How to Describe What an IT Auditor Does?

Top 10 Reasons to be an IT Auditor

What Everybody Ought to Know About Auditor Secrets

What IT Auditors Ought to Know – and Don’t!

Things to Consider

Periodic Access Review Problems

Why a Wastebasket Audit?

How Virtualization Changes Audits

Audit Suggestions and How TOs

How to Perform Population Validation

How to Audit User Access

How to Ping a Server

Easiest Way to Steal Confidential Data

Searching for Secrets

How to do an Easy Server Share Audit

Server Audit for the Dauntless

Top 10 Ways to be a Lovable Auditor

Get FREE Audit Work Plans at AuditNet

The other side of the coin

Why Hate Auditors?

More on Hating Auditors

How to Kill an Auditor

Bonus Materials

If you’re still hungry for more, here are a couple series of posts (each link leads to a series of posts on that subject).

Excel: Basic Data Analytics

Certified Informations Systems Auditor (CISA) – How to get pass the exam, free study resources

Certification and Exams



Filed under Audit, Certification, Employment, Excel, Free, How to..., Humor/Irony, Technology

15 responses to “New IT Auditors Should Start Here

  1. Pingback: New IT Auditors Should Start Here –

  2. hueyyng27

    Great sources ! Thanks !

    Does someone have to be well versed in programing in order to succeed in IT auditing ?



    • No, not at all. Most of what I’ve learned has been on the job. It certainly helps to be able to read code and interpret scripts with the automation that most companies are employing.

      But overall, no. When I was a new auditor, I merely had the subject matter expert (SME) walk me through the script at a high level. Then if anything wasn’t clear or seemed strange, I asked a more detailed question.

      Also, with the Internet, basic answers are easy to find. For example, you can copy and paste part of a python or bash script into GOOGLE and get an explanation. Or you could look up the command and the all the switches (options) and piece it together.

      Usually, I look through code or queries, search for information about the parts I don’t understand, and then I can ask the SME more intelligent questions.

      Most IT auditors are not looking at code. Many audit shops don’t even question queries or scripts, but accept them verbatim. That’s a bad idea.

      At one company I was at for a few years, I found errors in at least 30% of the queries or scripts I reviewed.

      My suggestion is to ask lots of questions and document what you’re told. Eventually you’ll pick a couple things up, which makes it easier to GOOGLE for other answers, and the more you do, the more you learn.

      Hope that helps. Mack


  3. Pingback: CISA vs. CIA Certification | ITauditSecurity

  4. Michael Onuoha

    Love your blog. Would be nice if you could do a blog post on how to break into the industry especially for those of us that are no longer students but have computer science or CIS degrees. Been trying to break in but keep hitting the need 2 years of experience barrier


  5. Pingback: How to get an IT Audit job with little or no experience | ITauditSecurity

  6. Pingback: Use LinkedIn to get an IT Audit job | ITauditSecurity

  7. Pingback: New IT Auditor (and WannaBEs) Master List | ITauditSecurity

  8. Valantine Nyenty

    I found your blog a few months ago when I was preparing for the CISA certification.
    I am looking for a Job as an IT Auditor preferably or in IT Security and controls Advisory including IT Risk assessment and controls mitigation.

    I am posting this message because I need some help or connections if possible to attain my career objectives.
    I am in Cameroon, somewhere in Central Africa and Security controls and IT Audit is not yet embraced by many companies and just a limited number of Multinationals may have Information security or internal Audit departments.

    I have worked for an ExxonMobil Affiliate in Cameroon where I had some skills in Security, Controls and IT Internal audit. A few years ago I took some time off for private reasons and later had some projects to integrate in the Middle East but things did not work out as planned due to the fallen prices in the world market for Oil and Gas.
    I decided to validate some of these competencies by acquiring some certifications. I must say that I had been Cisco CCNA and CCNP routing and switching certified way back in 2001 and 2003 and even passed the CCIE written exam in 2004 but I stop these certifications. I had to redo the CCNA routing and Switching and then Obtained Cisco CCNA SECURITY. I also obtained as a result CNSS Information Systems Security (INFOSEC) professional recognition. I have just received my CISA certificate.
    There are not many or good opportunities here. I tried the Big four as I read through the blog articles (KPMG, E&Y, Deloitte, and PWC). Some are not doing IT Audits and others don’t seem to have the need or respond.

    I just thought I should through out my issue here and see what advise you may have for international offers or possibilities.
    I am willing to provide any complementary information.



    • Valantine,
      Unfortunately, I don’t know how to help you. You seem to be on the right track in the things you’ve tried so far.

      The only thing I can think of is to work your LinkedIn groups. Ask others in your group for help. You might want to join some groups directly related to IT audit.

      Also, get some recommendations on LinkedIn if you can.

      Anyone else out there have any ideas?


  9. justibj

    How to succeed at being an IT auditor.

    1. STOP harassing technical people. PLEASE ! The number of completely idiotic audit requests I have seen in my lifetime as a senior systems engineer is amazing. Stop it with the stupid requests for useless information, or at least do it yourself and stop bothering people who are trying to accomplish real work. See #2 below.

    2. Show up at the jobsite ready to roll. I do not want you bugging me with 400 different report requests. If you are auditing the mainframe, then you should have a job set up, already coded and tested, with every report you possibly need. The ONLY questions you should have for me are:
    a. What is the ROAUDIT userid and password. ?
    b. What is the ftp address to ftp your already tested jcl to?
    c. Are there are any special job requirements to be aware of. ?
    d. Are there any naming conventions to be aware of ?.
    e. How to access the mainframe tso session.

    3. After you are done with your audit, then instead of just blindsiding me with completely idiotic dates to remedy something, come talk to me so we can work out a mutually agreeable date. When you think a so-called “security” issue is going to be fixed in production in a couple weeks, that just shows me how clueless you are about large parallel sysplex environments. Not to mention trying to beg 34 clueless approvers who are (for some inexplicable reason) involved in the change management process, to approve the change, ……that approval process alone will take four weeks.


Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.